Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

CrBonet

[Resolvido!] O pc anda travando mto, do nada.

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

CrBonet    0

CrBonet
Postado

Logfile of HijackThis v1.99.1

Scan saved at 12:01:28, on 13/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe

C:\HijackThis.exe

C:\DOCUME~1\RICARD~1\CONFIG~1\Temp\jre-6u3-windows-i586-p-iftw_2cd32978.exe

C:\WINDOWS\system32\msiexec.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB6A5DA-2F02-435C-A6D1-84075DEAC642}: NameServer = 200.248.67.130,200.248.67.136

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

 

 

Obrigado!!!!!!!!!!!!!!!!!!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde CrBonet!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

CrBonet    0

CrBonet
Postado

Cara, eu fiz o q você falou, soh q qdo tava finalizando a execução do Combo Fix, ele reinicia o PC, acho q num deu, tentei duas vezes e deu a mesma coisa. Tah ai o relatório:

 

 

ComboFix 07-10-21.1** - Ricardo Medina 2007-10-29 16:24:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.164 [GMT -2:00]

Executando de: C:\Documents and Settings\Ricardo Medina\Desktop\ComboFix.exe

.

 

 

 

LOG DO HJT

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:38, on 2007-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GetTube Update] C:\Arquivos de programas\GetTube\liveupdate.exe /m

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB6A5DA-2F02-435C-A6D1-84075DEAC642}: NameServer = 200.248.67.130,200.248.67.136

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 10393 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde CrBonet!

 

>@< Como o ComboFix,não está rodando,baixe o DiagHelp.

>@< Esta,é uma ferramenta de diagnóstico...mas sem a opção de fix automático,tal como ocorre com o ComboFix.

_____________________

 

>@< Faça o download do DiagHelp.

>@< Salve-o no Disco Local-C.

>@< Descompacte a ferramenta e abra a pasta DiagHelp.

>@< Dê um duplo clique em go.cmd

>@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter.

>@< Aperte Enter novamente!(...ou,qualquer tecla! )

>@< Aguarde o término da análise!

>@< Terminando,feche o programa e copie/cole o relatório ( C:\resultat.txt ),na sua resposta.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

CrBonet    0

CrBonet
Postado

Olá, tudo bem?

Bom, fiz tudo o q você mandou e ai vai o relatório

 

 

 

DiagHelp version v1.3 - http://www.malekal.com

excute le 2007-10-22 à 23:24:12.17

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-29B1D69D.pf -->2007-11-14 23:06:47

C:\WINDOWS\prefetch\USNSVC.EXE-0CA4A2EA.pf -->2007-11-14 23:06:23

C:\WINDOWS\prefetch\IEXPLORE.EXE-2B53DE18.pf -->2007-11-14 23:06:05

C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2007-11-14 23:03:30

C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2007-11-14 23:03:30

C:\WINDOWS\prefetch\WMIAPSRV.EXE-1E2270A5.pf -->2007-11-14 23:03:30

C:\WINDOWS\prefetch\SKYPEPM.EXE-1D0B78E9.pf -->2007-11-14 23:03:30

C:\WINDOWS\prefetch\SETUP.OVR-164F764D.pf -->2007-11-14 23:03:30

C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf -->2007-11-14 23:03:30

C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf -->2007-11-14 23:03:28

 

C:\WINDOWS\System32\drivers\aswmon.sys -->2007-09-06 08:05:25

C:\WINDOWS\System32\drivers\aswmon2.sys -->2007-09-06 08:05:10

C:\WINDOWS\System32\drivers\aswRdr.sys -->2007-09-06 08:03:02

C:\WINDOWS\System32\drivers\aswTdi.sys -->2007-09-06 08:02:20

C:\WINDOWS\System32\drivers\aavmker4.sys -->2007-09-06 08:00:53

C:\WINDOWS\System32\drivers\nv4_mini.sys -->2006-10-22 13:22:00

C:\WINDOWS\System32\drivers\usbintel.sys -->2006-02-10 12:08:30

 

C:\WINDOWS\System32\PerfStringBackup.INI -->2007-11-13 19:07:58

C:\WINDOWS\System32\perfh016.dat -->2007-11-13 19:07:58

C:\WINDOWS\System32\perfh009.dat -->2007-11-13 19:07:58

C:\WINDOWS\System32\perfc016.dat -->2007-11-13 19:07:58

C:\WINDOWS\System32\perfc009.dat -->2007-11-13 19:07:58

C:\WINDOWS\System32\nvapps.xml -->2007-10-22 22:55:26

C:\WINDOWS\System32\wpa.dbl -->2007-10-22 11:50:42

C:\WINDOWS\System32\FNTCACHE.DAT -->2007-09-25 12:45:31

C:\WINDOWS\System32\jupdate-1.6.0_02-b06.log -->2007-09-18 22:34:49

C:\WINDOWS\System32\jupdate-1.5.0_03-b07.log -->2007-09-18 22:09:08

C:\WINDOWS\System32\nscompat.tlb -->2007-09-18 21:38:22

C:\WINDOWS\System32\amcompat.tlb -->2007-09-18 21:38:22

C:\WINDOWS\System32\wbocx.ocx -->2007-09-18 21:16:31

C:\WINDOWS\System32\wbhelp2.dll -->2007-09-18 21:16:31

C:\WINDOWS\System32\AniGIF.ocx -->2007-09-18 21:16:31

C:\WINDOWS\System32\CONFIG.NT -->2007-09-18 20:32:50

C:\WINDOWS\System32\oemlogo.bmp -->2007-09-18 19:54:24

C:\WINDOWS\System32\oeminfo.ini -->2007-09-18 19:52:37

C:\WINDOWS\System32\$winnt$.inf -->2007-09-18 19:25:40

C:\WINDOWS\System32\WindowsLogon.manifest -->2007-09-18 19:21:44

C:\WINDOWS\System32\logonui.exe.manifest -->2007-09-18 19:21:44

C:\WINDOWS\System32\wuaucpl.cpl.manifest -->2007-09-18 19:21:37

C:\WINDOWS\System32\sapi.cpl.manifest -->2007-09-18 19:21:37

C:\WINDOWS\System32\nwc.cpl.manifest -->2007-09-18 19:21:37

C:\WINDOWS\System32\ncpa.cpl.manifest -->2007-09-18 19:21:37

 

C:\WINDOWS\wmsetup.log -->2007-11-14 13:18:34

C:\WINDOWS\setupapi.log -->2007-10-29 09:56:47

C:\WINDOWS\win.ini -->2007-10-25 18:45:22

C:\WINDOWS\WindowsUpdate.log -->2007-10-22 23:02:12

C:\WINDOWS.log -->2007-10-22 22:55:57

C:\WINDOWS\wiadebug.log -->2007-10-22 22:55:41

C:\WINDOWS\wiaservc.log -->2007-10-22 22:55:40

C:\WINDOWS\bootstat.dat -->2007-10-22 22:55:09

C:\WINDOWS\SchedLgU.Txt -->2007-10-22 19:01:19

C:\WINDOWS\NeroDigital.ini -->2007-10-21 23:18:02

C:\WINDOWS\catchme.exe -->2007-10-20 06:03:30

C:\WINDOWS\system.ini -->2007-10-10 22:01:05

C:\WINDOWS\PaltalkScene Setup Log.txt -->2007-09-23 23:08:22

C:\WINDOWS\Paltalk Messenger Setup Log.txt -->2007-09-23 23:02:58

C:\WINDOWS\WININIT.INI -->2007-09-20 22:18:45

 

 

MD5 des fichiers sensibles

tcpip.sys 5562cc0a47b2aef06d3417b733f3c195

ndis.sys 558635d3af1c7546d26067d5d9b6959e

null.sys 73c1e1f395918bc2c6dd67af7591a3ad

svchost.exe 5de3e7b6f7624552f2f06664f110820d

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1552

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x76fb0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77030000 0xcd000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x074a0000 0x13000 10.00.0000.3802 C:\ARQUIV~1\WINDOW~2\wmpband.dll

0x76b00000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d1e0000 0x2b2000 3.00.3790.2180 C:\WINDOWS\system32\msi.dll

0x10000000 0xa9000 3.06.0003.0008 C:\Arquivos de programas\GbPlugin\gbieh.dll

0x016b0000 0x27000 1.00.0004.0005 C:\Arquivos de programas\Scpad\scpLIB.dll

0x017f0000 0x49000 1.00.0009.0000 C:\Arquivos de programas\Scpad\scpMIB.dll

0x016f0000 0x8000 1.00.0003.0000 C:\Arquivos de programas\Scpad\sshib.dll

0x52330000 0xd000 8.05.0005.0004 C:\Arquivos de programas\DAP\DAPIEMonitor.dll

0x6c370000 0xf2000 6.00.8665.0000 C:\Arquivos de programas\DAP\MFC42.DLL

0x76050000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x61e40000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x62830000 0x51000 8.00.0000.9044 C:\Arquivos de programas\BrOffice.org 2.0\program\shlxthdl.dll

0x60ad0000 0x18000 8.00.0000.9044 C:\Arquivos de programas\BrOffice.org 2.0\program\uwinapi.dll

0x640f0000 0x56000 7.10.3052.0004 C:\Arquivos de programas\BrOffice.org 2.0\program\MSVCR71.dll

0x62390000 0x8e000 4.05.2003.0120 C:\Arquivos de programas\BrOffice.org 2.0\program\stlport_vc7145.dll

0x64160000 0x7b000 7.10.3077.0000 C:\Arquivos de programas\BrOffice.org 2.0\program\MSVCP71.dll

0x01220000 0x1c000 7.00.0000.0000 C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

0x01410000 0xd000 7.00.0009.0050 C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

0x02b00000 0x26000 9.00.0002.0000 C:\Arquivos de programas\Scpad\scpsssh2.dll

0x02b30000 0xd5000 1.04.0000.0000 C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

0x74610000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x02d70000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x325c0000 0x12000 11.00.5510.0000 C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

0x60a70000 0xe000 3.00.3790.2180 C:\WINDOWS\system32\MSISIP.DLL

0x74e60000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll

0x59130000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshPTB.DLL

0x36d30000 0x19000 11.00.5510.0000 C:\ARQUIV~1\MICROS~2\OFFICE11\MCPS.DLL

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 688

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe

0x74610000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x10000000 0xa9000 3.06.0003.0008 C:\Arquivos de programas\GbPlugin\gbieh.dll

0x776f0000 0x41000 2001.12.4414.0308 C:\WINDOWS\system32\ES.DLL

0x77030000 0xcd000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76fb0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

 

 

O volume na unidade C é SISTEMA

O número de série do volume é 3012-07F8

 

Pasta de C:\WINDOWS\system32

 

2004-08-04 01:45 6,144 csrss.exe

1 arquivo(s) 6,144 bytes

0 pasta(s) 13,601,886,208 bytes disponíveis

 

Contenu de Downloaded Program Files

O volume na unidade C é SISTEMA

O número de série do volume é 3012-07F8

 

Pasta de C:\WINDOWS\Downloaded Program Files

 

2007-10-29 09:56 <DIR> .

2007-10-29 09:56 <DIR> ..

2007-09-18 19:21 65 desktop.ini

2007-07-26 17:03 214 DivXPlugin.inf

2007-08-08 15:47 65,352 gbpdist.dll

2007-07-27 18:13 248 gbpdist.inf

2007-01-07 12:55 2,305 kavwebscan.inf

2007-03-28 08:58 696 scpsssh2.inf

2007-06-11 13:21 5,021 swflash.inf

7 arquivo(s) 73,901 bytes

 

Total de arquivos na lista:

7 arquivo(s) 73,901 bytes

2 pasta(s) 13,601,882,112 bytes disponíveis

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

C:\Arquivos de programas\Advert présent! Possible infection : lop.com

 

Export des clefs sensibles..

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

 

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

"{A3717295-941D-416F-9384-ED1736729F1C}"="scpLIB"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

"DisableStatusMessages"=dword:00000000

"VerboseStatus"=dword:00000000

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-22 23:24:28

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

276 - IEXPLORE.EXE

400 - paltalk.exe

552 - soffice.bin

664 - csrss.exe

688 - winlogon.exe

732 - services.exe

744 - lsass.exe

900 - svchost.exe

976 - svchost.exe

1020 - nvsvc32.exe

1060 - svchost.exe

1092 - msnmsgr.exe

1096 - usnsvc.exe

1136 - PAStiSvc.exe

1168 - svchost.exe

1196 - svchost.exe

1272 - IEXPLORE.EXE

1456 - ashServ.exe

1552 - explorer.exe

1700 - ashDisp.exe

1768 - DAP.exe

1836 - cmd.exe

1848 - ctfmon.exe

1864 - msnmsgr.exe

1892 - mssysmgr.exe

2004 - gbpsv.exe

2180 - ashMaiSv.exe

2204 - ashWebSv.exe

3084 - alg.exe

3752 - IEXPLORE.EXE

3784 - wmiapsrv.exe

-268374285 - óî --[Hidden]--

 

Total number of processes = 33

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806CF000 - \WINDOWS\system32\hal.dll

F8B65000 - \WINDOWS\system32\KDCOM.DLL

F8A75000 - \WINDOWS\system32\BOOTVID.dll

F8536000 - ACPI.sys

F8B67000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F8525000 - pci.sys

F8665000 - isapnp.sys

F8C2D000 - pciide.sys

F88E5000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F8675000 - MountMgr.sys

F8506000 - ftdisk.sys

F8B69000 - dmload.sys

F84E0000 - dmio.sys

F88ED000 - PartMgr.sys

F8685000 - VolSnap.sys

F84C8000 - atapi.sys

F8695000 - disk.sys

F86A5000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F84A9000 - fltMgr.sys

F8497000 - sr.sys

F8480000 - KSecDD.sys

F83F3000 - Ntfs.sys

F83C6000 - NDIS.sys

F83AB000 - Mup.sys

F8815000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F8965000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F8352000 - \SystemRoot\system32\DRIVERS\serial.sys

F8B1D000 - \SystemRoot\system32\DRIVERS\serenum.sys

F896D000 - \SystemRoot\system32\DRIVERS\fdc.sys

F833E000 - \SystemRoot\system32\DRIVERS\parport.sys

F8825000 - \SystemRoot\system32\DRIVERS\imapi.sys

F8835000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F8845000 - \SystemRoot\system32\DRIVERS\redbook.sys

F831B000 - \SystemRoot\system32\DRIVERS\ks.sys

F82E5000 - \SystemRoot\system32\drivers\smwdm.sys

F82C1000 - \SystemRoot\system32\drivers\portcls.sys

F8855000 - \SystemRoot\system32\drivers\drmk.sys

F82A1000 - \SystemRoot\system32\drivers\aeaudio.sys

F8241000 - \SystemRoot\system32\drivers\senfilt.sys

F8975000 - \SystemRoot\system32\DRIVERS\usbohci.sys

F821E000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F897D000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F81FF000 - \SystemRoot\system32\DRIVERS\SiSGbeXP.sys

F7E2F000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys

F7E1B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F8865000 - \SystemRoot\system32\DRIVERS\processr.sys

F8D1C000 - \SystemRoot\system32\DRIVERS\audstub.sys

F8875000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F8B29000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F7E04000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F8885000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F8895000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F8985000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F7DF3000 - \SystemRoot\system32\DRIVERS\psched.sys

F88A5000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F898D000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F8995000 - \SystemRoot\system32\DRIVERS\raspti.sys

F7DC2000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F88B5000 - \SystemRoot\system32\DRIVERS\termdd.sys

F899D000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F8B79000 - \SystemRoot\system32\DRIVERS\swenum.sys

F7D66000 - \SystemRoot\system32\DRIVERS\update.sys

F8B45000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F88D5000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F86E5000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F8B7B000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F89BD000 - \SystemRoot\system32\DRIVERS\flpydisk.sys

F8B7D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F8C87000 - \SystemRoot\System32\Drivers\Null.SYS

F8B7F000 - \SystemRoot\System32\Drivers\Beep.SYS

F89CD000 - \SystemRoot\System32\drivers\vga.sys

F8B81000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F8B83000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F89D5000 - \SystemRoot\System32\Drivers\Msfs.SYS

F89DD000 - \SystemRoot\System32\Drivers\Npfs.SYS

F836F000 - \SystemRoot\system32\DRIVERS\rasacd.sys

F6B6B000 - \SystemRoot\system32\DRIVERS\ipsec.sys

F6B13000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F8705000 - \SystemRoot\System32\Drivers\aswTdi.SYS

F6AEB000 - \SystemRoot\system32\DRIVERS\netbt.sys

F6AC9000 - \SystemRoot\System32\drivers\afd.sys

F8715000 - \SystemRoot\system32\DRIVERS\netbios.sys

F6A9E000 - \SystemRoot\system32\DRIVERS\rdbss.sys

F6A2F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F8725000 - \SystemRoot\System32\Drivers\Fips.SYS

F6A0E000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F8735000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F89E5000 - \SystemRoot\system32\DRIVERS\sermouse.sys

F89F5000 - \SystemRoot\System32\Drivers\Aavmker4.SYS

F69BE000 - \SystemRoot\system32\DRIVERS\pfc027.sys

F8795000 - \SystemRoot\system32\DRIVERS\STREAM.SYS

F87A5000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F69A6000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F8B8D000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F7D9E000 - \SystemRoot\System32\drivers\Dxapi.sys

F8A0D000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

F8D97000 - \SystemRoot\System32\drivers\dxgthk.sys

BF012000 - \SystemRoot\System32\nv4_disp.dll

BA4F0000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

B9B6A000 - \SystemRoot\System32\Drivers\aswMon2.SYS

B976D000 - \SystemRoot\system32\drivers\wdmaud.sys

B9A02000 - \SystemRoot\system32\drivers\sysaudio.sys

B9406000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F8BA7000 - \SystemRoot\System32\Drivers\ParVdm.SYS

B9230000 - \SystemRoot\system32\DRIVERS\srv.sys

B90F0000 - \SystemRoot\System32\Drivers\aswRdr.SYS

B8F97000 - \SystemRoot\System32\Drivers\HTTP.sys

B74B3000 - \SystemRoot\system32\drivers\kmixer.sys

F8C09000 - \SystemRoot\system32\drivers\splitter.sys

F8D34000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 113

 

Liste des programmes installes

 

ActivationManager

Adobe Flash Player 9 ActiveX

Adobe Reader 7.0.9 - Português

Arquivo do WinRAR

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player 9 (KB911565)

Atualização de Segurança para Windows XP (KB883939)

Atualização de Segurança para Windows XP (KB890046)

Atualização de Segurança para Windows XP (KB893066)

Atualização de Segurança para Windows XP (KB893756)

Atualização de Segurança para Windows XP (KB896358)

Atualização de Segurança para Windows XP (KB896422)

Atualização de Segurança para Windows XP (KB896423)

Atualização de Segurança para Windows XP (KB896424)

Atualização de Segurança para Windows XP (KB896428)

Atualização de Segurança para Windows XP (KB896688)

Atualização de Segurança para Windows XP (KB899587)

Atualização de Segurança para Windows XP (KB899588)

Atualização de Segurança para Windows XP (KB899589)

Atualização de Segurança para Windows XP (KB899591)

Atualização de Segurança para Windows XP (KB900725)

Atualização de Segurança para Windows XP (KB901017)

Atualização de Segurança para Windows XP (KB901190)

Atualização de Segurança para Windows XP (KB901214)

Atualização de Segurança para Windows XP (KB902400)

Atualização de Segurança para Windows XP (KB903235)

Atualização de Segurança para Windows XP (KB904706)

Atualização de Segurança para Windows XP (KB905414)

Atualização de Segurança para Windows XP (KB905749)

Atualização de Segurança para Windows XP (KB905915)

Atualização de Segurança para Windows XP (KB908519)

Atualização de Segurança para Windows XP (KB911927)

Atualização de Segurança para Windows XP (KB912919)

Atualização de Segurança para Windows XP (KB913446)

Atualização para Windows XP (KB894391)

Atualização para Windows XP (KB896727)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB900930)

Atualização para Windows XP (KB910437)

avast! Antivirus

Barra de Ferramentas do Yahoo! com bloqueador de pop-up

BraZip 9.0

BrOffice.org 2.0

CamfrogWEB Advanced ActiveX Plugin (remove only)

CCleaner (remove only)

Delta Force

DivX Content Uploader

DivX Web Player

Download Accelerator Plus (DAP)

Drive Rescue 1.9

EasyRecovery Professional Edition

Extensão do HighMAT para o Assistente para Gravação em CD do Microsoft Windows XP

GetTube 2.0.09 - Download de áudio e vídeo

Google Toolbar for Internet Explorer

HijackThis 2.0.2

J2SE Runtime Environment 5.0 Update 3

Java 6 Update 2

K-Lite Mega Codec Pack 1.30

Kaspersky Online Scanner

LimeWire 4.14.10

Megaupload Toolbar

Messenger Plus! Live & Sponsor (CiD)

Microsoft Office Professional Edição 2003

Nero PhotoShow Express

Nero Suite

NVIDIA Drivers

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card

PaltalkScene

PC Inspector File Recovery

PowerDVD

Skype™ 3.5

SoundMAX

Spybot - Search & Destroy 1.4

The Sims

VideoCAM GE111

VideoCAM GE111

WebFldrs XP

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format Runtime

Windows Media Player 10

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB884020

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB887797

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893086

WinZip

Yahoo! Toolbar

 

 

 

O volume na unidade C é SISTEMA

O número de série do volume é 3012-07F8

 

Pasta de C:\Arquivos de programas

 

2007-10-28 22:57 <DIR> .

2007-10-28 22:57 <DIR> ..

2007-10-11 21:36 <DIR> ActivationManager

2007-09-18 20:50 <DIR> Adobe

2007-09-18 21:47 <DIR> Adverts

2007-09-18 20:58 <DIR> Ahead

2007-09-18 19:37 <DIR> Alwil Software

2007-09-18 20:10 <DIR> Analog Devices

2007-09-18 22:12 <DIR> Arquivos comuns

2007-09-20 22:41 <DIR> BraZip

2007-09-24 22:27 <DIR> BrOffice.org 2.0

2007-09-18 22:01 <DIR> CCleaner

2007-10-28 18:54 <DIR> CFWebAdvancedU

2007-09-18 19:19 <DIR> ComPlus Applications

2007-10-26 21:02 <DIR> Conference

2007-09-18 20:57 <DIR> CyberLink

2007-09-18 23:18 <DIR> DAP

2007-10-06 12:12 <DIR> DivX

2007-09-19 13:47 <DIR> Drive Rescue

2007-10-02 12:58 <DIR> GbPlugin

2007-10-29 03:05 <DIR> GetTube

2007-09-21 13:24 <DIR> Google

2007-09-18 19:58 <DIR> HighMAT CD Writing Wizard

2007-09-18 19:59 <DIR> Internet Explorer

2007-09-18 22:34 <DIR> Java

2007-09-18 21:50 <DIR> K-Lite Codec Pack

2007-10-05 18:38 <DIR> LimeWire

2007-10-10 23:15 <DIR> Maxis

2007-09-18 23:19 <DIR> MegauploadToolbar

2007-09-18 21:46 <DIR> Messenger Plus! Live

2007-09-18 19:23 <DIR> microsoft frontpage

2007-09-18 22:12 <DIR> Microsoft Office

2007-09-18 22:16 <DIR> Microsoft.NET

2007-09-18 19:20 <DIR> Movie Maker

2007-09-18 19:18 <DIR> MSN Gaming Zone

2007-09-18 21:46 <DIR> MSN Messenger

2007-09-18 20:59 <DIR> Nero

2007-09-18 19:20 <DIR> NetMeeting

2007-10-26 13:17 <DIR> NovaLogic

2007-09-20 22:18 <DIR> Ontrack

2007-09-18 19:54 <DIR> Outlook Express

2007-09-23 23:32 <DIR> Paltalk Messenger

2007-09-19 13:57 <DIR> PC Inspector File Recovery

2007-09-18 19:21 <DIR> Serviços on-line

2007-10-05 00:54 <DIR> Skype

2007-09-18 22:09 <DIR> Spybot - Search & Destroy

2007-09-18 21:11 <DIR> VideoCAM GE111

2007-09-18 21:46 <DIR> Windows Live

2007-09-18 21:38 <DIR> Windows Media Player

2007-09-18 19:18 <DIR> Windows NT

2007-10-06 10:11 <DIR> WinRAR

2007-09-18 21:19 <DIR> WinZip

2007-09-18 19:23 <DIR> xerox

2007-09-18 22:01 <DIR> Yahoo!

0 arquivo(s) 0 bytes

54 pasta(s) 13,601,738,752 bytes disponíveis

O volume na unidade C é SISTEMA

O número de série do volume é 3012-07F8

 

Pasta de C:\

 

2004-12-29 03:57 17,505 DBI.EXE

1 arquivo(s) 17,505 bytes

0 pasta(s) 13,601,738,752 bytes disponíveis

 

 

 

 

c:\Documents and Settings\Ricardo Medina\Dados de aplicativos\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe

c:\Documents and Settings\Ricardo Medina\Dados de aplicativos\MegauploadToolbar\megauper.exe

c:\Documents and Settings\Ricardo Medina\Desktop\ComboFix.exe

 

****** Fin du rapport DiagHelp

 

Veuillez svp envoyer le fichier C:\upload_moi_PESSOAL.tar.gz a l'adresse http://upload.malekal.com

 

 

 

MUITO OBRIGADO ATÉ AKI

Continuo no aguardo de nova resposta!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite CrBonet!

 

Recherche d'infections connues

C:\Arquivos de programas\Advert présent! Possible infection : lop.com

>@< Desinstale: Advert.

_____________________

 

>@< Faça o download do FindLop.

>@< Descompacte o programa e envie os arquivos,para uma pasta própria: < C:\FindLop.exe >

>@< Mas,não execute-o ainda!

>@< Faça o download do Lop Uninstaller.

>@< Caso o AntiVírus,acuse a ferramenta como Malware,ignore o aviso e permita a sua execução.

>@< Caso o navegador dificulte o download,coloque: < http://lop.com >,como Site Preferencial.

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares.

>@< Execute o desinstalador!Digite os números e confirme!

>@< Ps: Não sendo possível,rodar o desinstalador,siga apenas com o FindLop.

>@< Execute,agora,o findlop.bat

>@< Será gerado um relatório ( findlop.txt ) no Disco Local-C.

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

>@< Poste,também,o relatório [ findlop.txt ] que está em C:\xxx..

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

CrBonet    0

CrBonet
Postado

PRONTO, FEITO O Q você FALOU

 

 

>>>>>>>>findlop<<<<<<<<<<<<

[TRACE] Enumerating jobs and queues

 

 

 

>>>>>>>>HJT<<<<<<<<<<<<

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48, on 2007-10-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Arquivos de programas\ActivationManager\ActivationManager.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GetTube Update] C:\Arquivos de programas\GetTube\liveupdate.exe /m

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB6A5DA-2F02-435C-A6D1-84075DEAC642}: NameServer = 200.248.67.130,200.248.67.136

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 9834 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde CrBonet!

 

>@< Esses travamentos,estão associados à conflitos de programas,quando na inicialização do SO.

>@< Procure desabilitar ítens,não essenciais,na inicialização!

 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

>@< Esta entrada,no Log,indica o problema!

>@< Procure atentar,também,para periféricos conectados na entrada USB.

_________________________

 

>@< Caso queira,faça um escaneamento,OnLine,em Kaspersky e poste o relatório.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

CrBonet    0

CrBonet
Postado

Ola maninho, tudo bem???

você falou q o problema eh akela entrada neh??

Mas como faço pra apagá-la??

 

Fiz o scaneamento q você falou, ta ai o resultado

Obrigadão pelo q tem feito

Abraços

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, October 26, 2007 11:16:38 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 27/10/2007

Kaspersky Anti-Virus database records: 446786

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

 

Scan Statistics:

Total number of scanned objects: 58912

Number of viruses found: 3

Number of infected objects: 3

Number of suspicious objects: 0

Duration of the scan process: 01:09:06

 

Infected Object Name / Virus Name / Last Action

C:\Arquivos de programas\ActivationManager\ActivationManager.dll Infected: not-a-virus:AdWare.Win32.BHO.de skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Arquivos de programas\Alwil Software\Avast4\DATA\report\Proteção residente.txt Object is locked skipped

C:\Arquivos de programas\DAP\History\Ricardo Medina\_lasthist.dat Object is locked skipped

C:\Arquivos de programas\DAP\Log\DAP_REPORT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temp\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Messenger\crbonet_21@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Messenger\crbonet_21@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Messenger\crbonet_21@hotmail.com\SharingMetadata\Working\database_830_1213_3012_7F8\dfsr.db Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Messenger\crbonet_21@hotmail.com\SharingMetadata\Working\database_830_1213_3012_7F8\tmp.edb Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\crbonet_21@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\crbonet_21@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Histórico\History.IE5\MSHist012007102620071027\index.dat Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Temp\~DF9E71.tmp Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Temp\~DF9E96.tmp Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Temp\~DFC925.tmp Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Temp\~DFE0F6.tmp Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Ricardo Medina\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Ricardo Medina\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Ricardo Medina\NTUSER.DAT.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{053FD5F4-32BF-453E-919A-36A1646F476D}\RP100\change.log Object is locked skipped

C:\System Volume Information\_restore{053FD5F4-32BF-453E-919A-36A1646F476D}\RP57\A0001850.exe Infected: not-a-virus:RiskTool.Win32.Reboot.e skipped

C:\WINDOWS\CSC000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_588.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\My Completed Downloads\uninstall.exe Infected: Trojan.Win32.Obfuscated.en skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde CrBonet!

 

Ola maninho, tudo bem???

você falou q o problema eh akela entrada neh??

Mas como faço pra apagá-la??

>@< Aquela entrada,não é a causa do problema!É apenas um indicador de conflitos,na inicialização.

_______________

 

>@< Desinstale: C:\Arquivos de programas\ActivationManager e,apague a pasta.

_______________

 

>@< Poste,na sua resposta,um nôvo Log do HijackThis.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

CrBonet    0

CrBonet
Postado

Ah, ok, entendi

Desinstalei o q você mandou!!!

 

Ta ai o novo LOG do HJT, espero q agora esteja tudo bem, naum tenho mais notado as travadas no IE.

Vlw

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:03, on 2007-10-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\BrOffice.org 2.0\program\soffice.BIN

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [GetTube Update] C:\Arquivos de programas\GetTube\liveupdate.exe /m

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\ARQUIV~1\Nero\data\Xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: BrOffice.org 2.0.lnk = C:\Arquivos de programas\BrOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FFB6A5DA-2F02-435C-A6D1-84075DEAC642}: NameServer = 200.248.67.130,200.248.67.136

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 10138 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite CrBonet!

 

Veuillez svp envoyer le fichier C:\upload_moi_PESSOAL.tar.gz a l'adresse http://upload.malekal.com

>@< Envie a Malekal,o ficheiro em destaque.

>@< Clique em Procurar,e coloque no campo,o caminho: C:\upload_moi_PESSOAL.tar.gz

>@< Clique em: Envoyer le fichier

>@< Isso,meu amigo,é uma contribuição à Malekal,no aperfeiçoamento de Antivírus e da ferramenta Clean.

______________________

 

>@< Apague o arquivo,em destaque: D:\My Completed Downloads\uninstall.exe

______________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< Apesar da indicação de conflito,ainda estar presente,o Log está Limpo!

>@< Bom trabalho!

 

Abraços! :thumbsup:

Compartilhar este post

Link para o post
Compartilhar em outros sites

jgarcia    1

jgarcia
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito