Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Ei. Olé mais uma vez.
O problema dessa vez é o seguinte: a lentidão.
Simplesmente, a velocidade caiu hmm.. pela metade quase. E assim, ao abrir o gerenciador de tarefas, percebi a presença de alguns processos que antes não haviam lá. Culpo a lentidão talvez pelo excesso de programas pesados, mas não sei, prefiro confirmar aqui.
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:22, on 9/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\csrcs.exe
D:\ARQUIV~1\AVG\AVG8\avgtray.exe
D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\svchost.exe
D:\ARQUIV~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
D:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
D:\Arquivos de programas\AVG\AVG8\avgscanx.exe
D:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe
D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Gabriela\Desktop\Programas AM\HiJackThis.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\net.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [startCCC] "D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] D:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o FDM - file://D:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7037 bytes
Agradeço desde já, queridos :*
Aqui estãos os logs:
SDFix
SDFix: Version 1.240
Run by Gabriela on --- 10/07/2009 at 18:54
Microsoft Windows XP [versÆo 5.1.2600]
Running From: D:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
D:\WINDOWS\system32\csrcs.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 18:59:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfktlge]
"DisplayName"="Image Config"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Fornece configuração automática para os adaptadores 802.11"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gfktlge\Parameters]
"ServiceDll"=str(2):"D:\WINDOWS\system32\zaajaomz.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Arquivos de programas\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:be,46,0f,2f,2b,cc,fb,ab,5b,66,a1,d8,00,2c,c3,42,9f,f9,57,db,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2f,4c,80,2c,95,15,24,2d,0b,0e,c0,8a,d1,5c,12,0a,b1,..
"khjeh"=hex:69,aa,84,f8,6d,7b,dc,46,0d,e4,40,38,fd,cd,a2,92,58,a2,0f,48,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,28,8d,fd,a6,5e,08,c9,91,08,c7,ab,7d,b6,67,70,35,99,87,f7,b7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gfktlge]
"DisplayName"="Image Config"
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Description"="Fornece configuração automática para os adaptadores 802.11"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gfktlge\Parameters]
"ServiceDll"=str(2):"D:\WINDOWS\system32\zaajaomz.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Arquivos de programas\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:be,46,0f,2f,2b,cc,fb,ab,5b,66,a1,d8,00,2c,c3,42,9f,f9,57,db,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2f,4c,80,2c,95,15,24,2d,0b,0e,c0,8a,d1,5c,12,0a,b1,..
"khjeh"=hex:69,aa,84,f8,6d,7b,dc,46,0d,e4,40,38,fd,cd,a2,92,58,a2,0f,48,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,28,8d,fd,a6,5e,08,c9,91,08,c7,ab,7d,b6,67,70,35,99,87,f7,b7,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Arquivos de programas\\Messenger\\msmsgs.exe"="D:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"D:\\Arquivos de programas\\DreMule\\emule.exe"="D:\\Arquivos de programas\\DreMule\\emule.exe:*:Enabled:Dreamule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"="D:\\Arquivos de programas\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Arquivos de programas\\Free Download Manager\\fdm.exe"="D:\\Arquivos de programas\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="D:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"D:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"="D:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"D:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe"="D:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe:*:Enabled:MySims"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="D:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
File Backups: - D:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 3 Aug 2004 93,184 A.SH. --- "D:\Arquivos de programas\Internet Explorer\iexplore.exe"
Tue 3 Aug 2004 60,416 A.SH. --- "D:\Arquivos de programas\Outlook Express\msimn.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "D:\Arquivos de programas\Spybot - Search & Destroy\Tools.dll"
Tue 14 Oct 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 28 Feb 2009 208,480 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\cake-mania-2_s1_l1_gF2152T1L1_d451886931.exe"
Sun 1 Mar 2009 208,480 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\cake-mania-3_s1_l1_gF2662T1L1_d453365262.exe"
Thu 18 Dec 2008 20,403,816 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\FSS_PH60.exe"
Fri 30 Jan 2009 17,904,352 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\InstallBellesBeautyBoutique.exe"
Tue 9 Dec 2008 15,689,006 A..H. --- "D:\Documents and Settings\Gabriela\Desktop\Free Download Manager\klcodec434f.exe"
Tue 10 Jun 2008 1,179,648 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\101MSDCF\SIV2EA.tmp"
Tue 10 Jun 2008 1,560,576 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\101MSDCF\SIV2EB.tmp"
Tue 10 Jun 2008 1,179,648 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\DCIM\101MSDCF\SIV2EA.tmp"
Tue 10 Jun 2008 1,560,576 A.SH. --- "D:\Documents and Settings\Gabriela\Meus documentos\DCIM\101MSDCF\SIV2EB.tmp"
Finished!
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:11, on 10/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\ARQUIV~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\ARQUIV~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Documents and Settings\Gabriela\Desktop\Programas AM\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [startCCC] "D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o FDM - file://D:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6491 bytes
ComboFix
ComboFix 09-07-09.08 - Gabriela 10/07/2009 19:12.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1550 [GMT -3:00]
Executando de: d:\documents and settings\Gabriela\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\145c410.msi
c:\windows\Installer\16b82.msi
c:\windows\Installer\1ede7.msi
c:\windows\Installer\20f26e.msi
c:\windows\Installer\20f274.msi
c:\windows\Installer\20f27b.msi
c:\windows\Installer\20f281.msi
c:\windows\Installer\20f287.msi
c:\windows\Installer\20f290.msi
c:\windows\Installer\20f296.msi
c:\windows\Installer\20f2a0.msi
c:\windows\Installer\20f2a3.msi
c:\windows\Installer\20f2a9.msi
c:\windows\Installer\20f2b0.msi
c:\windows\Installer\20f2b7.msi
c:\windows\Installer\20f2be.msi
c:\windows\Installer\20f2c4.msi
c:\windows\Installer\20f2d2.msi
c:\windows\Installer\20f2d9.msi
c:\windows\Installer\20f2e0.msi
c:\windows\Installer\20f2e7.msi
c:\windows\Installer\20f2ed.msi
c:\windows\Installer\20f2f3.msi
c:\windows\Installer\20f2fd.msi
c:\windows\Installer\20f303.msi
c:\windows\Installer\20f309.msi
c:\windows\Installer\20f30f.msi
c:\windows\Installer\20f319.msi
c:\windows\Installer\20f31f.msi
c:\windows\Installer\20f329.msi
c:\windows\Installer\20f330.msi
c:\windows\Installer\238e9.msi
c:\windows\Installer\251ee3.msi
c:\windows\Installer\27f5c.msi
c:\windows\Installer\27f70a.msi
c:\windows\Installer\2809c.msi
c:\windows\Installer\3bd43d.msi
c:\windows\Installer\3bd443.msi
c:\windows\Installer\3bd449.msi
c:\windows\Installer\3bd44f.msi
c:\windows\Installer\3bd455.msi
c:\windows\Installer\3bd45b.msi
c:\windows\Installer\3bd461.msi
c:\windows\Installer\3bd467.msi
c:\windows\Installer\3bd46d.msi
c:\windows\Installer\3bd473.msi
c:\windows\Installer\3bd479.msi
c:\windows\Installer\469563.msi
c:\windows\Installer\4e9ce5.msi
c:\windows\Installer\4f0a7b.msi
c:\windows\Installer\c5b8b.msi
c:\windows\Installer\c808.msi
c:\windows\Installer\c80f.msi
c:\windows\Installer\c815.msi
c:\windows\Installer\d6b17.msi
c:\windows\Installer\e4d2f2.msi
d:\documents and settings\Gabriela\Meus documentos\101MSDCF\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\DCIM\101MSDCF\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\DCIM\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\Bigfish Games - Fashion Solitaire + Adnan_Boy 2008!!!\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\Bigfish Games - Fashion Solitaire + Adnan_Boy 2008!!!\Pics\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\Dinner Dash 1 & 2 Game Pack (DIRECT PLAY) [blaze69]\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\Dinner Dash 1 & 2 Game Pack (DIRECT PLAY) [blaze69]\Game Pack\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\LEGO.Batman-ViTALiTY\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Downloads\The Sims 1 + All Extensions\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\Inbox\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\Outbox\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\Buildings\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\CharacterDefs\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\ConstructedObjectDefs\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData1\LocationInteriorDefs\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\Buildings\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\CharacterDefs\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\ConstructedObjectDefs\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\LocationInteriorDefs\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\LocationInteriorDefs\Online\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\MySims\SaveData2\Online\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Custom Music\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Downloads\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Exports\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\InstalledWorlds\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Library\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Recorded Videos\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Saves\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Screenshots\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Electronic Arts\The Sims 3\Thumbnails\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\LDW\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\LDW\Virtual Families\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\LDW\Virtual Villagers - The Lost Children\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\LDW\Virtual Villagers - The Secret City\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Meus arquivos recebidos\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Meus vídeos\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Meus vídeos\Skins\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\17-6-2009\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\23-6-2009\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\4-6-2009\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\5-6-2009\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\Cristiane\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas imagens\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Minhas músicas\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\My Google Gadgets\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Picture Motion Browser\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Shockwave\Desktop_.ini
d:\documents and settings\Gabriela\Meus documentos\Shockwave\Virtual Villagers - The Lost Children\Desktop_.ini
.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))
.
2009-07-10 21:47 . 2009-07-10 22:01 -------- d-----w- D:\SDFix
2009-06-27 17:07 . 2009-06-27 17:07 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-06-27 17:04 . 2009-06-27 17:04 -------- d-----w- d:\windows\Logs
2009-06-23 00:01 . 2009-06-23 00:06 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Electronic Arts
2009-06-23 00:01 . 2009-06-23 00:01 -------- d-----w- D:\ProgramData
2009-06-22 23:54 . 2009-06-22 23:54 10134 ----a-r- d:\documents and settings\Gabriela\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-22 23:54 . 2009-06-22 23:54 -------- d-----w- d:\arquivos de programas\Microsoft WSE
2009-06-22 23:46 . 2009-06-27 17:00 -------- d-----w- d:\arquivos de programas\Electronic Arts
2009-06-21 22:53 . 2009-06-24 19:55 -------- d-----w- d:\arquivos de programas\SpywareBlaster
2009-06-21 22:50 . 2009-06-21 22:52 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security
2009-06-16 23:22 . 2009-06-16 23:22 -------- d-----w- d:\windows\ERUNT
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 15:45 . 2008-11-27 22:08 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\Free Download Manager
2009-07-06 20:16 . 2008-10-13 19:34 -------- d---a-w- d:\documents and settings\All Users\Dados de aplicativos\TEMP
2009-07-06 20:00 . 2008-10-06 19:20 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\PlayFirst
2009-07-06 20:00 . 2008-10-06 19:20 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\PlayFirst
2009-07-06 19:54 . 2008-10-22 23:43 -------- d-----w- d:\arquivos de programas\Shockwave.com
2009-06-29 16:39 . 2009-06-03 17:57 11952 ----a-w- d:\windows\system32\avgrsstx.dll
2009-06-29 16:39 . 2009-06-03 17:02 327688 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2009-06-29 16:39 . 2009-06-03 17:02 27784 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2009-06-27 17:00 . 2008-09-25 22:51 -------- d--h--w- d:\arquivos de programas\InstallShield Installation Information
2009-06-16 22:48 . 2001-10-28 18:07 68408 ----a-w- d:\windows\system32\perfc016.dat
2009-06-16 22:48 . 2001-10-28 18:07 428340 ----a-w- d:\windows\system32\perfh016.dat
2009-06-11 20:29 . 2008-10-06 19:20 -------- d-----w- d:\arquivos de programas\Zylom Games
2009-06-11 16:25 . 2008-11-02 19:13 -------- d-----w- d:\arquivos de programas\Alawar
2009-06-07 22:27 . 2008-10-26 17:49 -------- d-----w- d:\arquivos de programas\Realtek
2009-06-04 22:28 . 2009-06-06 22:35 205326 ----a-w- d:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat
2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\Malwarebytes
2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-19 23:12 . 2008-10-14 21:54 -------- d-----w- d:\arquivos de programas\Windows Media Connect 2
2009-05-12 19:26 . 2009-05-12 19:23 -------- d-----w- d:\arquivos de programas\Microsoft
2009-05-12 19:26 . 2009-05-12 19:26 -------- d-----w- d:\arquivos de programas\Microsoft Office Outlook Connector
2009-05-12 19:26 . 2008-10-02 22:31 -------- d-----w- d:\arquivos de programas\Windows Live
2009-05-12 19:26 . 2009-05-12 19:26 -------- d-----w- d:\arquivos de programas\Microsoft Sync Framework
2009-05-12 19:25 . 2009-05-12 19:25 -------- d-----w- d:\arquivos de programas\Microsoft SQL Server Compact Edition
2009-05-12 19:23 . 2009-05-12 19:23 -------- d-----w- d:\arquivos de programas\Windows Live SkyDrive
2009-05-12 18:48 . 2009-05-12 18:48 -------- d-----w- d:\arquivos de programas\Arquivos comuns\Windows Live
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="d:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-07-21 16261632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 16:39 11952 ----a-w- d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]
@="Service"
[HKLM\~\startupfolder\D:^Documents and Settings^Gabriela^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]
backup=d:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup
[HKLM\~\startupfolder\DreaMule.lnk]
path=DreaMule.lnk
backup=d:\windows\pss\DreaMule.lnkCommon Startup
[HKLM\~\startupfolder\Fashion Solitaire.lnk]
path=Fashion Solitaire.lnk
backup=d:\windows\pss\Fashion Solitaire.lnkCommon Startup
[HKLM\~\startupfolder\Free Download Manager.lnk]
path=Free Download Manager.lnk
backup=d:\windows\pss\Free Download Manager.lnkCommon Startup
[HKLM\~\startupfolder\Incoming.lnk]
path=Incoming.lnk
backup=d:\windows\pss\Incoming.lnkCommon Startup
[HKLM\~\startupfolder\Internet Explorer.lnk]
path=Internet Explorer.lnk
backup=d:\windows\pss\Internet Explorer.lnkCommon Startup
[HKLM\~\startupfolder\Meus documentos.lnk]
path=Meus documentos.lnk
backup=d:\windows\pss\Meus documentos.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Arquivos de programas\\DreMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"d:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=
"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
"d:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [3/6/2009 14:02 327688]
R2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [3/6/2009 14:02 298776]
S2 gfktlge;Image Config;d:\windows\system32\svchost.exe -k netsvcs [3/8/2004 23:45 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [3/6/2009 21:46 40160]
S4 WM System Decode Application;WM System Decode Application; [x]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
gfktlge
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: Baixar com o FDM - file://d:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o FDM - file://d:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selecionado pelo FDM - file://d:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Gabriela\Dados de aplicativos\Mozilla\Firefox\Profiles\46l4r82v.default\
FF - component: d:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
.------- Associação de arquivos/ficheiros -------
.
inffile=Notepad.exe "%1"
inifile=Notepad.exe "%1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 19:15
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gfktlge]
"ServiceDll"="d:\windows\system32\zaajaomz.dll"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
d:\windows\system32\Ati2evxx.dll
.
Tempo para conclusão: 2009-07-10 19:16
ComboFix-quarantined-files.txt 2009-07-10 22:16
Pré-execução: 10 pasta(s) 160.465.203.200 bytes disponíveis
Pós execução: 10 pasta(s) 160.401.756.160 bytes disponíveis
285 --- E O F --- 2008-10-06 22:33
------------------------
Bom, o ComboFix teve de passar por uma atualização crítica, segundo foi dito, e assim, pra que de fato, serve o console de recuperação [dã, pra recuperar]. Mas,que vantagens futuras posso vir a ter, se não tiver nenhum efeito significativo, gostaria de desinstala-lo.
Grata :*
Bom, o ComboFix teve de passar por uma atualização crítica, segundo foi dito, e assim, pra que de fato, serve o console de recuperação [dã, pra recuperar]. Mas,que vantagens futuras posso vir a ter, se não tiver nenhum efeito significativo, gostaria de desinstala-lo.
Grata :*
Suponhamos que por algum motivo, ocorra algum problema que impossibilite seu computador de inicializar. Se o Console de Recuperação estiver instalado, você poderá verificar qual é o problema que está acontecendo e solucioná-lo. É mais recomendado para usuários avançados, no entanto, a opção de mantê-lo ou não instalado é sua. Mais informações sobre o Console abaixo:
http://support.microsoft.com/kb/307654/pt-br
Na página acima há também instruções de como desinstalá-lo, caso opte por isso. Porém, peço que, caso queira desinstalar, faça-o após terminarmos todos os procedimentos com o ComboFix.
Após usarmos o ComboFix, se precisar de ajuda para desinstalar o Console é só dizer!
Selecione e copie o texto abaixo (começando de Folder). Cole o texto copiado no Bloco de Notas e salve no desktop como CFScript.txt
Folder::D:\SDFix
File::
d:\windows\system32\zaajaomz.dll
Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WM System Decode Application]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gfktlge]
Driver::
gfktlge
WM System Decode Application
NetSvc::
gfktlge
Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:
/applications/core/interface/imageproxy/imageproxy.php?img=http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif&key=aa06bb7a384f8fa15f7e1a4f58abd652eaebf82f4abc577ab5cdd4b0f21e4492" alt="CFScript.gif" />
● Se for solicitado à você, pressione **Enter** para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\**ComboFix.txt**;● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.
Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.
P.S.: Qualquer dúvida quanto ao procedimento, pode perguntar.
ComboFix:
ComboFix 09-07-09.08 - Gabriela 11/07/2009 16:24.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2047.1510 [GMT -3:00]
Executando de: d:\documents and settings\Gabriela\Desktop\ComboFix.exe
Comandos utilizados :: d:\documents and settings\Gabriela\Desktop\CFScript.txt
AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"d:\windows\system32\zaajaomz.dll"
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\SDFix
d:\sdfix\Add_DBFix_RunOnce_key.inf
d:\sdfix\apps\assosfix.reg
d:\sdfix\apps\Cghtme.exe
d:\sdfix\apps\cliptext.exe
d:\sdfix\apps\DBFix.inf
d:\sdfix\apps\download.exe
d:\sdfix\apps\dummy.sys
d:\sdfix\apps\Enable_Command_Prompt.inf
d:\sdfix\apps\Enable_Command_Prompt.reg
d:\sdfix\apps\ERDNT.E_E
d:\sdfix\apps\ERDNTDOS.LOC
d:\sdfix\apps\ERDNTWIN.LOC
d:\sdfix\apps\ERUNT.EXE
d:\sdfix\apps\ERUNT.LOC
d:\sdfix\apps\fix.reg
d:\sdfix\apps\FixBeep.reg
d:\sdfix\apps\FixBH.reg
d:\sdfix\apps\FixComponents.reg
d:\sdfix\apps\FIXCU.reg
d:\sdfix\apps\FIXLM.reg
d:\sdfix\apps\FixPath.exe
d:\sdfix\apps\FixRedir.reg
d:\sdfix\apps\FixSchedule.reg
d:\sdfix\apps\FixWebCheck.reg
d:\sdfix\apps\fixXP.reg
d:\sdfix\apps\FixXPsp2.reg
d:\sdfix\apps\grep.exe
d:\sdfix\apps\HaxdFix.reg
d:\sdfix\apps\HPFix.reg
d:\sdfix\apps\HPFix2.reg
d:\sdfix\apps\HPFix3.reg
d:\sdfix\apps\HPFix4.reg
d:\sdfix\apps\HPFix5.reg
d:\sdfix\apps\HPFix6.reg
d:\sdfix\apps\HPFix7.reg
d:\sdfix\apps\HPFix8.reg
d:\sdfix\apps\HPFix9.reg
d:\sdfix\apps\Installed.txt
d:\sdfix\apps\isadmin.exe
d:\sdfix\apps\leg2.txt
d:\sdfix\apps\legacy.txt
d:\sdfix\apps\legacybk.txt
d:\sdfix\apps\locate.com
d:\sdfix\apps\LS.exe
d:\sdfix\apps\MD5File.exe
d:\sdfix\apps\moveex.exe
d:\sdfix\apps\MyGcpvFix.reg
d:\sdfix\apps\MyGkFix2.reg
d:\sdfix\apps\Process.exe
d:\sdfix\apps\procs.exe
d:\sdfix\apps\psservice.exe
d:\sdfix\apps\Rem.txt
d:\sdfix\apps\Rem2.txt
d:\sdfix\apps\Replace\regedit.exe
d:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
d:\sdfix\apps\Replace\w2k\beep.sys
d:\sdfix\apps\Replace\w2k\command.com
d:\sdfix\apps\Replace\w2k\command.PIF
d:\sdfix\apps\Replace\w2k\CONFIG.NT
d:\sdfix\apps\Replace\w2k\null.sys
d:\sdfix\apps\Replace\xp\AUTOEXEC.NT
d:\sdfix\apps\Replace\xp\beep.sys
d:\sdfix\apps\Replace\xp\command.com
d:\sdfix\apps\Replace\xp\command.PIF
d:\sdfix\apps\Replace\xp\CONFIG.NT
d:\sdfix\apps\Replace\xp\null.sys
d:\sdfix\apps\Reset_AppInit_DLLs.reg
d:\sdfix\apps\RestartIt!.exe
d:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
d:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
d:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
d:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
d:\sdfix\apps\Restore_SecurityCenter.reg
d:\sdfix\apps\Restore_SharedAccess.reg
d:\sdfix\apps\sc.exe
d:\sdfix\apps\sed.exe
d:\sdfix\apps\SF.exe
d:\sdfix\apps\shutdown.exe
d:\sdfix\apps\srv2.txt
d:\sdfix\apps\srv2bk.txt
d:\sdfix\apps\svc.txt
d:\sdfix\apps\svcbk.txt
d:\sdfix\apps\Swreg.exe
d:\sdfix\apps\swsc.exe
d:\sdfix\apps\UnRAR.exe
d:\sdfix\apps\unzip.exe
d:\sdfix\apps\vfind.exe
d:\sdfix\apps\WINMSG.EXE
d:\sdfix\apps\winsec.reg
d:\sdfix\apps\zip.exe
d:\sdfix\backups\backupreg.zip
d:\sdfix\backups\backups.zip
d:\sdfix\backups\catchme.log
d:\sdfix\backups\HOSTS
d:\sdfix\catchme.exe
d:\sdfix\DBFix.bat
d:\sdfix\dummy.sys
d:\sdfix\Report.txt
d:\sdfix\RunThis.bat
d:\sdfix\SDFIX_ReadMe_Online.url
d:\sdfix\W2K_VirusAlert_Repair.inf
d:\sdfix\XP_VirusAlert_Repair.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GFKTLGE
-------\Legacy_WM_SYSTEM_DECODE_APPLICATION
-------\Service_gfktlge
-------\Service_WM System Decode Application
(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-11 to 2009-07-11 ))))))))))))))))))))))))))))
.
2009-06-27 17:07 . 2009-06-27 17:07 107888 ----a-w- d:\windows\system32\CmdLineExt.dll
2009-06-27 17:04 . 2009-06-27 17:04 -------- d-----w- d:\windows\Logs
2009-06-23 00:01 . 2009-06-23 00:06 -------- d-----w- d:\documents and settings\All Users\Dados de aplicativos\Electronic Arts
2009-06-23 00:01 . 2009-06-23 00:01 -------- d-----w- D:\ProgramData
2009-06-22 23:54 . 2009-06-22 23:54 10134 ----a-r- d:\documents and settings\Gabriela\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-22 23:54 . 2009-06-22 23:54 -------- d-----w- d:\arquivos de programas\Microsoft WSE
2009-06-22 23:46 . 2009-06-27 17:00 -------- d-----w- d:\arquivos de programas\Electronic Arts
2009-06-21 22:53 . 2009-06-24 19:55 -------- d-----w- d:\arquivos de programas\SpywareBlaster
2009-06-21 22:50 . 2009-06-21 22:52 -------- d-----w- d:\arquivos de programas\Marcos Velasco Security
2009-06-16 23:22 . 2009-06-16 23:22 -------- d-----w- d:\windows\ERUNT
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 16:34 . 2009-07-11 19:16 1085208 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.exe
2009-06-29 16:34 . 2009-07-11 19:16 1454360 ----a-w- d:\documents and settings\All Users\Dados de aplicativos\avg8\update\backup\avgupd.dll2009-06-27 17:00 . 2008-09-25 22:51 -------- d--h--w- d:\arquivos de programas\InstallShield Installation Information
2009-06-16 22:48 . 2001-10-28 18:07 68408 ----a-w- d:\windows\system32\perfc016.dat
2009-06-16 22:48 . 2001-10-28 18:07 428340 ----a-w- d:\windows\system32\perfh016.dat
2009-06-11 20:29 . 2008-10-06 19:20 -------- d-----w- d:\arquivos de programas\Zylom Games
2009-06-11 16:25 . 2008-11-02 19:13 -------- d-----w- d:\arquivos de programas\Alawar
2009-06-07 22:27 . 2008-10-26 17:49 -------- d-----w- d:\arquivos de programas\Realtek
2009-06-04 22:28 . 2009-06-06 22:35 205326 ----a-w- d:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat
2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\documents and settings\Gabriela\Dados de aplicativos\Malwarebytes
2009-06-04 00:46 . 2009-06-04 00:46 -------- d-----w- d:\arquivos de programas\Malwarebytes' Anti-Malware
2009-05-19 23:12 . 2008-10-14 21:54 -------- d-----w- d:\arquivos de programas\Windows Media Connect 2
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="d:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2006-07-21 16261632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 16:39 11952 ----a-w- d:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\D:^Documents and Settings^Gabriela^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk]
backup=d:\windows\pss\Ferramenta de Verificação de Mídia do Picture Motion Browser.lnkStartup
[HKLM\~\startupfolder\DreaMule.lnk]
path=DreaMule.lnk
backup=d:\windows\pss\DreaMule.lnkCommon Startup
[HKLM\~\startupfolder\Fashion Solitaire.lnk]
path=Fashion Solitaire.lnk
backup=d:\windows\pss\Fashion Solitaire.lnkCommon Startup
[HKLM\~\startupfolder\Free Download Manager.lnk]
path=Free Download Manager.lnk
backup=d:\windows\pss\Free Download Manager.lnkCommon Startup
[HKLM\~\startupfolder\Incoming.lnk]
path=Incoming.lnk
backup=d:\windows\pss\Incoming.lnkCommon Startup
[HKLM\~\startupfolder\Internet Explorer.lnk]
path=Internet Explorer.lnk
backup=d:\windows\pss\Internet Explorer.lnkCommon Startup
[HKLM\~\startupfolder\Meus documentos.lnk]
path=Meus documentos.lnk
backup=d:\windows\pss\Meus documentos.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Arquivos de programas\\DreMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=
"d:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=
"d:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=
"d:\\Arquivos de programas\\Electronic Arts\\MySims\\bin\\MySims.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [3/6/2009 14:02 335752]
R2 avg8wd;AVG Free8 WatchDog;d:\arquiv~1\AVG\AVG8\avgwdsvc.exe [3/6/2009 14:02 298776]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [3/6/2009 21:46 40160]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Connection Wizard,ShellNext = iexplore
IE: Baixar com o FDM - file://d:\arquivos de programas\Free Download Manager\dllink.htm
IE: Baixar tudo com o FDM - file://d:\arquivos de programas\Free Download Manager\dlall.htm
IE: Download selecionado pelo FDM - file://d:\arquivos de programas\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\arquivos de programas\Free Download Manager\dlfvideo.htm
IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\Gabriela\Dados de aplicativos\Mozilla\Firefox\Profiles\46l4r82v.default\
FF - component: d:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: d:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\documents and settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
---- FIREFOX POLICIES ----
d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 16:28
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\msi.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\windows\system32\HPZipm12.exe
d:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
d:\arquivos de programas\AVG\AVG8\avgrsx.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-07-11 16:30 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-07-11 19:29
ComboFix2.txt 2009-07-10 22:16
Pré-execução: 10 pasta(s) 160.490.061.824 bytes disponíveis
Pós execução: 9 pasta(s) 160.460.754.944 bytes disponíveis
278 --- E O F --- 2008-10-06 22:33
HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:19, on 11/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\ARQUIV~1\AVG\AVG8\avgtray.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\system32\svchost.exe
D:\ARQUIV~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Arquivos de programas\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Gabriela\Desktop\Programas AM\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Arquivos de programas\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Arquivos de programas\Free Download Manager\iefdm2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - D:\ARQUIV~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [startCCC] "D:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Baixar com o FDM - file://D:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o FDM - file://D:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selecionado pelo FDM - file://D:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Arquivos de programas\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6611 bytes
-------------------------
Hm.. Posso dizer que meu computador está ficando bom, não que ele fosse bom antes,mas enfim..
O ComboFix gera um pasta de nome Qoobox, e se bem me lembro o Antônio Vieira me aconselhou da última vez a apagá-la, posso fazer o mesmo agora? o_õ
Ah! E outra coisa, tenho sempre dúvidas a respeito dos anti-vírus, afinal, AVG,Avira ou Avast? Essa é uma das minhas grandes dúvidas existenciais (??)
Agradecida :*
Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover o ComboFix - isso provavelmente removerá a pasta Qoobox.
O log está limpo.
Seu sistema está completamente desatualizado. Recomendo que atualize-o, pois sistemas desatualizados ficam mais vulneráveis à infecções.
Baixe e instale o Service Pack 3 e o Internet Explorer 8.
O ComboFix gera um pasta de nome Qoobox, e se bem me lembro o Antônio Vieira me aconselhou da última vez a apagá-la, posso fazer o mesmo agora? o_õ
Se a pasta não for removida pelo comando ComboFix /u que lhe passei anteriormente, pode removê-la sim manualmente.
Ah! E outra coisa, tenho sempre dúvidas a respeito dos anti-vírus, afinal, AVG,Avira ou Avast? Essa é uma das minhas grandes dúvidas existenciais (??)
Avira.
O AVG e o Avast! são bem fracos em comparação com o Avira. Além do Avira ser o melhor antivirus gratuito, possui um banco de dados excelente, não consome muita memória, enfim...
Instale o Avira. :thumbsup:
Algum problema ou dúvida ainda?
Uau.. nunca foi tão rápido resolver um problema meu ._."
Estou instalando o Avira, acho que de fato vale a pena.
Hm.. Acho que acabaram-se as perguntas
Very thank's MGuitar \o/
Beijos Beijos :*
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
1ª Etapa
Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.
2ª Etapa
● Será gerado um log em D:\ComboFix.txt.
Em sua próxima resposta, cole os logs do SDFix e ComboFix, por favor.