[Resolvido!] Análise de Log

Bom dia .matiello

1.

*Baixe o Bankerfix e salve-o no desktop

*Desative temporariamente seu antivírus

Iniciar > Programas > AVG Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Duplo clique em bankerfix.exe.

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK]

*Tecle [ENTER] e aguarde.

*Ao término tecle [ENTER]

*Cole o relatório criado em C:\LinhaDefensiva\relatorio.txt e novo log do hijack

Bom dia wings

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-12-09 - 11:39

-------------------------------------------------------

Lista de Definição: 2009-10-26-1 | CORE: 2009-07-24-1

=======================================================

Arquivo infectado detectado: C:\WINDOWS\control.ctr

Arquivo infectado removido com sucesso!

Arquivo infectado detectado: C:\Arquivos de programas\Arquivos comuns\wingb.txt

Arquivo infectado removido com sucesso!

----- Fim -------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:41:45, on 09/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWASER.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWAgent.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.oi.com.br/mail/login.php?url=%2fmail%2fmailbox.php%3fmailbox%3dinbox%26amp%3bhorde%3demijkloobchd1059ciibkl1bm6%26amp%3bnocache%3d610ks1jew2bs

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Waiting1690] C:\Windows\stid1690.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NSLauncher] C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [slide.exe] C:\Arquivos de programas\Slide\Slide.exe

O4 - HKCU\..\Run: [NSeries.PCSync] C:\Arquivos de programas\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWASER.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 11850 bytes

1.

*Delete o programa Bankerfix e a pasta C:\LinhaDefensiva

2.

*Mantenha desativado o seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0913/CF1.jpg&key=2430603725de1c8c1a16cf49bfd2ae017ab5298dcdf1fb0ecf60242481456657" alt="CF1.jpg" />

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não esteja uma janela, conforme abaixo, será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0741/recovery-console-prompt.jpg&key=e82a02a7669077650b575129b2877919986cc4825b1687eb2ffdb0009aaf6732" alt="recovery-console-prompt.jpg" />

*Após a instalação, clique em [sIM] para continuar.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0744/recovery-console-installed.jpg&key=ea128ab96f17dd81ce75cb7ce84d8f5e2e8b2b0e5321caf560d0276a9f2199c4" alt="recovery-console-installed.jpg" />

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

ComboFix 09-12-09.04 - ROSANE MATIELLO 09/12/2009 21:31:22.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1983.1203 [GMT -2:00]

Executando de: c:\documents and settings\ROSANE MATIELLO\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Freeze.com Toolbar

c:\arquivos de programas\Freeze.com Toolbar\basis.xml

c:\arquivos de programas\Freeze.com Toolbar\cache\4520985da48e992cefb0dd70b542b63d

c:\arquivos de programas\Freeze.com Toolbar\freeze.bmp

c:\arquivos de programas\Freeze.com Toolbar\freeze_int.crc

c:\arquivos de programas\Freeze.com Toolbar\freeze_int.inf

c:\arquivos de programas\Freeze.com Toolbar\frzToolbar_logo.bmp

c:\arquivos de programas\Freeze.com Toolbar\icons.bmp

c:\arquivos de programas\Freeze.com Toolbar\options.html

c:\arquivos de programas\Freeze.com Toolbar\powered_yahoo_search.bmp

c:\arquivos de programas\Freeze.com Toolbar\Thumbs.db

c:\arquivos de programas\Freeze.com Toolbar\version.txt

c:\arquivos de programas\Freeze.com Toolbar\whiteList_plugin.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\arquivos de programas\OneStepSearch

c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\addon.dat

c:\documents and settings\ROSANE MATIELLO\Desktop\Apresentação.doc

c:\documents and settings\ROSANE MATIELLO\Desktop\Apresentação.doc

c:\documents and settings\ROSANE MATIELLO\Desktop\ASSOCIAÇÃO EDUCACIONAL VEIGA DE ALMEIDA 17-08-2009(2).dot

c:\documents and settings\ROSANE MATIELLO\Desktop\ASSOCIAÇÃO EDUCACIONAL VEIGA DE ALMEIDA 17-08-2009(2).dot

c:\documents and settings\ROSANE MATIELLO\Desktop\ASSOCIAÇÃO EDUCACIONAL VEIGA DE ALMEIDA 17-08-2009.dot

c:\documents and settings\ROSANE MATIELLO\Desktop\ASSOCIAÇÃO EDUCACIONAL VEIGA DE ALMEIDA 17-08-2009.dot

c:\documents and settings\ROSANE MATIELLO\Desktop\cotação veiga de almeida lapis de cor(2).doc

c:\documents and settings\ROSANE MATIELLO\Desktop\cotação veiga de almeida lapis de cor(2).doc

c:\documents and settings\ROSANE MATIELLO\Desktop\cotação veiga de almeida lapis de cor.doc

c:\documents and settings\ROSANE MATIELLO\Desktop\cotação veiga de almeida lapis de cor.doc

c:\documents and settings\ROSANE MATIELLO\Desktop\Orç 03572 UNIVERCIDADE V_.doc

c:\documents and settings\ROSANE MATIELLO\Desktop\Orç 03572 UNIVERCIDADE V_.doc

C:\Thumbs.db

c:\windows\regedit.com

c:\windows\run.log

c:\windows\system32\dllcache\klog.dat

c:\windows\system32\taskmgr.com

c:\windows\system32\uacinit.dll

c:\windows\system32\UACqpqbgrgoew.dat

c:\windows\Z.EXE

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ODDYSEE

-------\Service_Oddysee

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-09 to 2009-12-09 ))))))))))))))))))))))))))))

.

2009-12-09 02:24 . 2009-12-09 13:41 -------- d-----w- C:\Hijack

2009-12-09 02:12 . 2009-08-06 00:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-11-28 20:24 . 2008-08-18 21:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-11-28 20:24 . 2008-08-18 21:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-11-28 20:24 . 2008-08-18 21:44 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2009-11-28 20:24 . 2008-08-18 21:44 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-11-28 20:24 . 2009-11-28 20:24 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

2009-11-28 20:24 . 2009-12-03 16:12 -------- d-----w- c:\arquivos de programas\Vivo 3G

2009-11-26 12:46 . 2009-11-26 12:46 -------- d-sh--w- c:\documents and settings\ROSANE MATIELLO\PrivacIE

2009-11-25 12:40 . 2009-11-25 12:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-11-25 12:34 . 2009-11-25 12:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-11-25 12:33 . 2009-11-25 12:33 -------- d-sh--w- c:\documents and settings\ROSANE MATIELLO\IETldCache

2009-11-25 12:26 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-25 12:26 . 2009-12-09 10:38 -------- d-----w- c:\windows\ie8updates

2009-11-25 12:25 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-25 12:25 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-25 12:24 . 2009-11-25 12:25 -------- dc-h--w- c:\windows\ie8

2009-11-25 01:34 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\U3\temp\cleanup.exe

2009-11-24 23:56 . 2008-02-25 15:47 3489792 ---ha-w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2009-11-24 23:54 . 2009-11-25 01:34 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\U3

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-09 23:39 . 2009-08-25 00:11 602 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll

2009-12-09 23:38 . 2007-03-09 15:35 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-09 13:35 . 2001-10-28 18:07 84076 ----a-w- c:\windows\system32\perfc016.dat

2009-12-09 13:35 . 2001-10-28 18:07 480122 ----a-w- c:\windows\system32\perfh016.dat

2009-12-09 02:12 . 2007-09-21 17:44 -------- d-----w- c:\arquivos de programas\Windows Live

2009-12-07 23:14 . 2006-10-03 15:38 -------- d-----w- c:\arquivos de programas\Google

2009-12-07 20:47 . 2007-09-23 21:30 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Image Zone Express

2009-12-07 02:16 . 2006-06-28 17:03 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Skype

2009-12-06 21:09 . 2009-08-16 21:15 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\skypePM

2009-12-03 13:09 . 2006-06-05 02:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-12-03 10:31 . 2006-06-04 09:41 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-26 14:15 . 2006-08-31 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-11-26 12:45 . 2009-06-25 00:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-10-29 07:42 . 2006-06-23 16:27 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-22 17:40 . 2009-04-13 23:25 30504 -c--a-w- c:\windows\system32\drivers\GbpKm.sys

2009-10-21 06:01 . 2004-08-04 07:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:01 . 2004-08-04 07:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-12 21:30 . 2009-08-25 00:11 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Arcsoft

2009-10-12 18:24 . 2008-03-20 20:15 152064 -c--a-w- c:\windows\snap.dat

2009-10-12 13:52 . 2002-09-09 17:08 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:52 . 2002-09-09 17:08 112640 ----a-w- c:\windows\system32\rastls.dll

2009-09-11 14:35 . 2002-09-09 17:07 133632 ----a-w- c:\windows\system32\msv1_0.dll

2009-05-27 01:36 . 2009-05-27 01:36 1213 -c--a-w- c:\arquivos de programas\Arquivos comuns\systemkill.exe

2008-06-13 00:27 . 2008-06-12 02:11 188372 -c--a-w- c:\arquivos de programas\DIPHSO.ski

2007-08-01 18:43 . 2007-08-01 18:43 774144 -c--a-w- c:\arquivos de programas\RngInterstitial.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 14:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-26 68856]

"NSeries.PCSync"="c:\arquivos de programas\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe" [2007-02-23 1716224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe -atboottime" [X]

"VTTrayp"="VTtrayp.exe" [2005-01-10 143360]

"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]

"VTTimer"="VTTimer.exe" [2005-03-07 53248]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143872]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Software Kodak EasyShare.lnk - c:\arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-18 03:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ROSANE MATIELLO^Menu Iniciar^Programas^Inicializar^widget.lnk]

path=c:\documents and settings\ROSANE MATIELLO\Menu Iniciar\Programas\Inicializar\widget.lnk

backup=c:\windows\pss\widget.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoonR]

c:\arquivos de programas\SoonR\SoonR Desktop Client\SoonrClient.exe -boot [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 19:24	54840	----a-w-	c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 12:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneClub Softphone]

2006-12-20 14:45 335360 -c--a-w- c:\arquivos de programas\IWPHONE\FFF-36\SYSTEM\PhoneClub Softphone.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-07-16 16:20 25604904 -c--a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-09-26 19:25 68856 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2004-08-04 07:45 143872 -c--a-w- c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-07 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48 479232 -c--a-w- c:\arquivos de programas\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\IWPHONE\\FFF-1C\\SYSTEM\\Stracta Softphone.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\IWPHONE\\FFF-36\\SYSTEM\\PhoneClub Softphone.EXE"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\ROSANE MATIELLO\\Meus documentos\\PROGRAMAS\\jre\\bin\\java.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [13/04/2009 21:25 30504]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/04/2008 20:32 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/04/2008 20:32 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [29/08/2008 22:07 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [31/08/2008 09:16 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [09/12/2009 00:12 54752]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [16/07/2007 15:15 53800]

R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\arquivos de programas\HWiNFO32\HWiNFO32.SYS [04/06/2006 09:13 7040]

S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [13/07/2007 22:42 152832]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

S3 ISDBAlpsBDA;ISDB-T Alps Nim receiver;c:\windows\system32\drivers\ISDBAlpsBDA.sys [17/05/2009 17:02 61184]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://webmail.oi.com.br/mail/login.php?url=%2fmail%2fmailbox.php%3fmailbox%3dinbox%26amp%3bhorde%3demijkloobchd1059ciibkl1bm6%26amp%3bnocache%3d610ks1jew2bs

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Mozilla\Firefox\Profiles\9byp2vpo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?hl=pt-BR&shva=1#inbox|http://www.google.com/calendar/render?tab=mc

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Mozilla\Firefox\Profiles\9byp2vpo.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

• - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MessengerPlus3 - c:\arquivos de programas\MessengerPlus! 3\MsgPlus.exe

HKCU-Run-eyeBeam SIP Client - (no file)

HKCU-Run-slide.exe - c:\arquivos de programas\Slide\Slide.exe

HKLM-Run-MessengerPlus3 - c:\arquivos de programas\MessengerPlus! 3\MsgPlus.exe

HKLM-Run-Waiting1690 - c:\windows\stid1690.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify-WgaLogon - (no file)

MSConfigStartUp-eScan Monitor - c:\arquiv~1\eScan\AVPMWrap.EXE

MSConfigStartUp-eScan Updater - c:\arquiv~1\eScan\TRAYICOS.EXE

MSConfigStartUp-MailScan Dispatcher - c:\arquivos de programas\eScan\LAUNCH.EXE

MSConfigStartUp-Picasa Media Detector - c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe

MSConfigStartUp-RegPowerClean - c:\arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe

MSConfigStartUp-SunJavaUpdateSched - c:\arquivos de programas\Java\jre1.5.0_03\bin\jusched.exe

ActiveSetup-{F9E9A340-D1F1-11D0-821E-POISONIVY2007} - c:\windows\system32\dllcache\Barney.exe

AddRemove-5a2ec123f41c5fbfa09b6d0a09437862 - c:\arquivos de programas\Programas RFB\Receitanet Java\desinstalar\desinstalar.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-09 21:40

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D038CA73-CBA2-403E-F227-D152AE7657DD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaambfipeilccmekgiodmifadhilpl"=hex:61,69,63,6b,6c,66,6d,69,6f,62,64,6a,69,6d,

66,64,6c,6a,69,6a,61,6d,64,6b,6f,64,70,61,61,69,66,6b,62,70,6a,6a,70,62,64,\

"iadldgofonaaaphkhf"=hex:6a,61,69,6c,6c,61,66,65,65,68,68,6d,68,62,68,61,6f,61,

6d,6e,00,00

"hanmnmbmhmjeckpp"=hex:6a,61,68,6c,66,62,70,61,6e,62,6e,6a,6b,70,61,6f,6b,6e,

69,64,00,d7

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\command]

@="c:\\ARQUIV~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\ddeexec]

@="\"%1\",,0,0,,,,"

"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\ddeexec\Application]

@="Firefox"

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\ddeexec\Topic]

@="WWW_OpenURL"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\open]

@="Abrir com o Adobe Photoshop Album Starter Edition 3.0"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\open\command]

@="\"c:\\Arquivos de programas\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\ComponentLauncher.exe\" module=jpegviewer bg params \"filepath=%1\""

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\preview]

@="Visualizar"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\preview\command]

@="\"c:\\Arquivos de programas\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\ComponentLauncher.exe\" module=jpegviewer bg params \"filepath=%1\""

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\print]

@="Imprimir"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\print\command]

@="\"c:\\Arquivos de programas\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\ComponentLauncher.exe\" module=jpegviewer bg params \"print\" \"filepath=%1\""

[HKEY_LOCAL_MACHINE\software\Classes\Lw8o ÿÿÿÿ$_auto_file*\shell\open\command]

@="\"c:\\Documents and Settings\\ROSANE MATIELLO\\Meus documentos\\PROGRAMAS\\Adobe Reader 9.lnk\" %1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

• - - - - - - > 'explorer.exe'(3268)

c:\windows\system32\WININET.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

c:\windows\system32\VTtrayp.exe

c:\windows\SOUNDMAN.EXE

c:\arquivos de programas\QuickTime\qttask.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWASER.EXE

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWAgent.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-09 21:46:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-09 23:46

Pré-execução: 31 pasta(s) 38.378.434.560 bytes disponíveis

Pós execução: 35 pasta(s) 38.673.649.664 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

• - End Of File - - 26DC7EB024B17D9C3B5580EF16E16713

Boa noite .matiello

Envie o arquivo abaixo para análise em http://virscan.org

c:\arquivos de programas\Arquivos comuns\systemkill.exe

Cole o link contendo o resultado da análise.

http://virscan.org/report/b3099482444b16b4fa750266bc19dc50.html

Ali consta que você enviou o seguinte arquivo: gbtext.dll

Repita o procedimento novamente. Eu quero:

c:\arquivos de programas\Arquivos comuns\systemkill.exe

Boa noite wings

também fiquei na dúvida, mas é esse arquivo mesmo systemkill.exe

tenho absoluta certeza

http://virscan.org/report/b3099482444b16b4fa750266bc19dc50.html

Vou remover este arquivo. Bastante suspeito para estar nesta pasta.

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

File::c:\arquivos de programas\Arquivos comuns\systemkill.exe

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

/applications/core/interface/imageproxy/imageproxy.php?img=http://e.imagehost.org/0616/CFScript.gif&key=995821588d89147a56f11f5fac3fa9589d8f9b036ce5e2e1e08b37718477c6a9" alt="CFScript.gif" />

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

ComboFix 09-12-09.04 - ROSANE MATIELLO 09/12/2009 22:23:50.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1983.1230 [GMT -2:00]

Executando de: c:\documents and settings\ROSANE MATIELLO\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\ROSANE MATIELLO\Desktop\CFScript.txt

AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\arquivos de programas\Arquivos comuns\systemkill.exe"

.

ADS - drivers: deleted 216 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Arquivos comuns\systemkill.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-10 to 2009-12-10 ))))))))))))))))))))))))))))

.

2009-12-10 00:15 . 2009-12-10 00:16 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Gizmo5

2009-12-10 00:15 . 2009-12-10 00:15 -------- d-----w- c:\arquivos de programas\Gizmo5

2009-12-09 02:24 . 2009-12-09 13:41 -------- d-----w- C:\Hijack

2009-12-09 02:12 . 2009-08-06 00:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-11-28 20:24 . 2008-08-18 21:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-11-28 20:24 . 2008-08-18 21:45 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-11-28 20:24 . 2008-08-18 21:44 110080 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2009-11-28 20:24 . 2008-08-18 21:44 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-11-28 20:24 . 2009-11-28 20:24 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

2009-11-28 20:24 . 2009-12-03 16:12 -------- d-----w- c:\arquivos de programas\Vivo 3G

2009-11-26 12:46 . 2009-11-26 12:46 -------- d-sh--w- c:\documents and settings\ROSANE MATIELLO\PrivacIE

2009-11-25 12:40 . 2009-11-25 12:40 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-11-25 12:34 . 2009-11-25 12:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-11-25 12:33 . 2009-11-25 12:33 -------- d-sh--w- c:\documents and settings\ROSANE MATIELLO\IETldCache

2009-11-25 12:26 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-11-25 12:26 . 2009-12-09 10:38 -------- d-----w- c:\windows\ie8updates

2009-11-25 12:25 . 2009-10-29 07:42 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-11-25 12:25 . 2009-10-29 07:42 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-11-25 12:24 . 2009-11-25 12:25 -------- dc-h--w- c:\windows\ie8

2009-11-25 01:34 . 2007-10-23 11:27 110592 ----a-w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\U3\temp\cleanup.exe

2009-11-24 23:56 . 2008-02-25 15:47 3489792 ---ha-w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\U3\temp\Launchpad Removal.exe

2009-11-24 23:54 . 2009-11-25 01:34 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\U3

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-09 23:39 . 2009-08-25 00:11 602 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll

2009-12-09 23:38 . 2007-03-09 15:35 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-09 13:35 . 2001-10-28 18:07 84076 ----a-w- c:\windows\system32\perfc016.dat

2009-12-09 13:35 . 2001-10-28 18:07 480122 ----a-w- c:\windows\system32\perfh016.dat

2009-12-09 02:12 . 2007-09-21 17:44 -------- d-----w- c:\arquivos de programas\Windows Live

2009-12-07 23:14 . 2006-10-03 15:38 -------- d-----w- c:\arquivos de programas\Google

2009-12-07 20:47 . 2007-09-23 21:30 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Image Zone Express

2009-12-07 02:16 . 2006-06-28 17:03 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Skype

2009-12-06 21:09 . 2009-08-16 21:15 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\skypePM

2009-12-03 13:09 . 2006-06-05 02:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-12-03 10:31 . 2006-06-04 09:41 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-26 14:15 . 2006-08-31 14:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-11-26 12:45 . 2009-06-25 00:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-10-29 07:42 . 2006-06-23 16:27 916480 ------w- c:\windows\system32\wininet.dll

2009-10-22 17:40 . 2009-04-13 23:25 30504 -c--a-w- c:\windows\system32\drivers\GbpKm.sys

2009-10-21 06:01 . 2004-08-04 07:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:01 . 2004-08-04 07:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 06:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-12 21:30 . 2009-08-25 00:11 -------- d-----w- c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Arcsoft

2009-10-12 18:24 . 2008-03-20 20:15 152064 -c--a-w- c:\windows\snap.dat

2009-10-12 13:52 . 2002-09-09 17:08 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:52 . 2002-09-09 17:08 112640 ----a-w- c:\windows\system32\rastls.dll

2009-09-11 14:35 . 2002-09-09 17:07 133632 ----a-w- c:\windows\system32\msv1_0.dll

2008-06-13 00:27 . 2008-06-12 02:11 188372 -c--a-w- c:\arquivos de programas\DIPHSO.ski

2007-08-01 18:43 . 2007-08-01 18:43 774144 -c--a-w- c:\arquivos de programas\RngInterstitial.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

Nota entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 14:58 1107200 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-26 68856]

"NSeries.PCSync"="c:\arquivos de programas\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe" [2007-02-23 1716224]

"Gizmo5"="c:\arquivos de programas\Gizmo5\Gizmo5.exe" [2009-11-11 5079040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe -atboottime" [X]

"VTTrayp"="VTtrayp.exe" [2005-01-10 143360]

"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]

"VTTimer"="VTTimer.exe" [2005-03-07 53248]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143872]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NSLauncher"="c:\arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 3100672]

"Adobe Photo Downloader"="c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 57344]

"ArcSoft Connection Service"="c:\arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"googletalk"="c:\arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 3735552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Software Kodak EasyShare.lnk - c:\arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

c:\arquivos de programas\GbPlugin\gbiehcef.dll [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-18 03:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Kodak software updater.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Kodak software updater.lnk

backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ROSANE MATIELLO^Menu Iniciar^Programas^Inicializar^widget.lnk]

path=c:\documents and settings\ROSANE MATIELLO\Menu Iniciar\Programas\Inicializar\widget.lnk

backup=c:\windows\pss\widget.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoonR]

c:\arquivos de programas\SoonR\SoonR Desktop Client\SoonrClient.exe -boot [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 19:24	54840	----a-w-	c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 12:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneClub Softphone]

2006-12-20 14:45 335360 -c--a-w- c:\arquivos de programas\IWPHONE\FFF-36\SYSTEM\PhoneClub Softphone.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-07-16 16:20 25604904 -c--a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-09-26 19:25 68856 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2004-08-04 07:45 143872 -c--a-w- c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-07 19:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48 479232 -c--a-w- c:\arquivos de programas\Google\Gmail Notifier\gnotify.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\IWPHONE\\FFF-1C\\SYSTEM\\Stracta Softphone.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\IWPHONE\\FFF-36\\SYSTEM\\PhoneClub Softphone.EXE"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Documents and Settings\\ROSANE MATIELLO\\Meus documentos\\PROGRAMAS\\jre\\bin\\java.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\Gizmo5\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Gizmo5\\Gizmo5.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [13/04/2009 21:25 30504]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/04/2008 20:32 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/04/2008 20:32 108552]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [29/08/2008 22:07 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [31/08/2008 09:16 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [09/12/2009 00:12 54752]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [16/07/2007 15:15 53800]

R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\arquivos de programas\HWiNFO32\HWiNFO32.SYS [04/06/2006 09:13 7040]

S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [13/07/2007 22:42 152832]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

S3 ISDBAlpsBDA;ISDB-T Alps Nim receiver;c:\windows\system32\drivers\ISDBAlpsBDA.sys [17/05/2009 17:02 61184]

--- =Outros Serviços/Drivers Na Memória ---

NewlyCreated - BONJOUR_SERVICE

.

------- Scan Suplementar -------

.

uStart Page = hxxp://webmail.oi.com.br/mail/login.php?url=%2fmail%2fmailbox.php%3fmailbox%3dinbox%26amp%3bhorde%3demijkloobchd1059ciibkl1bm6%26amp%3bnocache%3d610ks1jew2bs

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Mozilla\Firefox\Profiles\9byp2vpo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?hl=pt-BR&shva=1#inbox|http://www.google.com/calendar/render?tab=mc

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\documents and settings\ROSANE MATIELLO\Dados de aplicativos\Mozilla\Firefox\Profiles\9byp2vpo.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-09 22:27

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1177238915-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D038CA73-CBA2-403E-F227-D152AE7657DD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaambfipeilccmekgiodmifadhilpl"=hex:61,69,63,6b,6c,66,6d,69,6f,62,64,6a,69,6d,

66,64,6c,6a,69,6a,61,6d,64,6b,6f,64,70,61,61,69,66,6b,62,70,6a,6a,70,62,64,\

"iadldgofonaaaphkhf"=hex:6a,61,69,6c,6c,61,66,65,65,68,68,6d,68,62,68,61,6f,61,

6d,6e,00,00

"hanmnmbmhmjeckpp"=hex:6a,61,68,6c,66,62,70,61,6e,62,6e,6a,6b,70,61,6f,6b,6e,

69,64,00,d7

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\command]

@="c:\\ARQUIV~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\ddeexec]

@="\"%1\",,0,0,,,,"

"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\ddeexec\Application]

@="Firefox"

[HKEY_LOCAL_MACHINE\software\Classes\BàeBú¿êÿ_auto_file*\shell\open\ddeexec\Topic]

@="WWW_OpenURL"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\open]

@="Abrir com o Adobe Photoshop Album Starter Edition 3.0"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\open\command]

@="\"c:\\Arquivos de programas\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\ComponentLauncher.exe\" module=jpegviewer bg params \"filepath=%1\""

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\preview]

@="Visualizar"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\preview\command]

@="\"c:\\Arquivos de programas\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\ComponentLauncher.exe\" module=jpegviewer bg params \"filepath=%1\""

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\print]

@="Imprimir"

[HKEY_LOCAL_MACHINE\software\Classes\LwˆS 2c´êxÿ_auto_file\shell\print\command]

@="\"c:\\Arquivos de programas\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\ComponentLauncher.exe\" module=jpegviewer bg params \"print\" \"filepath=%1\""

[HKEY_LOCAL_MACHINE\software\Classes\Lw8o ÿÿÿÿ$_auto_file*\shell\open\command]

@="\"c:\\Documents and Settings\\ROSANE MATIELLO\\Meus documentos\\PROGRAMAS\\Adobe Reader 9.lnk\" %1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-12-09 22:28:51

ComboFix-quarantined-files.txt 2009-12-10 00:28

ComboFix2.txt 2009-12-09 23:46

Pré-execução: 34 pasta(s) 38.601.646.080 bytes disponíveis

Pós execução: 35 pasta(s) 38.582.779.904 bytes disponíveis

• - End Of File - - EEDD37FDD0FD8781C73CED014C4D9FA4

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:29:53, on 09/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe

C:\Arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWASER.EXE

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWAgent.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Gizmo5\mDNSResponder.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.oi.com.br/mail/login.php?url=%2fmail%2fmailbox.php%3fmailbox%3dinbox%26amp%3bhorde%3demijkloobchd1059ciibkl1bm6%26amp%3bnocache%3d610ks1jew2bs

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NSLauncher] C:\Arquivos de programas\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [NSeries.PCSync] C:\Arquivos de programas\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [Gizmo5] C:\Arquivos de programas\Gizmo5\Gizmo5.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Arquivos de programas\Gizmo5\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Arquivos de programas\Arquivos comuns\MicroWorld\Agent\MWASER.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 11063 bytes

OK...log limpo.

1.

*Clique em [iniciar] > [Executar] > digite: combofix /uninstall

*Clique [OK]

/applications/core/interface/imageproxy/imageproxy.php?img=http://h.imagehost.org/0248/92674490.jpg&key=d7625160bdb4f34fddfbe12b72891b63b90fddb13f504a329efcb0a689cdc439" alt="92674490.jpg" />

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imagehost.org/0920/CF4.jpg&key=e72d796da863382e61749df27f44c4ed88d189a30794819f7bf5b25690e4ba54" alt="CF4.jpg" />

*Clique [OK]

*Delete o arquivo C:\combofix.txt

2.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

*Feche o hijack

3.

*Faça o download e instale o CCleaner

*Abra o programa e na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

Um abraço e um Feliz Natal.

Não estou achando esta parte no ccleaner

*Abra o programa e na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

Obs:Como estava o pc?Muitos vírus?

Obrigado pela ajuda

>
Não estou achando esta parte no ccleaner

*Abra o programa e na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

Tudo bem...não há problema.

Obs:Como estava o pc?Muitos vírus?

Um pouquinho... :natal_smile:

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.