[Resolvido!] Suspeita de vírus/malware

Bom Dia! Carlos SP

<@> Baixe: < Win32kDiag.exe >

<@> < Link - 2 >

<@> Salve-o no desktop!

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\win32kdiag.exe" -f -r

<@> Clique OK.

<@> Poste o relatório: Win32kDiag.txt <--

<><><><><><><><><><>

<@> Faça um scan online em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://virscan.org/images/av/kaspersky.gif&key=fd207cf2d79f14a429349c1122107ed5b6e1688bd3c6ab440413ff32e41f37f1" alt="kaspersky.gif" /> >

<@> Utilize para isso,o navegador Internet Explorer.

<@> Acesse o site,e clique em Kaspersky Online Scanner.

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif&key=12df84cc9364ed13311153b7405127e0f208cd4a0679232596972a39ca5dfe36" alt="Kas-Savetxt.gif" />

<@> Poste,também,HijackThis atualizado.

Abraços!

Olá, DigRam!

Parece que o Kaspersky online ainda não está disponível (estaria sendo atualizado no momento). Há alguma outra ferramenta que substitua o scan do Kaspersky?

- Win32kDiag.txt:

Running from: C:\Documents and Settings\Carlos\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Carlos\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

---------

Abraços!

Boa Tarde! Carlos SP

Parece que o Kaspersky online ainda não está disponível (estaria sendo atualizado no momento). Há alguma outra ferramenta que substitua o scan do Kaspersky?

<!> Com a mesma eficiência...muito difícil.

<><><><><><><><><><>

<@> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.malwarebytes.org/images/marcinsig.gif&key=2c45e7fd674c4b18d376ffbe83bf82547806ac60e230409c7eb4c31999009760" alt="marcinsig.gif" /> > Malwarebytes

<@> < Link - 2 >

<@> < Link - 3 >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

Abraços!

Olá, DigRam!

mbam-log-2009-10-11 (11-00-49).txt:

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2941

Windows 5.1.2600 Service Pack 2

11/10/2009 11:00:53

mbam-log-2009-10-11 (11-00-49).txt

Tipo de Verificação: Completa (A:\|C:\|D:\|)

Objetos verificados: 155060

Tempo decorrido: 27 minute(s), 44 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 4

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 14

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\TypeLib\{6b71634c-5867-4d85-bffe-df1c322f8b96} (Adware.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b3d037eb-d5be-413d-8e16-e5b2a1b28bd8} (Adware.BHO) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{db6bf2cd-4f59-4f1c-aa9c-d08c0b61a931} (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db6bf2cd-4f59-4f1c-aa9c-d08c0b61a931} (Adware.BHO) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{db6bf2cd-4f59-4f1c-aa9c-d08c0b61a931} (Adware.BHO) -> No action taken.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

C:\Arquivos de programas\GbPlugin (Adware.BHO) -> No action taken.

Arquivos infectados:

C:\Arquivos de programas\GbPlugin\bb.gpc (Adware.BHO) -> No action taken.

C:\Arquivos de programas\GbPlugin\gbieh.gmd (Adware.BHO) -> No action taken.

C:\Arquivos de programas\GbPlugin\gbpdist.dll (Adware.BHO) -> No action taken.

C:\Arquivos de programas\GbPlugin\GbpSv.exe (Adware.BHO) -> No action taken.

C:\ccc.exe (Worm.AutoRun) -> No action taken.

C:\WINDOWS\KBPK090421.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090422.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090423.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090424.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090425.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090426.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090427.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090428.log (Malware.Trace) -> No action taken.

C:\WINDOWS\KBPK090429.log (Malware.Trace) -> No action taken.

_____________________________________________________________

Hijack atualizado:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:55:04, on 11/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.src=ym&.intl=br&rl=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 7500 bytes

------------------------

Abraços!

Boa Tarde! Carlos SP

Pastas infectadas:C:\Arquivos de programas\GbPlugin (Adware.BHO) -> No action taken.

Arquivos infectados:

C:\Arquivos de programas\GbPlugin\bb.gpc (Adware.BHO) -> No action taken.

C:\Arquivos de programas\GbPlugin\gbieh.gmd (Adware.BHO) -> No action taken.

C:\Arquivos de programas\GbPlugin\gbpdist.dll (Adware.BHO) -> No action taken.

C:\Arquivos de programas\GbPlugin\GbpSv.exe (Adware.BHO) -> No action taken.

<!> Execute o Malwarebytes e,em seu novo scan,permita as remoções que estão fora do Quote.

<><><><><><><><><><>

<@> Baixe: < AVPTool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Na janela de configuração,marque: Disco local (C) + Documents and Settings

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip.

<@> Evite,para esses casos,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

Abraços!

Boa tarde, DigRam!

Desculpe-me pela demora em responder, estou com alguma dificuldade para acessar a net.

No novo scan com o Malwarebytes, nãoforam encontradas infecções.
Relatório AVP Tool:

Scan

----

Scanned: 423540

Detected: 1

Untreated: 0

Start time: 21/10/2009 13:49:10

Duration: 03:30:50

Finish time: 21/10/2009 17:20:00

Detected

--------

Status Object

------ ------

deleted: Trojan program Trojan.Win32.Qhost.lsc File: C:\WINDOWS\system32\drivers\etc\Hosts.bak

Events

------

Time Name Status Reason

---- ---- ------ ------

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file005 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file006 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file007 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file008 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file009 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file010 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file011 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file012 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file013 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file014 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file015 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file016 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file017 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file018 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file019 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file020 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file021 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file022 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file023 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file024 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file025 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file026 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file027 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file028 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file029 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file030 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file031 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file032 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file033 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file034 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file035 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file036 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file037 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file038 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file039 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file040 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file041 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file042 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file043 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file044 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file045 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file046 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file047 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file048 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file049 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file050 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file051 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file052 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file053 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file054 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file055 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file056 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file057 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file058 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file059 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file060 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file061 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file062 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file063 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file064 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file065 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file066 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file067 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file068 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file069 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file070 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file071 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file072 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file073 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file074 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file075 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file076 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file077 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file078 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file079 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file080 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file081 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file082 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file083 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file084 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file085 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file086 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file087 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file088 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file089 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file090 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file091 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file092 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file093 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file094 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file095 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file096 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file097 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file098 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file099 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file100 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file101 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file102 password protected

21/10/2009 14:40:46 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file103 password protected

21/10/2009 15:23:10 File: C:\WINDOWS\system32\drivers\etc\Hosts.bak detected Trojan program 'Trojan.Win32.Qhost.lsc'

21/10/2009 15:23:10 File: C:\WINDOWS\system32\drivers\etc\Hosts.bak not disinfected postponed

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file005 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file006 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file007 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file008 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file009 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file010 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file011 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file012 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file013 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file014 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file015 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file016 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file017 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file018 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file019 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file020 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file021 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file022 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file023 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file024 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file025 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file026 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file027 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file028 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file029 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file030 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file031 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file032 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file033 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file034 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file035 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file036 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file037 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file038 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file039 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file040 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file041 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file042 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file043 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file044 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file045 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file046 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file047 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file048 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file049 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file050 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file051 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file052 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file053 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file054 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file055 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file056 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file057 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file058 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file059 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file060 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file061 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file062 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file063 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file064 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file065 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file066 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file067 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file068 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file069 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file070 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file071 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file072 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file073 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file074 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file075 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file076 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file077 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file078 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file079 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file080 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file081 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file082 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file083 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file084 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file085 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file086 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file087 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file088 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file089 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file090 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file091 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file092 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file093 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file094 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file095 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file096 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file097 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file098 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file099 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file100 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file101 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file102 password protected

21/10/2009 16:12:41 File: C:\Documents and Settings\Carlos\Desktop\realalt184lite.exe//file103 password protected

21/10/2009 16:55:28 File: C:\WINDOWS\system32\drivers\etc\Hosts.bak detected Trojan program 'Trojan.Win32.Qhost.lsc'

21/10/2009 16:55:28 File: C:\WINDOWS\system32\drivers\etc\Hosts.bak not disinfected postponed

21/10/2009 16:56:42 File: c:\windows\system32\drivers\etc\hosts.bak detected Trojan program 'Trojan.Win32.Qhost.lsc'

21/10/2009 17:20:00 File: c:\windows\system32\drivers\etc\hosts.bak deleted

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

Backup

------

Status Object Size

------ ------ ----

___________________________________

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:23:11, on 22/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.src=ym&.intl=br&rl=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 7435 bytes

Abraços!

Boa Tarde! Carlos SP

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo-clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://img.bleepingcomputer.com/dds/icon.jpg&key=77ec3f21ddbab31402a4e91f931d86be6d85ae573a6742c8368040ee57805ce5" alt="icon.jpg" />.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

Abraços!

Boa tarde, DigRam!

Relatório DDS.txt:

DDS (Ver_09-10-24.01) - NTFSx86

Run by Carlos at 14:43:33,40 on sáb 24/10/2009

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16

============== Pseudo HJT Report ===============

uStart Page = https://login.yahoo.com/config/mail?&.src=ym&.intl=br&rl=1

uWindow Title =

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\arquivos de programas\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\arquivos de programas\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [sispower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [isusscheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [isuspm startup] c:\arquiv~1\arquiv~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [hp software update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [COMODO Firewall Pro] "c:\arquivos de programas\comodo\firewall\CPF.exe" /background

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

LSA: Notification Packages = scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\carlos\dadosd~1\mozilla\firefox\profiles\z62k78li.default\

FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=br&rl=1

FF - component: c:\documents and settings\carlos\dados de aplicativos\mozilla\firefox\profiles\z62k78li.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2009-10-20 20:06:24 46724280 ----a-w- c:\arquivos de programas\setup_7.0.0.290_20.10.2009_23-39.exe

2009-10-15 16:19:48 27496 ----a-w- c:\windows\system32\mucltui.dll.mui

2009-10-15 16:19:48 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-10-11 13:11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-11 13:11:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-11 13:11:28 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

==================== Find3M ====================

2009-10-18 17:45:54 49586 ----a-w- c:\windows\system32\perfc016.dat

2009-10-18 17:45:54 347294 ----a-w- c:\windows\system32\perfh016.dat

2009-07-31 17:23:10 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-26 19:44:56 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-06-09 20:34:39 4626422 ----a-w- c:\arquivos de programas\avz4.zip

2009-05-08 19:23:54 17777408 ----a-w- c:\arquivos de programas\TU2009TrialEN-US.exe

2009-05-01 00:53:47 49148496 ----a-w- c:\arquivos de programas\a2FreeSetup.exe

2009-04-29 21:55:26 71712 --sha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 14:43:51,85 ===============

________________________________________________

Relatório Attach.txt:

DDS (Ver_09-10-24.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 10/11/2006 00:14:50

System Uptime: 24/10/2009 14:24:26 (0 hours ago)

Motherboard: Hewlett-Packard | | 0A30

Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 775 | 3200/200mhz

Processor: Intel® Pentium® 4 CPU 3.20GHz | Socket 775 | 3200/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 57,335 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP20: 29/7/2009 15:23:27 - Ponto de verificação do sistema

RP21: 8/8/2009 12:08:40 - Installed Real Alternative

RP22: 9/8/2009 19:37:11 - Ponto de verificação do sistema

RP23: 18/8/2009 12:08:17 - Ponto de verificação do sistema

RP24: 25/8/2009 18:59:50 - Installed Java 6 Update 15

RP25: 3/9/2009 02:11:01 - Ponto de verificação do sistema

RP26: 7/9/2009 10:27:38 - Ponto de verificação do sistema

RP27: 8/9/2009 19:05:41 - Ponto de verificação do sistema

RP28: 13/9/2009 14:46:40 - Ponto de verificação do sistema

RP29: 18/9/2009 22:49:46 - Ponto de verificação do sistema

RP30: 23/9/2009 01:52:13 - Installed Windows Media Player 11

RP31: 5/10/2009 09:19:21 - Ponto de verificação do sistema

RP32: 6/10/2009 18:55:11 - Ponto de verificação do sistema

RP33: 16/10/2009 14:06:12 - Ponto de verificação do sistema

RP34: 20/10/2009 14:15:59 - Ponto de verificação do sistema

RP35: 22/10/2009 15:25:05 - Installed Java 6 Update 16

==== Installed Programs ======================

a-squared Free 4.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0 - Português

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB911565)

Atualização de Segurança para o Windows Media Player 9 (KB917734)

Atualização de Segurança para o Windows Media Player 9 (KB936782)

Atualização de Segurança para Windows XP (KB890046)

Atualização de Segurança para Windows XP (KB893066)

Atualização de Segurança para Windows XP (KB893756)

Atualização de Segurança para Windows XP (KB896358)

Atualização de Segurança para Windows XP (KB896422)

Atualização de Segurança para Windows XP (KB896423)

Atualização de Segurança para Windows XP (KB896424)

Atualização de Segurança para Windows XP (KB896428)

Atualização de Segurança para Windows XP (KB896688)

Atualização de Segurança para Windows XP (KB899587)

Atualização de Segurança para Windows XP (KB899591)

Atualização de Segurança para Windows XP (KB900725)

Atualização de Segurança para Windows XP (KB901017)

Atualização de Segurança para Windows XP (KB901214)

Atualização de Segurança para Windows XP (KB902400)

Atualização de Segurança para Windows XP (KB904706)

Atualização de Segurança para Windows XP (KB905414)

Atualização de Segurança para Windows XP (KB905749)

Atualização de Segurança para Windows XP (KB905915)

Atualização de Segurança para Windows XP (KB908519)

Atualização de Segurança para Windows XP (KB911562)

Atualização de Segurança para Windows XP (KB911567)

Atualização de Segurança para Windows XP (KB911927)

Atualização de Segurança para Windows XP (KB912919)

Atualização de Segurança para Windows XP (KB913446)

Atualização de Segurança para Windows XP (KB913580)

Atualização de Segurança para Windows XP (KB914388)

Atualização de Segurança para Windows XP (KB914389)

Atualização de Segurança para Windows XP (KB917344)

Atualização de Segurança para Windows XP (KB917422)

Atualização de Segurança para Windows XP (KB917953)

Atualização de Segurança para Windows XP (KB918118)

Atualização de Segurança para Windows XP (KB918439)

Atualização de Segurança para Windows XP (KB919007)

Atualização de Segurança para Windows XP (KB920213)

Atualização de Segurança para Windows XP (KB920214)

Atualização de Segurança para Windows XP (KB920670)

Atualização de Segurança para Windows XP (KB920683)

Atualização de Segurança para Windows XP (KB920685)

Atualização de Segurança para Windows XP (KB921398)

Atualização de Segurança para Windows XP (KB921503)

Atualização de Segurança para Windows XP (KB922616)

Atualização de Segurança para Windows XP (KB922819)

Atualização de Segurança para Windows XP (KB923191)

Atualização de Segurança para Windows XP (KB923414)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923694)

Atualização de Segurança para Windows XP (KB923980)

Atualização de Segurança para Windows XP (KB924191)

Atualização de Segurança para Windows XP (KB924270)

Atualização de Segurança para Windows XP (KB924496)

Atualização de Segurança para Windows XP (KB924667)

Atualização de Segurança para Windows XP (KB925486)

Atualização de Segurança para Windows XP (KB925902)

Atualização de Segurança para Windows XP (KB926255)

Atualização de Segurança para Windows XP (KB926436)

Atualização de Segurança para Windows XP (KB927779)

Atualização de Segurança para Windows XP (KB927802)

Atualização de Segurança para Windows XP (KB928255)

Atualização de Segurança para Windows XP (KB928843)

Atualização de Segurança para Windows XP (KB929123)

Atualização de Segurança para Windows XP (KB929969)

Atualização de Segurança para Windows XP (KB930178)

Atualização de Segurança para Windows XP (KB931261)

Atualização de Segurança para Windows XP (KB931784)

Atualização de Segurança para Windows XP (KB932168)

Atualização de Segurança para Windows XP (KB933729)

Atualização de Segurança para Windows XP (KB935839)

Atualização de Segurança para Windows XP (KB935840)

Atualização de Segurança para Windows XP (KB936021)

Atualização de Segurança para Windows XP (KB938127)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB938829)

Atualização de Segurança para Windows XP (KB941202)

Atualização de Segurança para Windows XP (KB941568)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB941644)

Atualização de Segurança para Windows XP (KB941693)

Atualização de Segurança para Windows XP (KB943055)

Atualização de Segurança para Windows XP (KB943460)

Atualização de Segurança para Windows XP (KB943485)

Atualização de Segurança para Windows XP (KB944338)

Atualização de Segurança para Windows XP (KB944653)

Atualização de Segurança para Windows XP (KB945553)

Atualização de Segurança para Windows XP (KB946026)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB948590)

Atualização de Segurança para Windows XP (KB948881)

Atualização de Segurança para Windows XP (KB950749)

Atualização de Segurança para Windows XP (KB950759)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951376)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960714)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969897)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização para Windows XP (KB894391)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB900485)

Atualização para Windows XP (KB910437)

Atualização para Windows XP (KB911280)

Atualização para Windows XP (KB912945)

Atualização para Windows XP (KB916595)

Atualização para Windows XP (KB920872)

Atualização para Windows XP (KB922582)

Atualização para Windows XP (KB927891)

Atualização para Windows XP (KB929338)

Atualização para Windows XP (KB930916)

Atualização para Windows XP (KB931836)

Atualização para Windows XP (KB933360)

Atualização para Windows XP (KB936357)

Atualização para Windows XP (KB938828)

Atualização para Windows XP (KB942763)

Atualização para Windows XP (KB942840)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Avira AntiVir Personal - Free Antivirus

Battlefield 1942

BOOKcase 4.0

BufferChm

Call of Duty

Cambridge Dictionary of American English, version 1.1

CD-ROM Coleção Completa Superinteressante 2006

COMODO Firewall Pro

CustomerResearchQFolder

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

eSupportQFolder

Ferramenta de Carregamento do Windows Live

GraphPad Prism 4

Great Battles of WWII: Stalingrad (Demo)

HijackThis 2.0.2

Hotfix para Windows XP (KB952287)

HP Deskjet 3900 series

HP Extended Capabilities 5.0

HP Image Zone Express

HP Imaging Device Functions 5.0

HP Software Update

HP Solution Center & Imaging Support Tools 5.0

HPDeskjet3900Series

HPProductAssistant

HT Player

InterActual Player

Java 6 Update 16

LS_HSI

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MarketResearch

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office FrontPage 2003

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Motorola SM56 Speakerphone Modem

Mozilla Firefox (3.5.3)

MSVCRT

PCI SoftV92 Modem

PDFCreator

PDFCreator Toolbar

Power Tab Editor 1.7

Real Alternative 1.8.4 Lite

Roxio Audio Module

Roxio CinePlayer

Roxio Copy Module

Roxio Data Module

Roxio DLA

Roxio Express Labeler

Roxio Roxio Update Manager

Segoe UI

Sierra On-Line Games (Remove only)

SimCity 3000

SiS 661FX

SolutionCenter

Status

Tons

TrayApp

TuneUp Utilities 2009

Victoria

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

==== End Of File ===========================

___________________________________________

Abraços!

Boa Noite! Carlos SP

<!> O link Kaspersky On-Line,já está disponível!

<><><><><><><><><>

<@> Poste o relatório dessa verificação!

Abraços!

Boa tarde, DigRam!

Relatório Kaspersky:

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, October 26, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

 Last database update: Monday, October 26, 2009 16:43:44

 Records in database: 3083121

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Objects scanned: 57942

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:32:43

No threats found. Scanned area is clean.

Selected area has been scanned.

----------------------------------------------------------------------------------------------------------------------------------

HijackThis atualizado:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:39:00, on 26/10/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Comodo\Firewall\CPF.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.src=ym&.intl=br&rl=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [sispower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [isusscheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [isuspm startup] C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [hp software update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Arquivos de programas\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390](http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131549136390)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234](http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245708098234)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Arquivos de programas\Comodo\Firewall\cmdagent.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 7576 bytes

----------------------------------------------------------------------------------------------------------------------------------

Abraços!

Boa Noite! Carlos SP

<@> Não havendo problemas,estabeleça um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><>

<!> Seus logs estão limpos! :bye:

<!> Tudo Ok?

Abraços!

Ok, DigRam! Muito obrigado pela atenção e pelas dicas.

Abraços!

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.