[Resolvido!]Trojans/Vírus/Spywares: Computador Lento.

[Visitante]

Olá.

 

Alguns programas Anti-Spywares/Anti-virus instalados em Meu Computador advertem a existência de alguns vírus/trojans/spywares ... Mas os mesmos, não o conseguem deletar.

Logo, o resultado tem aparecido, computador muuito lento, e alguns outros problemas diversos.

 

Aí vai o Log do HijackThis, espero a ajuda de vós.

Obrigado.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:32:19, on 19/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\SpywareGuard\sgmain.exe

C:\Arquivos de programas\SpywareGuard\sgbhp.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\K-Meleon\k-meleon.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: (no name) - {D82ED7D8-DAA1-484A-9717-EB4CEC3AF5B3} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [startup Manager] "C:\Arquivos de programas\Advanced System Optimizer\startUp manager.exe"

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - Startup: HDD temperature.lnk = C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

O4 - Global Startup: Orbit.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: ZKleener internet activity cleaner - {1AD44482-877F-4AC5-9D61-DDB39668A198} - C:\ARQUIV~1\ZKleener\Data\Lib\ZKIExBtn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F245BBD-08BF-4D24-91FF-AB540F0E2F0D}: NameServer = 200.184.26.3,200.184.26.4

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: gebcy - C:\WINDOWS\

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - --------------------------"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - --------------------------"C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[DigRam 144]

Boa Noite Gustavo Warich!

 

Aparentemente,tudo Ok,com o Log!

____________________

 

>@< Faça um escaneamento OnLine,pelo Panda.

>@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido.

>@< Digite o seu E-Mail.

>@< Marque o botão:Não desejo receber informações...

>@< Clique em: Pesquise agora,sem custos.Aguarde!

>@< Permita a instalação do Active X.

>@< Ps: Para quem possui o Avast,surgirá um alerta de malware,que deverá ser ignorado!

>@< Recomendo que seja desabilitada,a proteção residente do Avast,ao executar o Activescan.

>@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva!

>@< Terminando e,em: Selecione um dispositivo para analisar...

>@< Escolha: O Meu Computador.

>@< Aguarde!Pois vai demorar um pouco para concluir o scan.

>@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado.

 

Abraços!

[Visitante]

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:44:28, on 19/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

C:\Arquivos de programas\SpywareGuard\sgmain.exe

C:\Arquivos de programas\SpywareGuard\sgbhp.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\K-Meleon\k-meleon.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Arquivos de programas\SpywareGuard\dlprotect.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: (no name) - {D82ED7D8-DAA1-484A-9717-EB4CEC3AF5B3} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: HDD temperature.lnk = C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

O4 - Startup: SpywareGuard.lnk = C:\Arquivos de programas\SpywareGuard\sgmain.exe

O4 - Global Startup: Orbit.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: ZKleener internet activity cleaner - {1AD44482-877F-4AC5-9D61-DDB39668A198} - C:\ARQUIV~1\ZKleener\Data\Lib\ZKIExBtn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F245BBD-08BF-4D24-91FF-AB540F0E2F0D}: NameServer = 200.184.26.3,200.184.26.4

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: gebcy - C:\WINDOWS\

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - --------------------------"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - --------------------------"C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe" (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 10047 bytes

 

 

 

 

Panda Antivirus

 

 

Incidência Estado Localização

 

Spyware:Cookie/Com.com Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.uol.com.br/]

Spyware:Cookie/Overture Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.overture.com/]

Spyware:Cookie/Adtech Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.adtech.de/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.atdmt.com/]

Spyware:Cookie/Mediaplex Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.mediaplex.com/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.doubleclick.net/]

Spyware:Cookie/WUpd Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.revenue.net/]

Spyware:Cookie/Searchportal Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[searchportal.information.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.ig.com.br/]

Spyware:Cookie/Zedo Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.zedo.com/]

Spyware:Cookie/FastClick Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.fastclick.net/]

Spyware:Cookie/Adserver Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.adserver.easyad.info/]

Spyware:Cookie/Com.com Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.terra.com.br/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Server.iad.Liveperson Não desinfectado C:\Arquivos de programas\K-Meleon\Profiles\default\sokquxr1.slt\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Administrador\Dados de aplicativos\Netscape\Navigator\Profiles\npzpti4d.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Gustavo\Cookies\gustavo@acesso.uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Gustavo\Cookies\gustavo@ig.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Gustavo\Cookies\gustavo@uol.com[1].txt

Spyware:Cookie/YieldManager Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.ig.com.br/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.uol.com.br/]

Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Overture Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.overture.com/]

Spyware:Cookie/onestat.com Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[stat.onestat.com/]

Spyware:Cookie/Adtech Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Azjmp Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.azjmp.com/]

Spyware:Cookie/adultfriendfinder Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Atwola Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Mediaplex Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/FastClick Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Tribalfusion Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.terra.com.br/]

Spyware:Cookie/SexList Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/Tradedoubler Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/bravenetA Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\Gustavo\Dados de aplicativos\Netscape\Navigator\Profiles\2q0vm6qf.default\cookies.txt[.statcounter.com/]

Ferramenta potencialmente indesejada:Application/Ardamax Não desinfectado C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@acesso.uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@acesso.uol.com[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@acesso.uol.com[3].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@acesso.uol.com[4].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@de.uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@de.uol.com[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@de.uol.com[3].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@de.uol.com[4].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@de.uol.com[5].txt

Spyware:Cookie/Searchportal Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@searchportal.information[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@uol.com[1].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@uol.com[2].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@uol.com[3].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@uol.com[4].txt

Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Luana\Desktop\Meus Documentos\Cookies\luana@uol.com[5].txt

Hacktool:HackTool/EvID Não desinfectado C:\Downloads\EvID4226Patch223d-en.zip[EvID4226Patch.exe]

Hacktool:Rootkit/Agent.HRG Não desinfectado C:\WINDOWS\system32\drivers\Wryy75.sys

 

 

PS:. Essa infecção Hacktool:Rootkit/Agent.HRG Não desinfectado C:\WINDOWS\system32\drivers\Wryy75.sys é uma das que eu citei no Tópico, o AVG a acha, mas não consegue elimina-la.

 

Abraço.

[DigRam 144]

Bom Dia Gustavo Warich!

 

PS:. Essa infecção Hacktool:Rootkit/Agent.HRG Não desinfectado C:\WINDOWS\system32\drivers\Wryy75.sys é uma das que eu citei no Tópico, o AVG a acha, mas não consegue elimina-la.

>@< O AVG,foi executado em Modo Seguro?

______________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

>@< Poste,então: Relatório do BitDefender.

 

 

Abraços!

[Visitante]

QUOTE

PS:. Essa infecção Hacktool:Rootkit/Agent.HRG Não desinfectado C:\WINDOWS\system32\drivers\Wryy75.sys é uma das que eu citei no Tópico, o AVG a acha, mas não consegue elimina-la.

 

>@< O AVG,foi executado em Modo Seguro?

 

Sim, o mesmo aconteceu com o Spybot, e ele também não conseguiu eliminar algumas pragas mesmo em modo seguro.

 

 

 

Scan path: C:\;D:\;

 

  Statistics

 

Time 01:16:50

Files 179955

Folders 6294

Boot Sectors 2

Archives 1784

Packed Files 6668

  

Results

Identified Viruses 5

Infected Files 10

Suspect Files 0

Warnings 0

Disinfected 0

Deleted Files 10

  

Engines Info

Virus Definitions 892208

Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins 14

Archive plugins 38

Unpack plugins 7

E-mail plugins 6

System plugins 1

  

Scan Settings

First Action Disinfect

Second Action Delete

Heuristics Yes

Enable Warnings Yes

Scanned Extensions *;

Exclude Extensions  

Scan Emails Yes

Scan Archives Yes

Scan Packed Yes

Scan Files Yes

Scan Boot Yes

 

Scanned File Status

 

C:\$VAULT$.AVG\01925781.FIL Infected with: Trojan.Srizbi.T

C:\$VAULT$.AVG\01925781.FIL Disinfection failed

C:\$VAULT$.AVG\01925781.FIL Deleted

C:\$VAULT$.AVG\02418640.FIL Infected with: Trojan.Srizbi.T

C:\$VAULT$.AVG\02418640.FIL Disinfection failed

C:\$VAULT$.AVG\02418640.FIL Deleted

C:\$VAULT$.AVG\03160984.FIL Infected with: Trojan.Srizbi.T

C:\$VAULT$.AVG\03160984.FIL Disinfection failed

C:\$VAULT$.AVG\03160984.FIL Deleted

C:\$VAULT$.AVG\03885656.FIL Infected with: Trojan.Srizbi.T

C:\$VAULT$.AVG\03885656.FIL Disinfection failed

C:\$VAULT$.AVG\03885656.FIL Deleted

C:\Arquivos de programas\ZKleener\Repair\Repair.exe Infected with: Trojan.Generic.69195

C:\Arquivos de programas\ZKleener\Repair\Repair.exe Disinfection failed

C:\Arquivos de programas\ZKleener\Repair\Repair.exe Deleted

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)=>lzma_solid_nsis0006 Infected with: Backdoor.Bifrose.D

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)=>lzma_solid_nsis0006 Disinfection failed

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)=>lzma_solid_nsis0006 Deleted

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o) Update failed

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP107\A0046846.exe Infected with: DeepScan:Generic.Zlob.7.1FED44BB

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP107\A0046846.exe Disinfection failed

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP107\A0046846.exe Deleted

:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP133\A0065222.dll Infected with: Trojan.Dloader.BUP

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP133\A0065222.dll Disinfection failed

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP133\A0065222.dll Deleted

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP167\A0094738.exe Infected with: Trojan.Generic.69195

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP167\A0094738.exe Disinfection failed

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP167\A0094738.exe Deleted

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP72\A0032507.exe Infected with: Trojan.Generic.69195

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP72\A0032507.exe Disinfection failed

C:\System Volume Information\_restore{6488C4AD-1609-4209-A303-56C493277895}\RP72\A0032507.exe Deleted

[DigRam 144]

Bom Dia Gustavo Warich!

 

>@< Desinstale: < SpywareGuard > @ À seguir,reinicie o computador!

_______________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta! Ps: Execute-a em Modo de Segurança!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Evite tocar no mouse ou teclado!

_______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[Visitante]

ComboFix

 

ComboFix 08-01-20.1 - Gustavo 2008-01-20 14:50:02.2 - NTFSx86 MINIMAL

Executando de: C:\Documents and Settings\Gustavo\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\temp\tn3

C:\WINDOWS\system32\drivers\symavc32.sys

C:\WINDOWS\system32\drivers\WRYY75.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_NPF

-------\LEGACY_SYMAVC32

-------\LEGACY_WRYY75

-------\NPF

 

 

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-20 to 2008-01-20 ))))))))))))))))))))))))))))))))

.

 

2008-01-20 14:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-20 01:51 . 2008-01-20 03:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-01-19 22:42 . 2008-01-19 22:44 <DIR> d-------- C:\HijackThis

2008-01-19 21:43 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-01-19 21:20 . 2008-01-19 22:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-19 21:20 . 2008-01-19 21:36 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-19 21:20 . 2008-01-19 21:36 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-19 21:20 . 2008-01-19 21:36 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-19 19:52 . 2005-04-06 11:30 26,752 --a------ C:\WINDOWS\system32\drivers\ipfnd51.sys

2008-01-19 15:31 . 2008-01-19 22:43 <DIR> d-------- C:\Hijack

2008-01-18 21:45 . 2008-01-19 21:56 <DIR> d-------- C:\Arquivos de programas\RamBooster 2.0

2008-01-18 13:47 . 2008-01-18 13:47 29 --a------ C:\WINDOWS\system32\rqrepapo.tmp

2008-01-18 13:45 . 2008-01-18 13:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-01-17 21:08 . 2008-01-17 21:08 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-01-15 19:48 . 2008-01-18 19:38 <DIR> d-------- C:\Documents and Settings\Luana\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-01-15 16:27 . 2008-01-15 16:27 <DIR> d-------- C:\Arquivos de programas\AusLogics Registry Defrag

2008-01-15 12:44 . 2008-01-15 12:44 <DIR> d-------- C:\Arquivos de programas\PalickSoft

2008-01-15 12:10 . 2008-01-20 14:02 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\MegauploadToolbar

2008-01-15 12:10 . 2008-01-19 21:54 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-01-14 20:45 . 2008-01-15 11:51 <DIR> d-------- C:\Arquivos de programas\The Cleaner Free

2008-01-14 20:45 . 2008-01-14 20:45 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys

2008-01-14 12:10 . 2008-01-14 12:10 4 --a------ C:\WINDOWSRegDefrag.dat

2008-01-12 00:16 . 2008-01-12 00:58 <DIR> d-------- C:\Arquivos de programas\Tibia Auto

2008-01-11 19:13 . 2008-01-11 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-01-10 23:42 . 2008-01-10 23:42 <DIR> d-------- C:\Arquivos de programas\Ares

2008-01-10 17:47 . 2008-01-20 14:30 <DIR> d-------- C:\Arquivos de programas\SpywareGuard

2008-01-07 21:46 . 2008-01-15 14:28 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-07 21:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-01-07 18:00 . 2008-01-07 18:00 <DIR> d-------- C:\Documents and Settings\Luana\Dados de aplicativos\PC Tools

2008-01-06 01:15 . 2008-01-06 01:15 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-01-06 01:14 . 2008-01-16 14:07 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\Tibia

2008-01-06 01:13 . 2008-01-12 00:16 <DIR> d-------- C:\Arquivos de programas\Tibia2222

2007-12-22 15:46 . 2007-12-22 15:47 <DIR> d-------- C:\Arquivos de programas\TeraCopy

2007-12-22 15:41 . 2008-01-05 00:56 <DIR> d-------- C:\Arquivos de programas\KillSoft

2007-12-21 13:26 . 2007-12-21 13:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2007-12-21 13:26 . 2007-12-21 13:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2007-12-21 13:25 . 2007-12-21 13:25 <DIR> d-------- C:\Arquivos de programas\Nokia

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-20 16:39 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Orbit

2008-01-20 02:23 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\TeraCopy

2008-01-19 23:56 --------- d--h--w C:\Arquivos de programas\Scpad

2008-01-19 23:56 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2008-01-19 23:56 --------- d-----w C:\Arquivos de programas\SpeedBit Video Accelerator

2008-01-19 23:55 --------- d-----w C:\Arquivos de programas\PC Connectivity Solution

2008-01-19 23:55 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-01-19 23:54 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-01-19 23:52 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-19 23:45 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-01-19 18:38 --------- d-----w C:\Arquivos de programas\Valve

2008-01-19 00:03 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-01-18 22:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-01-18 21:51 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\AVG7

2008-01-17 23:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-01-17 17:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-01-17 17:09 200,704 ------w C:\WINDOWS\Setup1.exe

2008-01-16 22:22 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\PC Suite

2008-01-16 01:44 --------- d-----w C:\Arquivos de programas\8BallClub

2008-01-15 13:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-15 12:12 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\Orbit

2008-01-11 21:40 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-01-11 21:40 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2008-01-11 21:40 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-11 21:31 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\AVG7

2008-01-07 23:21 --------- d-----w C:\Arquivos de programas\Tibia

2008-01-05 20:06 --------- d-----w C:\Arquivos de programas\Advanced System Optimizer

2008-01-05 19:39 --------- d-----w C:\Arquivos de programas\cFosSpeed

2007-12-21 15:16 --------- d-----w C:\Arquivos de programas\Nokia2

2007-12-18 22:23 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Nokia

2007-12-18 22:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2007-12-18 21:59 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\DataLayer

2007-12-15 03:26 --------- d-----w C:\Arquivos de programas\DivX

2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-11 22:34 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll

2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-12-11 22:34 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2007-12-11 22:34 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe

2007-12-11 22:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe

2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-11 22:33 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll

2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-11 22:32 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 22:32 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-11 20:30 --------- d-----w C:\Arquivos de programas\XP Tweak Mechanic

2007-12-11 17:32 --------- d-----w C:\Arquivos de programas\K-Meleon

2007-12-11 17:03 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-11 17:03 --------- d-----w C:\Arquivos de programas\ToniArts

2007-12-10 23:09 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\TeraCopy

2007-12-09 18:34 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-07 02:11 --------- d-----w C:\Arquivos de programas\Evrox

2007-12-07 02:06 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Systweak

2007-12-07 00:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

2007-12-07 00:52 164,244 ----a-w C:\WINDOWS\Video Cleaner Lite Uninstaller.exe

2007-12-07 00:52 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\River Past G5

2007-12-07 00:52 --------- d-----w C:\Arquivos de programas\River Past

2007-12-07 00:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\River Past

2007-12-06 21:37 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\Nokia Multimedia Player

2007-12-06 21:37 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\Nokia

2007-12-06 21:37 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\DataLayer

2007-12-06 21:35 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\PC Suite

2007-12-05 04:53 356,352 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-05 03:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 03:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 03:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 03:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 03:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-12-05 03:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 03:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 03:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 03:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 03:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 03:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 03:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 03:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 03:41 356,352 -c--a-w C:\WINDOWS\system32\nvudisp.exe

2007-12-05 03:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-12-05 03:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-12-05 03:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-12-05 03:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-12-05 03:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-12-05 03:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-12-05 03:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-12-05 03:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-12-05 03:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-12-05 03:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe

2007-12-05 03:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 17:19 5728112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2006-12-02 22:11 929280]

"RamBooster"="C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe" [2005-11-17 07:32 561664]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 17:36 579072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-28 22:09 219136]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

 

C:\Documents and Settings\Gustavo\Menu Iniciar\Programas\Inicializar\

HDD temperature.lnk - C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 15:08:38 657920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuMFUprogramsList"= 1 (0x1)

"NoStartMenuPinnedList"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 02:29 128512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2007-11-29 11:41 337992]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 02:29 128512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2007-11-29 11:41 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Gustavo^Menu Iniciar^Programas^Inicializar^TA_Start.lnk]

backup=C:\WINDOWS\pss\TA_Start.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a--c--- 2004-08-04 01:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------------------------C:\Arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

--------------------------C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-08-16 17:19 5728112 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--------------------------C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--------------------------C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2007-11-07 17:35 1294336 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------------------------C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------------------------C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--------------------------C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tweak Mechanic]

--a------ 2007-08-06 12:27 188416 C:\Arquivos de programas\XP Tweak Mechanic\XpTweakMech.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZKleenerSys]

--a--c--- 2007-10-18 09:11 602112 C:\Arquivos de programas\ZKleener\ZK32.exe

 

S2 HDDTService;HDD Temperature;C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 15:10]

S2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2007-11-22 15:00]

S2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -start []

S3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 07:04]

S3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-04-06 11:30]

S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-14 20:45]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-08-09 10:28]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f47bfa-9f6f-11dc-b204-0018f30d1c34}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-20 14:53:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HDDTService]

"ImagePath"="C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"

.

Tempo para conclusão: 2008-01-20 14:53:28

ComboFix-quarantined-files.txt 2008-01-20 16:53:20

.

2008-01-17 18:23:56 --- E O F ---

[/b]

 

 

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:00:35, on 20/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\K-Meleon\k-meleon.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: HDD temperature.lnk = C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

O4 - Global Startup: Orbit.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: ZKleener internet activity cleaner - {1AD44482-877F-4AC5-9D61-DDB39668A198} - C:\ARQUIV~1\ZKleener\Data\Lib\ZKIExBtn.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F245BBD-08BF-4D24-91FF-AB540F0E2F0D}: NameServer = 200.184.26.3,200.184.26.4

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: gebcy - C:\WINDOWS\

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - --------------------------"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - --------------------------"C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe" (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 9736 bytes

[DigRam 144]

Boa Noite Gustavo Warich!

 

>@< Desinstale:

 

ZKleener

 

The Cleaner Free

 

>@< Após desinstalar,reinicie o computador!

_____________________

 

>@< Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

_____________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Arquivos de programas\ZKleener\ZK32.exe

C:\Downloads\EvID4226Patch223d-en.zip

C:\Downloads\EvID4226Patch.exe

C:\WINDOWS\system32\drivers\MS1000.sys

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcy]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZKleenerSys]

 

Folder::

C:\Arquivos de programas\ZKleener\Repair

C:\Arquivos de programas\The Cleaner Free

C:\Arquivos de programas\SpywareGuard

 

Driver::

MS1000

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[Visitante]

ComboFix:

 

ComboFix 08-01-20.1 - Gustavo 2008-01-21 16:51:11.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.168 [GMT -2:00]

Executando de: C:\Documents and Settings\Gustavo\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Gustavo\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\Arquivos de programas\ZKleener\ZK32.exe

C:\Downloads\EvID4226Patch.exe

C:\Downloads\EvID4226Patch223d-en.zip

C:\WINDOWS\system32\drivers\MS1000.sys

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Downloads\EvID4226Patch223d-en.zip

C:\WINDOWS\system32\drivers\MS1000.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_MS1000

-------\MS1000

 

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))

.

 

2008-01-21 16:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-21 11:13 . 2008-01-21 16:37 <DIR> d-------- C:\Arquivos de programas\Mozilla Firefox 3 Beta 2

2008-01-20 15:58 . 2008-01-20 15:59 <DIR> d-------- C:\Arquivos de programas\Tropa de Elite Multiplayer BETA - ed software

2008-01-20 01:51 . 2008-01-20 03:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-01-19 22:42 . 2008-01-20 15:00 <DIR> d-------- C:\HijackThis

2008-01-19 21:43 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-01-19 21:20 . 2008-01-19 22:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-19 21:20 . 2008-01-19 21:36 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-19 21:20 . 2008-01-19 21:36 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-19 21:20 . 2008-01-19 21:36 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-01-19 19:52 . 2005-04-06 11:30 26,752 --a------ C:\WINDOWS\system32\drivers\ipfnd51.sys

2008-01-19 15:31 . 2008-01-19 22:43 <DIR> d-------- C:\Hijack

2008-01-18 21:45 . 2008-01-19 21:56 <DIR> d-------- C:\Arquivos de programas\RamBooster 2.0

2008-01-18 13:47 . 2008-01-18 13:47 29 --a------ C:\WINDOWS\system32\rqrepapo.tmp

2008-01-18 13:45 . 2008-01-18 13:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-01-17 21:08 . 2008-01-17 21:08 360,064 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-01-15 19:48 . 2008-01-21 12:33 <DIR> d-------- C:\Documents and Settings\Luana\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-01-15 16:27 . 2008-01-15 16:27 <DIR> d-------- C:\Arquivos de programas\AusLogics Registry Defrag

2008-01-15 12:44 . 2008-01-15 12:44 <DIR> d-------- C:\Arquivos de programas\PalickSoft

2008-01-15 12:10 . 2008-01-21 16:49 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\MegauploadToolbar

2008-01-15 12:10 . 2008-01-19 21:54 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

2008-01-14 12:10 . 2008-01-14 12:10 4 --a------ C:\WINDOWSRegDefrag.dat

2008-01-12 00:16 . 2008-01-12 00:58 <DIR> d-------- C:\Arquivos de programas\Tibia Auto

2008-01-11 19:13 . 2008-01-11 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-01-10 23:42 . 2008-01-10 23:42 <DIR> d-------- C:\Arquivos de programas\Ares

2008-01-07 21:46 . 2008-01-15 14:28 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-01-07 21:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2008-01-07 18:00 . 2008-01-07 18:00 <DIR> d-------- C:\Documents and Settings\Luana\Dados de aplicativos\PC Tools

2008-01-06 01:15 . 2008-01-06 01:15 <DIR> d-------- C:\Arquivos de programas\Asprate

2008-01-06 01:14 . 2008-01-16 14:07 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\Tibia

2008-01-06 01:13 . 2008-01-12 00:16 <DIR> d-------- C:\Arquivos de programas\Tibia2222

2007-12-22 15:46 . 2007-12-22 15:47 <DIR> d-------- C:\Arquivos de programas\TeraCopy

2007-12-22 15:41 . 2008-01-05 00:56 <DIR> d-------- C:\Arquivos de programas\KillSoft

2007-12-21 13:26 . 2007-12-21 13:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\PCSuite

2007-12-21 13:26 . 2007-12-21 13:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nokia

2007-12-21 13:25 . 2007-12-21 13:25 <DIR> d-------- C:\Arquivos de programas\Nokia

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 18:53 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Orbit

2008-01-21 14:01 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\AVG7

2008-01-20 02:23 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\TeraCopy

2008-01-19 23:56 --------- d--h--w C:\Arquivos de programas\Scpad

2008-01-19 23:56 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2008-01-19 23:56 --------- d-----w C:\Arquivos de programas\SpeedBit Video Accelerator

2008-01-19 23:55 --------- d-----w C:\Arquivos de programas\PC Connectivity Solution

2008-01-19 23:55 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-01-19 23:54 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-01-19 23:52 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-01-19 23:45 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-01-19 18:38 --------- d-----w C:\Arquivos de programas\Valve

2008-01-19 00:03 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-01-18 22:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-01-17 23:08 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-01-17 17:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-01-17 17:09 200,704 ------w C:\WINDOWS\Setup1.exe

2008-01-16 22:22 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\PC Suite

2008-01-16 01:44 --------- d-----w C:\Arquivos de programas\8BallClub

2008-01-15 13:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-01-15 12:12 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\Orbit

2008-01-11 21:40 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-01-11 21:40 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2008-01-11 21:31 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\AVG7

2008-01-07 23:21 --------- d-----w C:\Arquivos de programas\Tibia

2008-01-05 20:06 --------- d-----w C:\Arquivos de programas\Advanced System Optimizer

2008-01-05 19:39 --------- d-----w C:\Arquivos de programas\cFosSpeed

2007-12-21 15:16 --------- d-----w C:\Arquivos de programas\Nokia2

2007-12-18 22:23 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Nokia

2007-12-18 22:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2007-12-18 21:59 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\DataLayer

2007-12-15 03:26 --------- d-----w C:\Arquivos de programas\DivX

2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-12-11 20:30 --------- d-----w C:\Arquivos de programas\XP Tweak Mechanic

2007-12-11 17:32 --------- d-----w C:\Arquivos de programas\K-Meleon

2007-12-11 17:03 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-11 17:03 --------- d-----w C:\Arquivos de programas\ToniArts

2007-12-10 23:09 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\TeraCopy

2007-12-09 18:34 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-07 02:11 --------- d-----w C:\Arquivos de programas\Evrox

2007-12-07 02:06 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Systweak

2007-12-07 00:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

2007-12-07 00:52 164,244 ----a-w C:\WINDOWS\Video Cleaner Lite Uninstaller.exe

2007-12-07 00:52 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\River Past G5

2007-12-07 00:52 --------- d-----w C:\Arquivos de programas\River Past

2007-12-07 00:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\River Past

2007-12-06 21:37 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\Nokia Multimedia Player

2007-12-06 21:37 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\Nokia

2007-12-06 21:37 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\DataLayer

2007-12-06 21:35 --------- d-----w C:\Documents and Settings\Luana\Dados de aplicativos\PC Suite

2007-12-05 03:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-11-28 22:02 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-28 22:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2007-11-28 21:11 --------- d-----w C:\Arquivos de programas\Lavasoft

2007-11-28 14:08 --------- d-----w C:\Arquivos de programas\AusLogics Disk Defrag

2007-11-24 00:05 --------- d-----w C:\Arquivos de programas\United Football

2007-11-06 14:54 30,601 -c--a-w C:\Documents and Settings\Gustavo\x.exe

2007-11-01 17:58 796,672 -c--a-w C:\WINDOWS\GPInstall.exe

2007-10-25 12:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 17:19 5728112]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"ares"="C:\Arquivos de programas\Ares\Ares.exe" [2006-12-02 22:11 929280]

"RamBooster"="C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe" [2005-11-17 07:32 561664]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 17:36 579072]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]

"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-28 22:09 219136]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

 

C:\Documents and Settings\Gustavo\Menu Iniciar\Programas\Inicializar\

HDD temperature.lnk - C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 15:08:38 657920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuMFUprogramsList"= 1 (0x1)

"NoStartMenuPinnedList"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 02:29 128512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2007-11-29 11:41 337992]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 02:29 128512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2007-11-29 11:41 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Gustavo^Menu Iniciar^Programas^Inicializar^TA_Start.lnk]

backup=C:\WINDOWS\pss\TA_Start.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C6501Sound]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a--c--- 2004-08-04 01:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------------------------C:\Arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

--------------------------C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-08-16 17:19 5728112 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--------------------------C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--------------------------C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2007-11-07 17:35 1294336 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------------------------C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

--------------------------C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--------------------------C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tweak Mechanic]

--a------ 2007-08-06 12:27 188416 C:\Arquivos de programas\XP Tweak Mechanic\XpTweakMech.exe

 

R2 HDDTService;HDD Temperature;C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe [2004-11-24 15:10]

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2007-11-22 15:00]

R2 VideoAcceleratorService;VideoAcceleratorService;C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -start []

R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 07:04]

R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-04-06 11:30]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2005-08-09 10:28]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f47bfa-9f6f-11dc-b204-0018f30d1c34}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-21 16:55:46

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HDDTService]

"ImagePath"="C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"

.

Tempo para conclusÆo: 2008-01-21 17:02:50 - machine was rebooted [Gustavo]

ComboFix-quarantined-files.txt 2008-01-21 19:02:42

.

2008-01-17 18:23:56 --- E O F ---

 

 

 

 

HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:07:14, on 21/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 2\firefox.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: HDD temperature.lnk = C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTemperature.exe

O4 - Global Startup: Orbit.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399003} (GbPluginObj Class) - https://imagem.caixa.gov.br/cab/GbPluginCef.cab

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F245BBD-08BF-4D24-91FF-AB540F0E2F0D}: NameServer = 200.184.26.3,200.184.26.4

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Arquivos de programas\PalickSoft\HDD Temperature\HDDTSvc.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - --------------------------"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE" (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - --------------------------"C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe" (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 9654 bytes

 

 

 

Abraço.

[DigRam 144]

Boa Tarde Gustavo Warich!

 

>@< No Executar,digite: combofix /u

>@< Dê o Ok e,na mensagem,selecione o 2. ( Dois )

_______________________

 

>@< Configure o Windows para que mostre todos os Arquivos,até os ocultos.

>@< Desabilite a Restauração do Sistema.

>@< Vá em Iniciar >> Painel de controles >> Sistema.

>@< Vá a aba Restauração do sistema.

>@< Clique em: Desativar a Restauração do Sistema.

>@< Vá em Iniciar >> Executar >> Digite: cleanmgr

>@< Aguarde!No Utilitário de limpeza de disco,marque todas as caixas e confirme!

>@< Terminando,habilite novamente,a Restauração do sistema >> Aplicar >> Ok.

_______________________

 

>@< Faça outro scan,em BitDefender,e poste o relatório. << Caso queira!

_______________________

 

>@< O Log está Limpo!

 

Abraços!

[Visitante]

BitDefender

 

BitDefender Online Scanner

 

Scan report generated at: Mon, Jan 21, 2008 - 22:19:53

 

Scan path: C:\;D:\;

 

Statistics

 

Time 00:49:07

 

Files 160932

 

Folders 6028

 

Boot Sectors 2

 

Archives 1577

 

Packed Files 5902

 

Results

 

Identified Viruses 1

 

Infected Files 1

 

Suspect Files 0

 

Warnings 0

 

Disinfected 0

 

Deleted Files 1

 

Engines Info

 

Virus Definitions 892734

 

Engine build

 

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

 

Scan plugins 14

 

Archive plugins 38

 

Unpack plugins 7

 

E-mail plugins 6

 

System plugins 1

 

Scan Settings

 

First Action

 

Disinfect

 

Second Action

 

Delete

 

Heuristics Yes

 

Enable Warnings Yes

 

Scanned Extensions *;

 

Exclude Extensions

 

Scan Emails Yes

 

Scan Archives Yes

 

Scan Packed Yes

 

Scan Files Yes

 

Scan Boot Yes

 

Scanned File

 

Status

 

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)=>lzma_solid_nsis0006

 

Infected with: Backdoor.Bifrose.D

 

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)=>lzma_solid_nsis0006

 

Disinfection failed

 

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)=>lzma_solid_nsis0006

 

Deleted

 

C:\Documents and Settings\Gustavo\Desktop\Pastas Desktop\Nova pasta\TibiaAutoSetup_1_13_3.exe=>(NSIS o)

 

Update failed

PS:. Aproveitando a oportunidade da sua ajuda, muito bem agradecida nesse momento, eu queria tirar algumas dúvidas, e pedir algumas sugestões :

Há vários arquivos na Quarentena do AVG, posso deleta-los ? Há algum problema ?

Qual Anti-Virus/AntiSpyware, você me indicaria ?

 

Um forte abraço.

[DigRam 144]

Boa Noite Gustavo Warich!

 

PS:. Aproveitando a oportunidade da sua ajuda, muito bem agradecida nesse momento, eu queria tirar algumas dúvidas, e pedir algumas sugestões :

Há vários arquivos na Quarentena do AVG, posso deleta-los ? Há algum problema ?

Qual Anti-Virus/AntiSpyware, você me indicaria ?

>1< Sim!Pode limpar a quarentena do AVG.

 

>@< Antivírus

 

FREE >> Avira

SHAREWARE >> Kaspersky

 

>@< Anti-Spyware

 

FREE >> a-squared

 

Ps: Todos,poderão ser obtidos no < Baixaki >

 

Abraços!

[Visitante]

Ok, obrigado por tudo, amigo.

 

Abraços!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.