[Resolvido!]Infectado com o hldrrr.exe e outros

[jgarciajr 0]

Olá,

 

Meu micro está infectado com o hldrrr.exe, wintems.exe, srosa.sys e mdelk.exe.

Os primeiros sintomas foram o não funcionamento dos meus antivírus instalados (AVG, Adware e BitDefender) e alguns outros programas de proteção (Hijackthis e CCleaner).

Ao desligar o micro também aparecia a janela perguntado pra finalizar o hldrrr.exe. Aparentemente o restante das funções e atividades do micro estão normais.

Minha primeira iniciativa foi procurar em fóruns tópicos sobre o assunto e tentei executar algumas recomendações, muito embora a maioria dos programas recomendados salvos no meu micro acusassem o erro "xxx.exe não é um aplicativo Win32 válido" ou que "o usuário não tem acesso ao HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRun".

Consegui rodar o F-Secure BlackLight e o Log dele segue abaixo.

Espero que vcs possam me ajudar.

Grato pela atenção,

 

Garcia Jr

 

02/01/08 15:42:19 [info]: BlackLight Engine 1.0.67 initialized

02/01/08 15:42:19 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/01/08 15:42:19 [Note]: 7019 4

02/01/08 15:42:19 [Note]: 7005 0

02/01/08 15:42:42 [Note]: 7006 0

02/01/08 15:42:42 [Note]: 7011 2220

02/01/08 15:42:54 [Note]: 7026 0

02/01/08 15:43:06 [Note]: 7026 0

02/01/08 15:43:06 [Note]: 7024 3

02/01/08 15:43:06 [info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe

02/01/08 15:43:06 [Note]: 7024 3

02/01/08 15:43:06 [info]: Hidden process: C:\WINDOWS\system32\wintems.exe

02/01/08 15:43:26 [Note]: FSRAW library version 1.7.1024

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Empty.txt

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Filters.xml

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\news.png

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\paint.png

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Profiles\Blank.txt

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample1.jpg

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [info]: Hidden file: c:\Arquivos de programas\Movie Maker\Shared\Sample2.jpg

02/01/08 15:45:23 [Note]: 10002 3

02/01/08 15:45:23 [Note]: 10002 2

02/01/08 15:45:23 [Note]: 10002 2

02/01/08 15:45:48 [info]: Hidden file: c:\Arquivos de programas\Skype\toolbars\Shared\SPhoneParser.dll

02/01/08 15:45:48 [Note]: 10002 3

02/01/08 15:45:48 [Note]: 10002 2

02/01/08 15:45:48 [Note]: 10002 2

02/01/08 15:45:51 [Note]: 10002 3

02/01/08 15:45:51 [Note]: 10002 2

02/01/08 15:45:51 [Note]: 10002 2

02/01/08 15:52:40 [Note]: 10002 2

02/01/08 15:52:40 [Note]: 10002 2

02/01/08 15:54:14 [info]: Hidden file: C:\WINDOWS\system32\wintems.exe

02/01/08 15:54:14 [Note]: 10002 2

02/01/08 15:54:44 [info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe

02/01/08 15:54:44 [Note]: 10002 2

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\102093.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\105718.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\107500.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\108125.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\113953.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\121015.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\127046.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\128203.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\129296.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\135062.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\135968.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\136015.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\1379125.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\139203.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\139921.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\1404812.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\140921.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\1410718.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\141875.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\1419062.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\142375.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\143781.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\1456625.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\146078.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14642000.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14653593.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14660187.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14669062.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14679062.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14684031.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14684093.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14686156.exe

02/01/08 15:54:49 [Note]: 10002 3

02/01/08 15:54:49 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\16512156.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\16517812.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\167234.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\167671.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\168187.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\168750.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\169453.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\170265.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\170296.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\170453.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\171468.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\171796.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\174171.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\174750.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\175093.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\176421.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\176515.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\177078.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\178453.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\181015.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\181750.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\182062.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\255265.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\256187.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\261015.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\265734.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\267265.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\268515.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\271562.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\271687.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\275671.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\278406.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\281500.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\287062.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\297468.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\306984.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:50 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\317875.exe

02/01/08 15:54:50 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\324500.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\326375.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\329125.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\335984.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\347234.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\350375.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\397312.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\404125.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\88796.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\89093.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\95140.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\95328.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\95937.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14698734.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14702843.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14707781.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14713031.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14718906.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14722015.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14723203.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14724484.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14725265.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14726109.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14731937.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14732875.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14737031.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14737140.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14738078.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14738265.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14743031.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14743234.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14746078.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\211453.exe

02/01/08 15:54:51 [Note]: 10002 3

02/01/08 15:54:51 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\211687.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\212203.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\214203.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\214937.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\217140.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\217546.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\218031.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\219140.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\220109.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\220671.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\221171.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\222234.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\222937.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\222953.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\225390.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\225406.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\225937.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\226515.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\227390.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\232468.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\233859.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\235593.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\235796.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\236250.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\237765.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\238203.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\238484.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\242562.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\248734.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\249437.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\250062.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\151031.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\155296.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\155312.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\157437.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15925328.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15934578.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\159531.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15965000.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15966453.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15980671.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15985812.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15990359.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15992718.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\15998187.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\160312.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\161546.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\161656.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\16226656.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\162906.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\16309437.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\164218.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14694734.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14748640.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\150640.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\16507703.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\182375.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:52 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\206875.exe

02/01/08 15:54:52 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\250953.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\182718.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\183468.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\183828.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\184875.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\187265.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\187890.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\188046.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\189296.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\191062.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\191125.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\192859.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\193171.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\193609.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\195343.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\197140.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\197328.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\200500.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\203906.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\205343.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\206046.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14766125.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14766156.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\147703.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14770546.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14774718.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14774859.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14777890.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14779375.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14781421.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14782359.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\1478265.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14788296.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14788828.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14791281.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14792781.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14794328.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14797812.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14802984.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14803937.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14826421.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14831500.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14832640.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14833281.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14834140.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14837109.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14840125.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14841250.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14843890.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14849734.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14881203.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14886484.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\14891328.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\150078.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\150265.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\down\150312.exe

02/01/08 15:54:53 [Note]: 10002 3

02/01/08 15:54:53 [Note]: 10002 2

02/01/08 15:54:53 [Note]: 10002 2

02/01/08 15:54:53 [info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys

02/01/08 15:54:53 [Note]: 10002 2

02/01/08 15:55:09 [Note]: 10002 3

[DigRam 144]

Boa Noite jgarciajr!

 

>@< Faça o download do EliBagla.

>@< Salve-o no Desktop!

>@< Agora,vá ao seu ícone e execute a ferramenta!

>@< Terminando,reinicie o computador em Modo de Segurança. << Importante!

>@< Execute,novamente,o EliBagla.

>@< Reinicie em Modo Normal!

________________________

 

>@< Poste o relatório,infoSAT.txt,que está na raíz C:\ ( Disco Local-C ) + HJT,atualizado.

 

 

Abraços!

[jgarciajr 0]

Bom dia DigRam,

 

Segue abaixo o relatório do EliBagla e o log atualizado do F-Secure BlackLight (meu HJT ainda não funciona, assim como os antivírus).

 

Obrigado pela atenção,

 

Garcia Jr

 

 

 

Sat Feb 02 08:04:05 2008

EliBagle v10.96 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Restaurada Clave: "SafeBoot\Minimal y Network"

 

Sat Feb 02 08:11:53 2008

EliBagle v10.96 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr

 

Sat Feb 02 08:12:04 2008

EliBagle v10.96 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\132062.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\29331921.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\43911250.EXE --> Eliminado Bagle

 

Nº Total de Directorios: 6795

Nº Total de Ficheros: 107064

Nº de Ficheros Analizados: 13324

Nº de Ficheros Infectados: 4

Nº de Ficheros Limpiados: 4

 

 

Sat Feb 02 08:22:00 2008

EliBagle v10.96 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 4564

Nº Total de Ficheros: 58242

Nº de Ficheros Analizados: 321

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Sat Feb 02 08:25:10 2008

EliBagle v10.96 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

 

 

 

 

02/02/08 08:29:49 [info]: BlackLight Engine 1.0.67 initialized

02/02/08 08:29:49 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/02/08 08:29:49 [Note]: 7019 4

02/02/08 08:29:49 [Note]: 7005 0

02/02/08 08:29:55 [Note]: 7006 0

02/02/08 08:29:55 [Note]: 7011 1744

02/02/08 08:29:55 [Note]: 7026 0

02/02/08 08:29:55 [Note]: 7026 0

02/02/08 08:29:59 [Note]: FSRAW library version 1.7.1024

02/02/08 08:35:52 [Note]: 7007 0

[DigRam 144]

Boa Tarde jgarciajr!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_________________________

 

>@< Faça o download do < SPROCESS.EXE 2.6 >

>@< Salve-o no Desktop!

>@< Execute o programa com um duplo clique!

>@< Clique em Salir >> Ok.

>@< Poste o relatório,que estará em: C:\SProcLog.txt

>@< Ps: Esta ferramenta,de diagnóstico,é semelhante ao HijackThis...mas sem a opção de Fix.

_________________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + C:\SProcLog.txt <!>

 

Abraços!

[jgarciajr 0]

Olá DigRam,

 

 

ComboFix 08-02.02.5 - Cliente 2008-02-02 14:00:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.591 [GMT -3:00]

Executando de: C:\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Cliente\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\XJZDPSY2\www.broadcaster.com

C:\Documents and Settings\Cliente\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\WINDOWS\atualmente.dll

C:\WINDOWS\msmmesagem.dll

C:\WINDOWS\SW_Win2000X5.DLL

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\system32\drivers\down\102093.exe

C:\WINDOWS\system32\drivers\down\105718.exe

C:\WINDOWS\system32\drivers\down\107500.exe

C:\WINDOWS\system32\drivers\down\108125.exe

C:\WINDOWS\system32\drivers\down\108765.exe

C:\WINDOWS\system32\drivers\down\112031.exe

C:\WINDOWS\system32\drivers\down\113953.exe

C:\WINDOWS\system32\drivers\down\121015.exe

C:\WINDOWS\system32\drivers\down\127046.exe

C:\WINDOWS\system32\drivers\down\128203.exe

C:\WINDOWS\system32\drivers\down\129296.exe

C:\WINDOWS\system32\drivers\down\135062.exe

C:\WINDOWS\system32\drivers\down\135968.exe

C:\WINDOWS\system32\drivers\down\136015.exe

C:\WINDOWS\system32\drivers\down\136734.exe

C:\WINDOWS\system32\drivers\down\1379125.exe

C:\WINDOWS\system32\drivers\down\139203.exe

C:\WINDOWS\system32\drivers\down\139921.exe

C:\WINDOWS\system32\drivers\down\1404812.exe

C:\WINDOWS\system32\drivers\down\140921.exe

C:\WINDOWS\system32\drivers\down\1410718.exe

C:\WINDOWS\system32\drivers\down\141875.exe

C:\WINDOWS\system32\drivers\down\1419062.exe

C:\WINDOWS\system32\drivers\down\142375.exe

C:\WINDOWS\system32\drivers\down\143171.exe

C:\WINDOWS\system32\drivers\down\143781.exe

C:\WINDOWS\system32\drivers\down\1456625.exe

C:\WINDOWS\system32\drivers\down\146078.exe

C:\WINDOWS\system32\drivers\down\14642000.exe

C:\WINDOWS\system32\drivers\down\14653593.exe

C:\WINDOWS\system32\drivers\down\14660187.exe

C:\WINDOWS\system32\drivers\down\14669062.exe

C:\WINDOWS\system32\drivers\down\14679062.exe

C:\WINDOWS\system32\drivers\down\14684031.exe

C:\WINDOWS\system32\drivers\down\14684093.exe

C:\WINDOWS\system32\drivers\down\14686156.exe

C:\WINDOWS\system32\drivers\down\14694734.exe

C:\WINDOWS\system32\drivers\down\14698734.exe

C:\WINDOWS\system32\drivers\down\14702843.exe

C:\WINDOWS\system32\drivers\down\14707781.exe

C:\WINDOWS\system32\drivers\down\14713031.exe

C:\WINDOWS\system32\drivers\down\14718906.exe

C:\WINDOWS\system32\drivers\down\14722015.exe

C:\WINDOWS\system32\drivers\down\14723203.exe

C:\WINDOWS\system32\drivers\down\14724484.exe

C:\WINDOWS\system32\drivers\down\14725265.exe

C:\WINDOWS\system32\drivers\down\14726109.exe

C:\WINDOWS\system32\drivers\down\14731937.exe

C:\WINDOWS\system32\drivers\down\14732875.exe

C:\WINDOWS\system32\drivers\down\14737031.exe

C:\WINDOWS\system32\drivers\down\14737140.exe

C:\WINDOWS\system32\drivers\down\14738078.exe

C:\WINDOWS\system32\drivers\down\14738265.exe

C:\WINDOWS\system32\drivers\down\14743031.exe

C:\WINDOWS\system32\drivers\down\14743234.exe

C:\WINDOWS\system32\drivers\down\14746078.exe

C:\WINDOWS\system32\drivers\down\14748640.exe

C:\WINDOWS\system32\drivers\down\14766125.exe

C:\WINDOWS\system32\drivers\down\14766156.exe

C:\WINDOWS\system32\drivers\down\147703.exe

C:\WINDOWS\system32\drivers\down\14770546.exe

C:\WINDOWS\system32\drivers\down\14774718.exe

C:\WINDOWS\system32\drivers\down\14774859.exe

C:\WINDOWS\system32\drivers\down\14777890.exe

C:\WINDOWS\system32\drivers\down\14779375.exe

C:\WINDOWS\system32\drivers\down\14781421.exe

C:\WINDOWS\system32\drivers\down\14782359.exe

C:\WINDOWS\system32\drivers\down\1478265.exe

C:\WINDOWS\system32\drivers\down\14788296.exe

C:\WINDOWS\system32\drivers\down\14788828.exe

C:\WINDOWS\system32\drivers\down\14791281.exe

C:\WINDOWS\system32\drivers\down\14792781.exe

C:\WINDOWS\system32\drivers\down\14794328.exe

C:\WINDOWS\system32\drivers\down\14797812.exe

C:\WINDOWS\system32\drivers\down\14802984.exe

C:\WINDOWS\system32\drivers\down\14803937.exe

C:\WINDOWS\system32\drivers\down\14826421.exe

C:\WINDOWS\system32\drivers\down\14831500.exe

C:\WINDOWS\system32\drivers\down\14832640.exe

C:\WINDOWS\system32\drivers\down\14833281.exe

C:\WINDOWS\system32\drivers\down\14834140.exe

C:\WINDOWS\system32\drivers\down\14837109.exe

C:\WINDOWS\system32\drivers\down\14840125.exe

C:\WINDOWS\system32\drivers\down\14841250.exe

C:\WINDOWS\system32\drivers\down\14843890.exe

C:\WINDOWS\system32\drivers\down\14849734.exe

C:\WINDOWS\system32\drivers\down\14881203.exe

C:\WINDOWS\system32\drivers\down\14886484.exe

C:\WINDOWS\system32\drivers\down\14891328.exe

C:\WINDOWS\system32\drivers\down\150078.exe

C:\WINDOWS\system32\drivers\down\150265.exe

C:\WINDOWS\system32\drivers\down\150312.exe

C:\WINDOWS\system32\drivers\down\150640.exe

C:\WINDOWS\system32\drivers\down\151031.exe

C:\WINDOWS\system32\drivers\down\155296.exe

C:\WINDOWS\system32\drivers\down\155312.exe

C:\WINDOWS\system32\drivers\down\157437.exe

C:\WINDOWS\system32\drivers\down\15925328.exe

C:\WINDOWS\system32\drivers\down\15934578.exe

C:\WINDOWS\system32\drivers\down\159531.exe

C:\WINDOWS\system32\drivers\down\15965000.exe

C:\WINDOWS\system32\drivers\down\15966453.exe

C:\WINDOWS\system32\drivers\down\15980671.exe

C:\WINDOWS\system32\drivers\down\15985812.exe

C:\WINDOWS\system32\drivers\down\15990359.exe

C:\WINDOWS\system32\drivers\down\15992718.exe

C:\WINDOWS\system32\drivers\down\15998187.exe

C:\WINDOWS\system32\drivers\down\160312.exe

C:\WINDOWS\system32\drivers\down\161546.exe

C:\WINDOWS\system32\drivers\down\161656.exe

C:\WINDOWS\system32\drivers\down\16226656.exe

C:\WINDOWS\system32\drivers\down\162906.exe

C:\WINDOWS\system32\drivers\down\16309437.exe

C:\WINDOWS\system32\drivers\down\164218.exe

C:\WINDOWS\system32\drivers\down\16507703.exe

C:\WINDOWS\system32\drivers\down\16512156.exe

C:\WINDOWS\system32\drivers\down\16517812.exe

C:\WINDOWS\system32\drivers\down\167234.exe

C:\WINDOWS\system32\drivers\down\167671.exe

C:\WINDOWS\system32\drivers\down\168187.exe

C:\WINDOWS\system32\drivers\down\168750.exe

C:\WINDOWS\system32\drivers\down\169453.exe

C:\WINDOWS\system32\drivers\down\169640.exe

C:\WINDOWS\system32\drivers\down\170265.exe

C:\WINDOWS\system32\drivers\down\170296.exe

C:\WINDOWS\system32\drivers\down\170453.exe

C:\WINDOWS\system32\drivers\down\171468.exe

C:\WINDOWS\system32\drivers\down\171796.exe

C:\WINDOWS\system32\drivers\down\174171.exe

C:\WINDOWS\system32\drivers\down\174750.exe

C:\WINDOWS\system32\drivers\down\175093.exe

C:\WINDOWS\system32\drivers\down\176421.exe

C:\WINDOWS\system32\drivers\down\176515.exe

C:\WINDOWS\system32\drivers\down\177078.exe

C:\WINDOWS\system32\drivers\down\178453.exe

C:\WINDOWS\system32\drivers\down\181015.exe

C:\WINDOWS\system32\drivers\down\181531.exe

C:\WINDOWS\system32\drivers\down\181750.exe

C:\WINDOWS\system32\drivers\down\182062.exe

C:\WINDOWS\system32\drivers\down\182375.exe

C:\WINDOWS\system32\drivers\down\182718.exe

C:\WINDOWS\system32\drivers\down\183468.exe

C:\WINDOWS\system32\drivers\down\183828.exe

C:\WINDOWS\system32\drivers\down\184875.exe

C:\WINDOWS\system32\drivers\down\186234.exe

C:\WINDOWS\system32\drivers\down\187265.exe

C:\WINDOWS\system32\drivers\down\187890.exe

C:\WINDOWS\system32\drivers\down\188046.exe

C:\WINDOWS\system32\drivers\down\189296.exe

C:\WINDOWS\system32\drivers\down\190593.exe

C:\WINDOWS\system32\drivers\down\191062.exe

C:\WINDOWS\system32\drivers\down\191125.exe

C:\WINDOWS\system32\drivers\down\192859.exe

C:\WINDOWS\system32\drivers\down\193031.exe

C:\WINDOWS\system32\drivers\down\193171.exe

C:\WINDOWS\system32\drivers\down\193609.exe

C:\WINDOWS\system32\drivers\down\195343.exe

C:\WINDOWS\system32\drivers\down\197140.exe

C:\WINDOWS\system32\drivers\down\197328.exe

C:\WINDOWS\system32\drivers\down\198828.exe

C:\WINDOWS\system32\drivers\down\200500.exe

C:\WINDOWS\system32\drivers\down\203906.exe

C:\WINDOWS\system32\drivers\down\205343.exe

C:\WINDOWS\system32\drivers\down\206046.exe

C:\WINDOWS\system32\drivers\down\206875.exe

C:\WINDOWS\system32\drivers\down\211453.exe

C:\WINDOWS\system32\drivers\down\211687.exe

C:\WINDOWS\system32\drivers\down\212203.exe

C:\WINDOWS\system32\drivers\down\214203.exe

C:\WINDOWS\system32\drivers\down\214312.exe

C:\WINDOWS\system32\drivers\down\214937.exe

C:\WINDOWS\system32\drivers\down\217140.exe

C:\WINDOWS\system32\drivers\down\217546.exe

C:\WINDOWS\system32\drivers\down\218031.exe

C:\WINDOWS\system32\drivers\down\219140.exe

C:\WINDOWS\system32\drivers\down\219890.exe

C:\WINDOWS\system32\drivers\down\220109.exe

C:\WINDOWS\system32\drivers\down\220671.exe

C:\WINDOWS\system32\drivers\down\221171.exe

C:\WINDOWS\system32\drivers\down\222046.exe

C:\WINDOWS\system32\drivers\down\222234.exe

C:\WINDOWS\system32\drivers\down\222937.exe

C:\WINDOWS\system32\drivers\down\222953.exe

C:\WINDOWS\system32\drivers\down\224109.exe

C:\WINDOWS\system32\drivers\down\225390.exe

C:\WINDOWS\system32\drivers\down\225406.exe

C:\WINDOWS\system32\drivers\down\225937.exe

C:\WINDOWS\system32\drivers\down\226515.exe

C:\WINDOWS\system32\drivers\down\227046.exe

C:\WINDOWS\system32\drivers\down\227390.exe

C:\WINDOWS\system32\drivers\down\232468.exe

C:\WINDOWS\system32\drivers\down\233859.exe

C:\WINDOWS\system32\drivers\down\235078.exe

C:\WINDOWS\system32\drivers\down\235593.exe

C:\WINDOWS\system32\drivers\down\235796.exe

C:\WINDOWS\system32\drivers\down\236250.exe

C:\WINDOWS\system32\drivers\down\237484.exe

C:\WINDOWS\system32\drivers\down\237765.exe

C:\WINDOWS\system32\drivers\down\238203.exe

C:\WINDOWS\system32\drivers\down\238484.exe

C:\WINDOWS\system32\drivers\down\242562.exe

C:\WINDOWS\system32\drivers\down\248734.exe

C:\WINDOWS\system32\drivers\down\249437.exe

C:\WINDOWS\system32\drivers\down\250062.exe

C:\WINDOWS\system32\drivers\down\250953.exe

C:\WINDOWS\system32\drivers\down\255265.exe

C:\WINDOWS\system32\drivers\down\256187.exe

C:\WINDOWS\system32\drivers\down\261015.exe

C:\WINDOWS\system32\drivers\down\265734.exe

C:\WINDOWS\system32\drivers\down\267265.exe

C:\WINDOWS\system32\drivers\down\268515.exe

C:\WINDOWS\system32\drivers\down\271500.exe

C:\WINDOWS\system32\drivers\down\271562.exe

C:\WINDOWS\system32\drivers\down\271687.exe

C:\WINDOWS\system32\drivers\down\275671.exe

C:\WINDOWS\system32\drivers\down\278375.exe

C:\WINDOWS\system32\drivers\down\278406.exe

C:\WINDOWS\system32\drivers\down\281500.exe

C:\WINDOWS\system32\drivers\down\284562.exe

C:\WINDOWS\system32\drivers\down\287062.exe

C:\WINDOWS\system32\drivers\down\29328718.exe

C:\WINDOWS\system32\drivers\down\29339109.exe

C:\WINDOWS\system32\drivers\down\29370687.exe

C:\WINDOWS\system32\drivers\down\29383781.exe

C:\WINDOWS\system32\drivers\down\29386984.exe

C:\WINDOWS\system32\drivers\down\29390093.exe

C:\WINDOWS\system32\drivers\down\29391781.exe

C:\WINDOWS\system32\drivers\down\29397265.exe

C:\WINDOWS\system32\drivers\down\29406609.exe

C:\WINDOWS\system32\drivers\down\29412421.exe

C:\WINDOWS\system32\drivers\down\29413453.exe

C:\WINDOWS\system32\drivers\down\29414453.exe

C:\WINDOWS\system32\drivers\down\29415578.exe

C:\WINDOWS\system32\drivers\down\29421796.exe

C:\WINDOWS\system32\drivers\down\29424328.exe

C:\WINDOWS\system32\drivers\down\29456703.exe

C:\WINDOWS\system32\drivers\down\29465687.exe

C:\WINDOWS\system32\drivers\down\29470718.exe

C:\WINDOWS\system32\drivers\down\297468.exe

C:\WINDOWS\system32\drivers\down\306984.exe

C:\WINDOWS\system32\drivers\down\317875.exe

C:\WINDOWS\system32\drivers\down\324500.exe

C:\WINDOWS\system32\drivers\down\326375.exe

C:\WINDOWS\system32\drivers\down\329125.exe

C:\WINDOWS\system32\drivers\down\335984.exe

C:\WINDOWS\system32\drivers\down\347234.exe

C:\WINDOWS\system32\drivers\down\350375.exe

C:\WINDOWS\system32\drivers\down\397312.exe

C:\WINDOWS\system32\drivers\down\404125.exe

C:\WINDOWS\system32\drivers\down\43891015.exe

C:\WINDOWS\system32\drivers\down\43894156.exe

C:\WINDOWS\system32\drivers\down\43918281.exe

C:\WINDOWS\system32\drivers\down\43926984.exe

C:\WINDOWS\system32\drivers\down\43953609.exe

C:\WINDOWS\system32\drivers\down\43954296.exe

C:\WINDOWS\system32\drivers\down\43966812.exe

C:\WINDOWS\system32\drivers\down\43971859.exe

C:\WINDOWS\system32\drivers\down\43976515.exe

C:\WINDOWS\system32\drivers\down\43979718.exe

C:\WINDOWS\system32\drivers\down\43984578.exe

C:\WINDOWS\system32\drivers\down\43995937.exe

C:\WINDOWS\system32\drivers\down\44003812.exe

C:\WINDOWS\system32\drivers\down\44005328.exe

C:\WINDOWS\system32\drivers\down\44007781.exe

C:\WINDOWS\system32\drivers\down\44013046.exe

C:\WINDOWS\system32\drivers\down\44015421.exe

C:\WINDOWS\system32\drivers\down\44053734.exe

C:\WINDOWS\system32\drivers\down\44060890.exe

C:\WINDOWS\system32\drivers\down\44067312.exe

C:\WINDOWS\system32\drivers\down\88796.exe

C:\WINDOWS\system32\drivers\down\89093.exe

C:\WINDOWS\system32\drivers\down\95140.exe

C:\WINDOWS\system32\drivers\down\95328.exe

C:\WINDOWS\system32\drivers\down\95937.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_SROSA

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-02 to 2008-02-02 ))))))))))))))))))))))))))))))))

.

 

2008-02-02 13:58 . 2008-02-02 13:57 25,121 --a------ C:\SProces.exe

2008-02-02 13:56 . 2008-02-02 13:55 1,593,209 --a------ C:\ComboFix.exe

2008-02-02 08:03 . 2008-02-02 08:03 49,163 --a------ C:\EliBaglA.exe

2008-02-01 15:40 . 2008-02-01 15:40 <DIR> d-------- C:\Arquivos de programas\Sophos

2008-02-01 08:30 . 2008-02-01 14:33 <DIR> d-------- C:\Arquivos de programas\EsetOnlineScanner

2008-02-01 08:23 . 2008-02-01 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-02-01 08:23 . 2008-02-01 08:23 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-02-01 08:23 . 2008-02-01 08:23 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-02-01 08:23 . 2008-02-01 08:23 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-02-01 08:13 . 2008-02-01 08:14 <DIR> d-------- C:\Arquivos de programas\Prevx Home

2008-02-01 08:10 . 2008-02-01 08:10 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\Prevx

2008-01-31 14:37 . 2008-01-31 14:37 <DIR> d-------- C:\Arquivos de programas\PrevxCSI

2008-01-31 14:23 . 2008-01-31 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Prevx

2008-01-31 14:22 . 2008-02-01 07:57 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\PrevxCSI

2008-01-30 15:59 . 2008-01-31 11:03 <DIR> d-------- C:\Arquivos de programas\Copernic Desktop Search 2

2008-01-29 21:19 . 2008-01-29 21:19 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\Winamp

2008-01-29 21:19 . 2008-01-29 21:19 <DIR> d-------- C:\Arquivos de programas\Winamp

2008-01-21 15:39 . 1996-01-12 01:00 722,192 --a------ C:\WINDOWS\system32\vb40032.dll

2008-01-21 15:39 . 2002-05-17 11:19 462,848 --a------ C:\WINDOWS\system32\dformd.dll

2008-01-21 15:39 . 2001-05-23 03:02 329,423 --a------ C:\WINDOWS\system32\sbe6_000.hlp

2008-01-21 15:39 . 1996-08-05 05:00 92,160 --a------ C:\WINDOWS\system32\grid32.ocx

2008-01-21 15:39 . 2001-05-23 03:02 6,255 --a------ C:\WINDOWS\system32\sbe6_000.cnt

2008-01-21 15:33 . 2008-01-22 08:34 <DIR> d-------- C:\Arquivos de programas\SPSS

2008-01-09 22:22 . 2008-01-09 22:22 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-08 16:58 . 2008-02-02 11:22 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-08 16:58 . 2008-01-08 16:58 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-07 15:17 . 2008-01-07 15:17 <DIR> d-------- C:\WINDOWS\%DownloadedProgramFiles%

2008-01-07 15:15 . 2006-07-27 13:52 367 --a------ C:\WINDOWS\system32\LegitCheckControl.inf

2008-01-07 06:18 . 2008-01-07 06:18 244 --ah----- C:\sqmnoopt13.sqm

2008-01-07 06:18 . 2008-01-07 06:18 232 --ah----- C:\sqmdata13.sqm

2008-01-07 06:16 . 2008-01-07 06:16 244 --ah----- C:\sqmnoopt12.sqm

2008-01-07 06:16 . 2008-01-07 06:16 232 --ah----- C:\sqmdata12.sqm

2008-01-07 06:15 . 2008-01-07 06:15 244 --ah----- C:\sqmnoopt11.sqm

2008-01-07 06:15 . 2008-01-07 06:15 232 --ah----- C:\sqmdata11.sqm

2008-01-06 13:27 . 2008-01-06 13:27 <DIR> d-------- C:\Arquivos de programas\streetchaves PC GAME

2008-01-06 13:27 . 2008-01-06 13:27 <DIR> d-------- C:\Arquivos de programas\StreetChaves

2008-01-06 13:22 . 2008-01-06 13:22 244 --ah----- C:\sqmnoopt10.sqm

2008-01-06 13:22 . 2008-01-06 13:22 232 --ah----- C:\sqmdata10.sqm

2008-01-03 09:01 . 2008-01-09 16:01 59 --a------ C:\WINDOWS\syst.dat

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 16:49 --------- d-----w C:\Arquivos de programas\eMule

2008-02-02 12:33 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-01 14:40 --------- d-----w C:\Arquivos de programas\Share_Accelerator_MM

2008-02-01 14:28 --------- d-----w C:\Arquivos de programas\PowerISO

2008-02-01 13:48 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-02-01 12:30 --------- d-----w C:\Arquivos de programas\DAP

2008-01-28 01:00 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\AVG7

2008-01-22 20:46 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Skype

2008-01-15 00:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-01-11 12:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-01-11 12:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

2008-01-02 21:00 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\BSplayer

2007-12-29 11:16 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2007-12-27 14:28 --------- d-----w C:\Arquivos de programas\wavpack-4.41

2007-12-19 14:12 --------- d-----w C:\Arquivos de programas\Google

2007-12-19 13:16 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2007-12-08 22:43 --------- d-----w C:\Arquivos de programas\Soulseek-Test

2007-12-08 22:38 --------- d-----w C:\Arquivos de programas\Audio Phonics, Inc

2007-12-07 13:28 --------- d-----w C:\Arquivos de programas\Guitar Pro 5

2007-12-06 23:05 --------- d-----w C:\Arquivos de programas\Softinterface, Inc

2007-12-02 11:56 12,328,892 ------w C:\avg7qt.dat

2007-11-30 22:10 1,713 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\WWB7_32.DAT

2007-11-24 21:42 50,176 ----a-w C:\WINDOWS\system32\P2CTDAO.DLL

2007-11-24 21:42 1,846,784 ----a-w C:\WINDOWS\system32\CRPE32.DLL

2007-11-19 23:50 77,824 ----a-w C:\WINDOWS\uinst001.exe

2007-11-10 16:37 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-11-07 09:28 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-04-10 10:14 14 ----a-w C:\Documents and Settings\Cliente\getfile.dat

2007-04-08 19:53 524,300 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\position.bin

2006-01-15 20:21 1,990,144 ----a-w C:\Arquivos de programas\Billion Chords.exe

2004-02-28 20:08 1,363,968 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\arasanx.exe

2004-02-28 14:47 581,632 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\arasan.exe

2004-02-25 09:42 655,360 ----a-w C:\Documents and Settings\Cliente\Dados de aplicativos\book.bin

1999-05-18 18:25 581,632 ----a-w C:\Arquivos de programas\Converte.exe

2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Copernic Desktop Search 2"="C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-11-15 13:08 1478664]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Atalho para a Página de Propriedades do High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"Cmaudio"="cmicnfg.cpl" []

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 21:05 7557120]

"nwiz"="nwiz.exe" [2006-02-13 21:05 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 21:05 86016]

"SMSERIAL"="sm56hlpr.exe" [2005-06-06 06:40 544768 C:\WINDOWS\sm56hlpr.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"BDNewsAgent"="c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe" [2005-05-09 12:19 8192]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-02-16 10:54 282624]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"WindowsTranslator"="C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe" [2003-06-26 17:20 407040]

"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2007-08-06 21:05 200704]

"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-06-01 11:26 20480]

"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-08-21 14:35 114688]

"WinampAgent"="C:\Arquivos de programas\Winamp\wianmpa.exe" [ ]

"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-05-10 09:20 344064]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-02 07:06 579072]

"PrevxCSI"="C:\Arquivos de programas\PrevxCSI\prevxcsi.exe" [2008-01-31 14:22 92160]

"PrevxHome"="C:\Arquivos de programas\Prevx Home\SAGUI.exe" [2005-02-07 11:25 819200]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-02 07:06 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IETI"="C:\Arquivos de programas\Skype\Phone\IEPlugin\unins000.exe" [2007-03-31 18:23 674138]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Color Calibration.lnk - C:\Arquivos de programas\SEC\MagicTune3.6\GammaTray.exe [2007-04-05 16:54:46 36864]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

MagicTune 3.6.lnk - C:\Arquivos de programas\SEC\MagicTune3.6\MagicTuneTray.exe [2007-04-05 16:54:54 45056]

NCProTray.lnk - C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe [2007-04-05 16:55:58 49220]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= C:\WINDOWS\Downloaded Program Files\gbiehabn.dll [ ]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GbPlugin\gbieh.dll [2007-12-03 15:30 347976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

C:\WINDOWS\Downloaded Program Files\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GbPlugin\gbieh.dll 2007-12-03 15:30 347976 C:\ARQUIV~1\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2007-12-03 15:30 347976 C:\Arquivos de programas\GbPlugin\gbieh.dll

 

R2 sbbotdi;sbbotdi;C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys [2007-03-31 18:27]

R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 14:39]

S0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1d14f27-fe1f-11db-b2ea-0018f3110327}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e34eb890-5038-11dc-b35e-0018f3110327}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f261b5dc-f84f-11db-b641-0017317d337d}]

\Shell\AutoRun\command - E:\setup.exe

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-02-02 10:11:07 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2D18E1C0-A4EB-4DA3-8A8F-4165B9AE6F17}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 14:06:05

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\UAService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-02-02 14:08:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-02 17:08:20

.

2008-01-10 01:22:33 --- E O F ---

 

______________________________

 

 

Sat Feb 02 14:24:09 2008

SProces v2.8b ©2007 S.G.H. / Satinfo S.L.

-------------------------------------------

Sistema Operativo: Microsoft Windows XP (v5.1.2600) Service Pack 2

Internet Explorer: (v7.0.5730.11) 0

 

Procesos Activos:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\GBPSV.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\SM56HLPR.EXE

C:\ARQUIVOS DE PROGRAMAS\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE

C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE1.6.0_02\BIN\JUSCHED.EXE

C:\ARQUIVOS DE PROGRAMAS\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWINTRSL.EXE

C:\ARQUIVOS DE PROGRAMAS\POWERISO\PWRISOVM.EXE

C:\WINDOWS\CAMERAFIXER.EXE

C:\WINDOWS\TSNPSTD3.EXE

C:\ARQUIVOS DE PROGRAMAS\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\WINDOWS\VSNPSTD3.EXE

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\ARQUIVOS DE PROGRAMAS\SEC\MAGICTUNE3.6\GAMMATRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE

C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE

C:\ARQUIVOS DE PROGRAMAS\SEC\NATURAL COLOR PRO\NCPROTRAY.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\UASERVICE.EXE

C:\ARQUIVOS DE PROGRAMAS\ARQUIVOS COMUNS\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE

C:\WINDOWS\SYSTEM32\ALG.EXE

C:\ARQUIVOS DE PROGRAMAS\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\SPROCES.EXE

C:\SPROCES.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand202000032.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bDNewsAgent] "c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PrevxCSI] "C:\Arquivos de programas\PrevxCSI\prevxcsi.exe" -boot

O4 - Startup: desktop.ini

O4 - Global Startup: Color Calibration.lnk

O4 - Global Startup: desktop.ini

O4 - Global Startup: HP Digital Imaging Monitor.lnk

O4 - Global Startup: MagicTune 3.6.lnk

O4 - Global Startup: NCProTray.lnk

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185403795437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185399534593

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GBPLUGINABN - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEHABN.DLL (file missing)

O20 - Winlogon Notify: GBPLUGINBB - C:\ARQUIV~1\GBPLUGIN\GBIEH.DLL

O20 - Winlogon Notify: WGALOGON - (no file)

O20 - Winlogon Notify: __GBPLUGINBB - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\GBIEH.DLL

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-carregador Browseui - %SystemRoot%\system32\browseui.dll

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Daemon de cache de categorias de componente - %SystemRoot%\system32\browseui.dll

 

Información Adicional:

----------------------

ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - GbPlugin ShlObj - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - GbPlugin ShlObj - C:\ARQUIV~1\GbPlugin\gbieh.dll

 

Listado de Servicios (Carga Automatica):

----------------------------------------

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: CdaC15BA - Macrovision Europe Ltd - C:\WINDOWS\system32\drivers\CdaC15BA.SYS

O23 - Service: Inicializador de Processo de Servidor DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost -k DcomLaunch (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Chamada de procedimento remoto (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost -k rpcss (file missing)

O23 - Service: sbbotdi - SpeedBit Ltd. - C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys

 

Muito obrigado,

 

Garcia Jr.

[DigRam 144]

Bom Dia jgarciajr!

 

>@< Desinstale: < Prevx > <!> Após desinstalar,reinicie o computador.

__________________________

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

__________________________

 

>@< Poste o relatorio.txt do BankerFix,que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

 

Abraços!

[jgarciajr 0]

Bom dia DigRam,

 

Segue o relatório.txt e o Log do F-Secure BlackLight.

 

Obrigado novamente e bom domingo,

 

Garcia Jr

 

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 3/2/2008 - 9:29

-------------------------------------------------------

Lista de Definição: 2008-01-16-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\syst.dat

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

 

 

 

02/03/08 09:31:53 [info]: BlackLight Engine 1.0.67 initialized

02/03/08 09:31:53 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/03/08 09:31:53 [Note]: 7019 4

02/03/08 09:31:53 [Note]: 7005 0

02/03/08 09:31:55 [Note]: 7006 0

02/03/08 09:31:55 [Note]: 7011 1668

02/03/08 09:31:55 [Note]: 7026 0

02/03/08 09:31:56 [Note]: 7026 0

02/03/08 09:31:59 [Note]: FSRAW library version 1.7.1024

02/03/08 09:45:12 [Note]: 7007 0

[DigRam 144]

Boa Tarde jgarciajr!

 

>@< Pelo visto,voçê ainda não está conseguindo rodar o HijackThis.

_______________________

 

>@< Execute,segundo este Tutorial,os procedimentos faltantes,menos o BlackLight.

>@< Na detecção e remoção de rootkits,utilize o AVG Anti-Rootkit.

________________________

 

>@< Como,geralmente,o Bagle,vem com Rootkit.Faça,então,o download desta ferramenta:

 

< AVG Anti-Rootkit Free >

 

>@< Salve-a no Desktop!

>@< Abra a ferramenta e clique em: Search for rootkits.

>@< Caso,encontre alguma coisa,pode deletar!

________________________

 

>@< Aguardo retorno! Ah!Em tempo...quando,precisamente,ocorreu este problema?

 

Abraços!

[jgarciajr 0]

Caro DigRam,

 

Executei todo o procedimento do tutorial normalmente.

Agora consegui rodar o HijackThis (segue abaixo o Log dele), porém os antivírus ainda não funcionam.

Com relação ao aparecimento do problema, fiz o download de um programa de busca na última quarta-feira (31 de janeiro), instalei e depois os sintomas começaram a aparecer.

Antes de instalar o programa passei os meus antivírus (como sempre faço) e não acusou nada.

Outro detalhe que agora me veio a mente e não sei se isso pode estar influenciando no processo de limpeza e detecção dos problemas do meu micro, é que eu destino somente os programas para o meu C:\ pois tenho um HD externo (D:\), onde coloco todos os meus outros arquivos.

 

Obrigado pela atenção mais uma vez,

 

Garcia Jr.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:52:16, on 3/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\sm56hlpr.exe

C:\arquivos de programas\softwin\bitdefender8\bdnagent.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SEC\MagicTune3.6\GammaTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe

D:\Downloads\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.70:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand202000032.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bDNewsAgent] "c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MagicTune 3.6.lnk = ?

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185403795437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185399534593

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

[DigRam 144]

Boa Noite jgarciajr!

 

Outro detalhe que agora me veio a mente e não sei se isso pode estar influenciando no processo de limpeza e detecção dos problemas do meu micro, é que eu destino somente os programas para o meu C:\ pois tenho um HD externo (D:\), onde coloco todos os meus outros arquivos.

>@< Esse detalhe é importante,pois a infecção da unidade,poderá comprometer outros setores.

_____________________

 

>@< Faça o download do PenClean.

>@< Salve no seu Desktop!

>@< Rode o utilitário e selecione a opção: Verificar o computador Execute,com o HD externo conectado!

>@< Clique no botão Verificar.Aguarde!

>@< Caso haja necessidade,atenda a solicitação para reiniciar o computador.

>@< Clique em Sim!

>@< Repita o procedimento!Mas,com a unidade externa desconectada.

_____________________

 

>@< Faça o download do Flash_Disinfector.exe

>@< Salve-o no Desktop!

>@< Reinicie o computador,em Modo de Segurança.

>@< Execute o Flash_Disinfector.exe,com o HD externo desconectado.

>@< Terminando,faça-o novamente,mas...com a unidade externa conectada.

_____________________

 

>@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

>@< Clique em BitDefender ( Scan OnLine ).

>@< Abrirá a página: < BitDefender OnLine Scanner >

>@< Clique em I Agree.

>@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

_____________________

 

>@< Poste,então: Relatório do BitDefender,que estará em: C:\Windows\BDOSCAN8\bdoscan.txt <!>

>@< Poste,também,o relatório do PenClean,que estará em: C:\PenClean\PenClean.txt <!>

 

Abraços!

[jgarciajr 0]

Bom dia DigRam,

 

Segue abaixo o relatório do BitDefender e do PenClean.

Também coloquei o novo Logfile do HiJackThis.

 

Obrigado pela atenção,

 

Garcia Jr

 

 

[General]

App = "BitDefender Online Scanner v8"

Date = 04:02:2008

Time = 09:14:28

Scan Path = "C:\Documents and Settings\Cliente\Meus documentos;"

 

[Engines Info]

Virus Definitions = 978853

Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

Scan plugins = 16

Archive plugins = 41

Unpack plugins = 7

E-mail plugins = 6

System plugins = 5

 

[scan Statistics]

Folders = 35

Files = 159

Archives = 0

Packed files = 4

Identified viruses = 0

Infected files = 0

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 0

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 0

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000000 = "No problems found."

 

 

 

 

Iniciando relatório do PenClean 2.0.3

Por Renato Victor Mejias

renatomejias@yahoo.com.br

4/2/2008 08:53:08

-----------------------------------------------------------

Arquivos e chaves excluídos do computador:

 

Malware não detectado no computador!

 

-----------------------------------------------------------

Fim da análise no computador.

 

-----------------------------------------------------------

Arquivos e chaves excluídos da unidade escolhida:

 

Malware não detectado em nenhuma unidade!

 

-----------------------------------------------------------

Fim da análise, a unidade verificada foi: "Todas as unidades"

 

-----------------------------------------------------------

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:19:03, on 4/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\sm56hlpr.exe

C:\arquivos de programas\softwin\bitdefender8\bdnagent.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\Arquivos de programas\SEC\MagicTune3.6\GammaTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\eMule\emule.exe

D:\Downloads\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.70:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand202000032.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bDNewsAgent] "c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MagicTune 3.6.lnk = ?

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185403795437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185399534593

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

[DigRam 144]

Boa Tarde jgarciarj!

 

>@< Faça o download do l2mfix.

>@< Salve-o no Desktop!

>@< Abra o programa e clique em Accept >> Clique em Install.

>@< Aparecerá,no Desktop,uma pasta! ( l2mfix )

>@< Execute o arquivo ( l2mfix.bat ).

>@< Aperte Enter!

>@< Digite o 1 ( Run Find Log ) >> Aperte Enter! << A opção 1,é apenas de diagnóstico!

>@< Surgirá um relatório ( L2MFIX find log ) que voçê deverá copiar e colar,para a sua resposta.

________________________

 

>@< Poste,também,um novo Log do HijackThis,na sua resposta.

 

Abraços!

[jgarciajr 0]

Boa Tarde DigRam,

 

Segue abaixo o report do l2mfix e o log do HijackThis.

 

Obrigado mais uma vez,

 

Garcia Jr

 

 

L2MFIX find log 051206

These are the registry keys present

********************************************************************************

**

Winlogon/notify:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginAbn]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\Downloaded Program Files\\gbiehabn.dll"

"Impersonate"=dword:00000000

"MaxWait"=dword:00000102

"Startup"="GbPluginEventStartup"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

"Asynchronous"=dword:00000000

"DllName"="C:\\ARQUIV~1\\GbPlugin\\gbieh.dll"

"Impersonate"=dword:00000000

"MaxWait"=dword:00000102

"Startup"="GbPluginEventStartup"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

"EulaAccepted"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__GbPluginBb]

"Asynchronous"=dword:00000000

"DllName"="C:\\ARQUIVOS DE PROGRAMAS\\GBPLUGIN\\gbieh.dll"

"Impersonate"=dword:00000000

"MaxWait"=dword:00000102

"Startup"="GbPluginEventStartup"

 

********************************************************************************

**

useragent:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

 

********************************************************************************

**

Shell Extension key:

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj"

"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"

"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extrator de miniaturas de arquivo GDI+"

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Identificador de informações de resumo de miniaturas (DOCFILES)"

"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extrator de miniaturas HTML"

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"

 

********************************************************************************

**

HKEY ROOT CLASSIDS:

********************************************************************************

**

Files Found are not all bad files:

 

C:\WINDOWS\SYSTEM32\

crpe32.dll Sat 24 Nov 2007 18:42:32 A.... 1.846.784 1,76 M

lsasrv.dll Wed 7 Nov 2007 6:28:44 A.... 724.480 707,50 K

p2ctdao.dll Sat 24 Nov 2007 18:42:32 A.... 50.176 49,00 K

 

3 items found: 3 files, 0 directories.

Total of file sizes: 2.621.440 bytes 2,50 M

Locate .tmp files:

 

No matches found.

********************************************************************************

**

Directory Listing of system files:

O volume na unidade C é Disco local

O número de série do volume é C0B0-BE5A

 

Pasta de C:\WINDOWS\System32

 

09/01/2008 22:21 <DIR> dllcache

31/03/2007 10:35 <DIR> Microsoft

0 arquivo(s) 0 bytes

2 pasta(s) 140.271.398.912 bytes disponíveis

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:06:25, on 4/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\sm56hlpr.exe

C:\arquivos de programas\softwin\bitdefender8\bdnagent.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\vsnpstd3.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\SEC\MagicTune3.6\GammaTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

D:\Downloads\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.70:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand202000032.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bDNewsAgent] "c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MagicTune 3.6.lnk = ?

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185403795437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185399534593

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

[DigRam 144]

Boa Tarde jgarciajr!

 

Files Found are not all bad files:

 

C:\WINDOWS\SYSTEM32\

crpe32.dll Sat 24 Nov 2007 18:42:32 A.... 1.846.784 1,76 M

lsasrv.dll Wed 7 Nov 2007 6:28:44 A.... 724.480 707,50 K

p2ctdao.dll Sat 24 Nov 2007 18:42:32 A.... 50.176 49,00 K

 

3 items found: 3 files, 0 directories.

Total of file sizes: 2.621.440 bytes 2,50 M

>@< Pelo relatório do L2MFix,está tudo Ok e,os arquivos detectados são legítmos.

>@< As datas,também,corroboram o fato de não serem os causadores do problema.

__________________________

 

>@< Voçê já fez uma verificação,sobre os seus atributos administrativos?

>@< Podem,ter sido removidos por malwares! Faça uma verificação,mais detalhada!

__________________________

 

<!> Estabeleça as suas diretrizes de Administrador!

<1> Clique em Iniciar >> Painel de controles >> Ferramentas administrativas >> Gerenciamento do computador >> Usuários ( Aqui,voçê terá nomes que,poderão ter acesso ao seu computador:Administrador [ Cria uma nova administração! ] / Convidado / Help Assistant / Usuário do PC / SUPPORT_38... ).

<2> No campo da direita,selecione Administrador ( Clique com o botão direito do Mouse! ).

<3> Escolha: Propriedades.

<4> Abrir-se-á a janela Propriedades de Administrador.

<5> Na aba Geral,temos:

<!> NOME COMPLETO:xxxxxxxxxxxxxxxxxxxxxx ( Digite,aqui,o nome de usuário. )

<!> DESCRIÇÃO: Conta interna para a administração do computador/

<6> Nas caixinhas,logo abaixo,deixe apenas: "A senha nunca expira"

<7> Clique em Aplicar >> Ok!

<8> Reinicie o computador!

<!> Ps: Caso exista em Usuários o seu nome,como administrador,verifique se o ícone não está marcado com um x.

<!> Caso esteja,faça o seguinte: Clique com o botão direito do Mouse,vá em Propriedades.

<!> Desmarque a caixa Conta desativada >> Aplicar >> Ok.

>@< Amigo,executaremos mais uma ferramenta de diagnóstico..a última!E,se nada for encontrado,faça reparos do SO,pelo CD-ROM de instalação do Windows XP.

_________________________

 

>@< Faça o download do DiagHelp.

>@< Salve-o no Disco Local-C.

>@< Descompacte a ferramenta e abra a pasta DiagHelp.

>@< Dê um duplo clique em go.cmd

>@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter.

>@< Aperte Enter novamente!(...ou,qualquer tecla! )

>@< Aguarde o término da análise!

>@< Terminando,feche o programa e copie/cole o relatório ( C:\resultat.txt ),na sua resposta.

 

Abraços!

[jgarciajr 0]

Boa Tarde DigRam,

 

Aparentemente meu atributos administrativos estavam e continuão a estar OK.

Executei todo o processo recomendado e tanto o login de Usuário como de Administrador pareciam estar normal.

Segue abaixo o relatório do DiagHelp.

 

Obrigado pela paciência e atenção,

 

Garcia Jr

 

 

 

DiagHelp version v1.4 - http://www.malekal.com

excute le seg 04/02/2008 à 15:17:36,67

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->4/2/2008 15:17:35

C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->4/2/2008 15:17:33

C:\WINDOWS\prefetch\WINRAR.EXE-24F1FBE5.pf -->4/2/2008 15:16:46

C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->4/2/2008 15:16:33

C:\WINDOWS\prefetch\WINWORD.EXE-03890AC7.pf -->4/2/2008 15:16:32

C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->4/2/2008 15:16:32

C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->4/2/2008 15:13:54

C:\WINDOWS\prefetch\SMLOGSVC.EXE-177864DC.pf -->4/2/2008 15:09:52

C:\WINDOWS\prefetch\MMC.EXE-40C583F0.pf -->4/2/2008 15:08:14

C:\WINDOWS\prefetch\IEXPLORE.EXE-3A8DC0B9.pf -->4/2/2008 15:00:45

 

C:\WINDOWS\System32\drivers\avg7core.sys -->11/1/2008 16:24:20

C:\WINDOWS\System32\drivers\avg7rsxp.sys -->11/1/2008 09:08:52

C:\WINDOWS\System32\drivers\avg7rsw.sys -->11/1/2008 09:08:52

C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 07:25:56

C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 14:20:55

C:\WINDOWS\System32\drivers\pfc.sys -->20/9/2007 17:09:22

C:\WINDOWS\System32\drivers\scdemu.sys -->6/8/2007 21:15:07

 

C:\WINDOWS\System32\nvapps.xml -->4/2/2008 15:15:17

C:\WINDOWS\System32\asfiles.txt -->1/2/2008 08:40:49

C:\WINDOWS\System32\Uninstall.ico -->1/2/2008 08:23:28

C:\WINDOWS\System32\pavas.ico -->1/2/2008 08:23:28

C:\WINDOWS\System32\Help.ico -->1/2/2008 08:23:28

C:\WINDOWS\System32\wpa.dbl -->30/1/2008 15:23:25

C:\WINDOWS\System32\FNTCACHE.DAT -->22/1/2008 06:46:49

C:\WINDOWS\System32\MRT.INI -->9/1/2008 22:22:31

C:\WINDOWS\System32\MRT.exe -->2/1/2008 15:21:36

C:\WINDOWS\System32\TZLog.log -->12/12/2007 23:01:57

C:\WINDOWS\System32\P2CTDAO.DLL -->24/11/2007 18:42:31

C:\WINDOWS\System32\CRPE32.DLL -->24/11/2007 18:42:31

C:\WINDOWS\System32\tzchange.exe -->13/11/2007 08:31:11

C:\WINDOWS\System32\SysMmnep1.ini -->10/11/2007 13:39:28

C:\WINDOWS\System32\lsasrv.dll -->7/11/2007 06:28:43

C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->5/11/2007 13:22:12

C:\WINDOWS\System32\perfh016.dat -->5/11/2007 08:09:43

C:\WINDOWS\System32\perfh009.dat -->5/11/2007 08:09:43

C:\WINDOWS\System32\perfc016.dat -->5/11/2007 08:09:43

C:\WINDOWS\System32\perfc009.dat -->5/11/2007 08:09:43

C:\WINDOWS\System32\PerfStringBackup.INI -->5/11/2007 08:09:41

C:\WINDOWS\System32\mshtml.dll -->30/10/2007 20:23:19

C:\WINDOWS\System32\quartz.dll -->29/10/2007 19:44:03

C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:04

C:\WINDOWS\System32\shell32.dll -->25/10/2007 13:43:28

 

C:\WINDOWS\WindowsUpdate.log -->4/2/2008 15:16:33

C:\WINDOWS\0.log -->4/2/2008 15:15:32

C:\WINDOWS\wiadebug.log -->4/2/2008 15:15:28

C:\WINDOWS\wiaservc.log -->4/2/2008 15:15:25

C:\WINDOWS\bootstat.dat -->4/2/2008 15:14:59

C:\WINDOWS\SchedLgU.Txt -->4/2/2008 15:14:02

C:\WINDOWS\setupapi.log -->4/2/2008 09:08:00

C:\WINDOWS\ntbtlog.txt -->4/2/2008 09:02:04

C:\WINDOWS\win.ini -->3/2/2008 09:53:39

C:\WINDOWS\NeroDigital.ini -->2/2/2008 20:40:57

C:\WINDOWS\system.ini -->2/2/2008 14:05:33

C:\WINDOWS\QTFont.qfn -->2/2/2008 11:22:58

C:\WINDOWS\ImpTableL.bin -->22/1/2008 17:32:38

C:\WINDOWS\bdoscandellang.ini -->9/1/2008 15:01:48

C:\WINDOWS\bdoscandel.exe -->9/1/2008 15:01:48

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 1728

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x43380000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x43100000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll

0x5d510000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x76fb0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77030000 0xcd000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x13420000 0x1a000 11.00.5721.5145 C:\ARQUIV~1\WINDOW~2\wmpband.dll

0x10000000 0xae000 3.06.0021.0003 C:\ARQUIV~1\GbPlugin\gbieh.dll

0x43460000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll

0x76b00000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x43660000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll

0x435b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x00ec0000 0x2d000 C:\Arquivos de programas\WinRAR\rarext.dll

0x00ca0000 0xe000 1.00.0000.0000 C:\Arquivos de programas\Softwin\BitDefender8\bdshelxt.dll

0x7c140000 0xee000 7.00.9466.0000 C:\WINDOWS\system32\MFC70.DLL

0x7c000000 0x54000 7.00.9466.0000 C:\WINDOWS\system32\MSVCR70.dll

0x74c40000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll

0x76050000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll

0x02d10000 0xa6000 8.01.0005.0137 C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll

0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll

0x325c0000 0x12000 11.00.5510.0000 C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

0x00c00000 0x10000 8.00.0000.0456 C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

0x03680000 0x154000 4.05.0156.0000 C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

0x6d7c0000 0x79000 6.00.0030.0005 C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

0x7c340000 0x56000 7.10.3052.0004 C:\Arquivos de programas\Java\jre1.6.0_03\bin\MSVCR71.dll

0x02eb0000 0x58000 C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

0x74610000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x03ca0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x042d0000 0x174000 1.01.0001.0001 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll

0x04190000 0x103000 7.10.3077.0000 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\MFC71.DLL

0x7c3a0000 0x7b000 7.10.3077.0000 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\MSVCP71.dll

0x04550000 0x5b000 8.01.0000.0000 C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll

0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL

0x30b60000 0xe000 8.05.0000.0001 C:\ARQUIV~1\DAP\PRIVAC~1\DAPCTX~1.DLL

0x73d80000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL

0x61e40000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL

0x048d0000 0x747000 6.14.0010.8391 C:\WINDOWS\system32\nvcpl.dll

0x03b00000 0x41000 6.14.0010.8391 C:\WINDOWS\system32\NVRSPTB.DLL

0x04630000 0x73000 6.14.0010.11022 C:\WINDOWS\system32\nvshell.dll

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 772

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe

0x5d510000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74610000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x77030000 0xcd000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x76fb0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

 

 

O volume na unidade C é Disco local

O número de série do volume é C0B0-BE5A

 

Pasta de C:\WINDOWS\system32

 

04/08/2004 00:45 6.144 csrss.exe

1 arquivo(s) 6.144 bytes

0 pasta(s) 140.268.191.744 bytes disponíveis

 

Contenu de Downloaded Program Files

O volume na unidade C é Disco local

O número de série do volume é C0B0-BE5A

 

Pasta de C:\WINDOWS\Downloaded Program Files

 

04/02/2008 09:08 <DIR> .

04/02/2008 09:08 <DIR> ..

24/08/2006 08:28 141.424 asinst.dll

22/08/2006 09:06 537 asinst.inf

09/01/2008 15:01 32 bdcore.dll

09/01/2008 15:01 118.784 bdupd.dll

30/01/2007 15:06 565 DASAct.inf

31/03/2007 10:30 65 desktop.ini

13/12/2007 09:06 2.891.744 gbieh.gmd

08/08/2007 14:29 65.352 gbpdist.dll

04/12/2006 19:39 252 gbpdist.inf

04/01/2007 11:02 317 GbPluginABN.inf

09/01/2008 15:01 53.248 ipsupd.dll

14/03/2007 04:02 1.055 jinstall-6u1.inf

09/01/2008 15:01 6.742 lang.ini

11/12/2006 16:44 367 LegitCheckControl.inf

09/01/2008 15:01 32 libfn.dll

21/01/2008 17:43 130 live.ini

16/04/2007 22:50 295 muweb.inf

02/08/2007 18:20 1.864 OnlineScanner.inf

09/01/2008 15:01 1.244 oscan8.inf

09/01/2008 15:01 471.040 oscan8.ocx

04/12/2006 15:16 144 QTPlugin.inf

09/01/2008 15:01 6.828 scanoptions.tsi

09/11/2006 14:36 5.019 swflash.inf

16/04/2007 22:50 293 wuweb.inf

24 arquivo(s) 3.767.373 bytes

 

Total de arquivos na lista:

24 arquivo(s) 3.767.373 bytes

2 pasta(s) 140.268.191.744 bytes disponíveis

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

possible infection rogues : l'utilisation de SmitFraudFix est recommandé

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"C:\\Arquivos de programas\\eMule\\emule.exe"="C:\\Arquivos de programas\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

 

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-04 15:18:57

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:80,63,f5,80,96,ba,32,43,02,3e,92,20,86,86,f4,6b,56,54,95,29,c3,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:41,a2,19,aa,8c,d7,f0,06,88,29,cb,84,80,95,05,d7,16,32,af,01,3c,..

"d0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9d,46,53,36,72,5f,db,a7,77,43,f8,32,81,8c,f1,e7,e2,49,d4,19,47,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:80,63,f5,80,96,ba,32,43,02,3e,92,20,86,86,f4,6b,56,54,95,29,c3,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:41,a2,19,aa,8c,d7,f0,06,88,29,cb,84,80,95,05,d7,16,32,af,01,3c,..

"d0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9d,46,53,36,72,5f,db,a7,77,43,f8,32,81,8c,f1,e7,e2,49,d4,19,47,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20226~\2]

"6140110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

232 - CDAC11BA.EXE

332 - MDM.EXE

344 - GammaTray.exe

372 - nvsvc32.exe

432 - svchost.exe

440 - HPZipm12.exe

448 - hpqtra08.exe

672 - NCProTray.exe

748 - csrss.exe

772 - winlogon.exe

816 - services.exe

828 - lsass.exe

988 - svchost.exe

1068 - svchost.exe

1184 - svchost.exe

1244 - svchost.exe

1392 - svchost.exe

1428 - gbpsv.exe

1652 - FNPLicensingSer

1728 - explorer.exe

1832 - rundll32.exe

1872 - sm56hlpr.exe

1900 - bdnagent.exe

1924 - hpwuSchd2.exe

1944 - DWinTrsl.exe

1952 - PWRISOVM.EXE

1964 - CameraFixer.exe

1972 - tsnpstd3.exe

1984 - vsnpstd3.exe

2004 - ctfmon.exe

2244 - alg.exe

2376 - wscntfy.exe

2792 - hpqste08.exe

2816 - svchost.exe

2984 - WINWORD.EXE

3044 - wuauclt.exe

3468 - cmd.exe

 

Total number of processes = 38

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntoskrnl.exe

806FE000 - \WINDOWS\system32\hal.dll

F7D2F000 - \WINDOWS\system32\KDCOM.DLL

F7C3F000 - \WINDOWS\system32\BOOTVID.dll

F7726000 - sptd.sys

F7D31000 - \WINDOWS\System32\Drivers\WMILIB.SYS

F770E000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS

F76E0000 - ACPI.sys

F782F000 - isapnp.sys

F76CF000 - pci.sys

F7D33000 - avgarkt.sys

F7DF7000 - PCIIde.sys

F7AAF000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS

F7D35000 - intelide.sys

F783F000 - MountMgr.sys

F76B0000 - ftdisk.sys

F7D37000 - dmload.sys

F768A000 - dmio.sys

F7AB7000 - PartMgr.sys

F784F000 - VolSnap.sys

F7672000 - atapi.sys

F785F000 - disk.sys

F786F000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F7652000 - fltmgr.sys

F7640000 - sr.sys

F787F000 - PxHelp20.sys

F7629000 - KSecDD.sys

F759C000 - Ntfs.sys

F756F000 - NDIS.sys

F7554000 - Mup.sys

F78EF000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F716A000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys

F7156000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F7131000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys

F70F8000 - \SystemRoot\system32\DRIVERS\yk51x86.sys

F7AF7000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F70D5000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F7AFF000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F6FF3000 - \SystemRoot\system32\DRIVERS\smserial.sys

F7B0F000 - \SystemRoot\System32\Drivers\Modem.SYS

F7B1F000 - \SystemRoot\system32\DRIVERS\fdc.sys

F6FDF000 - \SystemRoot\system32\DRIVERS\parport.sys

F7D41000 - \SystemRoot\system32\DRIVERS\ASACPI.sys

F78FF000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F7B27000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F7B2F000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F6FCE000 - \SystemRoot\system32\DRIVERS\serial.sys

F7D0F000 - \SystemRoot\system32\DRIVERS\serenum.sys

F790F000 - \SystemRoot\system32\DRIVERS\imapi.sys

F7D1B000 - \SystemRoot\system32\drivers\pfc.sys

F791F000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F792F000 - \SystemRoot\system32\DRIVERS\redbook.sys

F6F83000 - \SystemRoot\system32\DRIVERS\ks.sys

F7F12000 - \SystemRoot\system32\DRIVERS\audstub.sys

F793F000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7D2B000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F6F6C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F794F000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F795F000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F7B5F000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F6F5B000 - \SystemRoot\system32\DRIVERS\psched.sys

F796F000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7B6F000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F7B7F000 - \SystemRoot\system32\DRIVERS\raspti.sys

F6F2A000 - \SystemRoot\system32\DRIVERS\rdpdr.sys

F797F000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7D47000 - \SystemRoot\system32\DRIVERS\swenum.sys

F6E31000 - \SystemRoot\system32\DRIVERS\update.sys

F7510000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F798F000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F4B4E000 - \SystemRoot\system32\drivers\cmudax.sys

F4B2A000 - \SystemRoot\system32\drivers\portcls.sys

F799F000 - \SystemRoot\system32\drivers\drmk.sys

F79AF000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7D4F000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F7D0B000 - \SystemRoot\system32\drivers\MODEMCSA.sys

F7B9F000 - \SystemRoot\system32\DRIVERS\flpydisk.sys

F7D53000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F7E65000 - \SystemRoot\System32\Drivers\Null.SYS

F7D57000 - \SystemRoot\System32\Drivers\Beep.SYS

F7E69000 - \SystemRoot\System32\DRIVERS\AvgArCln.sys

F7E6B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys

F6FB2000 - \SystemRoot\system32\drivers\MTictwl.sys

F7BB7000 - \SystemRoot\System32\drivers\vga.sys

F7D5B000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7D5F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F7BC7000 - \SystemRoot\System32\Drivers\Msfs.SYS

F7BD7000 - \SystemRoot\System32\Drivers\Npfs.SYS

F6FAA000 - \SystemRoot\system32\DRIVERS\rasacd.sys

F4A90000 - \SystemRoot\system32\DRIVERS\ipsec.sys

F4A38000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F4A10000 - \SystemRoot\system32\DRIVERS\netbt.sys

F49EF000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F79CF000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F49CD000 - \SystemRoot\System32\drivers\afd.sys

F79DF000 - \SystemRoot\system32\DRIVERS\netbios.sys

F7BE7000 - \SystemRoot\System32\Drivers\SCDEmu.SYS

F497A000 - \SystemRoot\system32\DRIVERS\rdbss.sys

F490B000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F79EF000 - \SystemRoot\System32\Drivers\Fips.SYS

F40DD000 - \SystemRoot\system32\DRIVERS\snpstd3.sys

F7A2F000 - \SystemRoot\system32\DRIVERS\STREAM.SYS

F7A3F000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F40C5000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F7D69000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F4B0E000 - \SystemRoot\System32\drivers\Dxapi.sys

F7C1F000 - \SystemRoot\System32\watchdog.sys

BF9C3000 - \SystemRoot\System32\drivers\dxg.sys

F7F51000 - \SystemRoot\System32\drivers\dxgthk.sys

BF9D5000 - \SystemRoot\System32\nv4_disp.dll

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

F4025000 - \??\C:\ARQUIV~1\SPEEDB~1\sbbotdi.sys

BA2A3000 - \SystemRoot\system32\drivers\wdmaud.sys

BA328000 - \SystemRoot\system32\drivers\sysaudio.sys

B9FF0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F7D83000 - \SystemRoot\System32\Drivers\ParVdm.SYS

BABB0000 - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS

BA233000 - \SystemRoot\system32\DRIVERS\secdrv.sys

B9CF6000 - \SystemRoot\system32\DRIVERS\srv.sys

B9AAD000 - \SystemRoot\System32\Drivers\HTTP.sys

B9787000 - \SystemRoot\system32\drivers\kmixer.sys

F7F5C000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 123

 

Liste des programmes installes

 

ACDSee 9 Photo Manager

ACDSee Pro

Adobe Acrobat 8 Professional - English, Français, Deutsch

Adobe Acrobat 8.1.1 Professional

Adobe Atmosphere Player for Acrobat and Adobe Reader

Adobe Flash Player 9 ActiveX

Adobe Photoshop CS2

Adobe Photoshop CS2

Adobe Photoshop CS3

Adobe Premiere Pro 1.5

Adobe Stock Photos 1.0

Adobe Stock Photos 1.0

AP Guitar Tuner 1.02

Arasan 7.4

Arquivo do WinRAR

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB917734)

Atualização de Segurança para Windows Internet Explorer 7 (KB928090)

Atualização de Segurança para Windows Internet Explorer 7 (KB931768)

Atualização de Segurança para Windows Internet Explorer 7 (KB933566)

Atualização de Segurança para Windows Internet Explorer 7 (KB937143)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB939653)

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)

Atualização de Segurança para Windows XP (KB893756)

Atualização de Segurança para Windows XP (KB896358)

Atualização de Segurança para Windows XP (KB896423)

Atualização de Segurança para Windows XP (KB896424)

Atualização de Segurança para Windows XP (KB896428)

Atualização de Segurança para Windows XP (KB899587)

Atualização de Segurança para Windows XP (KB899591)

Atualização de Segurança para Windows XP (KB900725)

Atualização de Segurança para Windows XP (KB901017)

Atualização de Segurança para Windows XP (KB901214)

Atualização de Segurança para Windows XP (KB902400)

Atualização de Segurança para Windows XP (KB904706)

Atualização de Segurança para Windows XP (KB905414)

Atualização de Segurança para Windows XP (KB905749)

Atualização de Segurança para Windows XP (KB908519)

Atualização de Segurança para Windows XP (KB911562)

Atualização de Segurança para Windows XP (KB911927)

Atualização de Segurança para Windows XP (KB912919)

Atualização de Segurança para Windows XP (KB913580)

Atualização de Segurança para Windows XP (KB914388)

Atualização de Segurança para Windows XP (KB914389)

Atualização de Segurança para Windows XP (KB917344)

Atualização de Segurança para Windows XP (KB917422)

Atualização de Segurança para Windows XP (KB917953)

Atualização de Segurança para Windows XP (KB918118)

Atualização de Segurança para Windows XP (KB918439)

Atualização de Segurança para Windows XP (KB919007)

Atualização de Segurança para Windows XP (KB920213)

Atualização de Segurança para Windows XP (KB920670)

Atualização de Segurança para Windows XP (KB920683)

Atualização de Segurança para Windows XP (KB920685)

Atualização de Segurança para Windows XP (KB921503)

Atualização de Segurança para Windows XP (KB922819)

Atualização de Segurança para Windows XP (KB923191)

Atualização de Segurança para Windows XP (KB923414)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923694)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB923980)

Atualização de Segurança para Windows XP (KB924191)

Atualização de Segurança para Windows XP (KB924270)

Atualização de Segurança para Windows XP (KB924496)

Atualização de Segurança para Windows XP (KB924667)

Atualização de Segurança para Windows XP (KB925902)

Atualização de Segurança para Windows XP (KB926255)

Atualização de Segurança para Windows XP (KB926436)

Atualização de Segurança para Windows XP (KB927779)

Atualização de Segurança para Windows XP (KB927802)

Atualização de Segurança para Windows XP (KB928090)

Atualização de Segurança para Windows XP (KB928255)

Atualização de Segurança para Windows XP (KB928843)

Atualização de Segurança para Windows XP (KB929123)

Atualização de Segurança para Windows XP (KB930178)

Atualização de Segurança para Windows XP (KB931261)

Atualização de Segurança para Windows XP (KB931784)

Atualização de Segurança para Windows XP (KB932168)

Atualização de Segurança para Windows XP (KB933729)

Atualização de Segurança para Windows XP (KB935839)

Atualização de Segurança para Windows XP (KB935840)

Atualização de Segurança para Windows XP (KB936021)

Atualização de Segurança para Windows XP (KB937894)

Atualização de Segurança para Windows XP (KB938829)

Atualização de Segurança para Windows XP (KB941202)

Atualização de Segurança para Windows XP (KB941568)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB941644)

Atualização de Segurança para Windows XP (KB943460)

Atualização de Segurança para Windows XP (KB943485)

Atualização de Segurança para Windows XP (KB944653)

Atualização para Windows XP (KB894391)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB900485)

Atualização para Windows XP (KB904942)

Atualização para Windows XP (KB908531)

Atualização para Windows XP (KB910437)

Atualização para Windows XP (KB911280)

Atualização para Windows XP (KB916595)

Atualização para Windows XP (KB920342)

Atualização para Windows XP (KB920872)

Atualização para Windows XP (KB922582)

Atualização para Windows XP (KB925720)

Atualização para Windows XP (KB925876)

Atualização para Windows XP (KB927891)

Atualização para Windows XP (KB929338)

Atualização para Windows XP (KB930916)

Atualização para Windows XP (KB931836)

Atualização para Windows XP (KB933360)

Atualização para Windows XP (KB936357)

Atualização para Windows XP (KB938828)

Atualização para Windows XP (KB942763)

AVG Anti-Rootkit Free

Barra de Ferramentas do Yahoo! com bloqueador de pop-up

BitDefender 8 Free Edition

BitTorrent 5.0.9

BS.Player FREE powered by AdVantage

BufferChm

C-Media High Definition Audio Driver

CCleaner (remove only)

Chess Eye

Copernic Desktop Search 2

D1300

D1300_Help

DeviceManagementQFolder

Dicionário de Acordes

Dicionário de Sinônimos AOL

Download Accelerator Plus (DAP)

eMule

ESET Online Scanner

eSupportQFolder

EVGA Display Driver

Fishes of the Caribbean and Adjacent Waters, 3rd Ed.

FLV Player

Google Earth

GPS TrackMaker®

Grapher 7

Guitar Pro 5.0

High Definition Audio - KB888111

HijackThis 1.99.1

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB909394)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB914440)

Hoyle Slots & Video Poker 3

HP Imaging Device Functions 7.0

HP Photosmart and Deskjet 7.0 Software (ptb)

HP Solution Center 7.0

HP Update

hph_ProductContext

hph_readme

hph_software

hph_software_req

HPPhotoSmartExpress

HPProductAssistant

Java 6 Update 2

Java 6 Update 3

Java SE Runtime Environment 6 Update 1

jose

L&H Power Translator Pro 7.0

LDOCE

Lizardtech DjVu Control

Lord Of The Chess 1.1.0.0

MagicTune3.6

Mapa do Brasil

Marvell Miniport Driver

MicroPower Delta Translator 3.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 - Language Pack (italiano)

Microsoft .NET Framework 2.0 Language Pack - ITA

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Motorola SM56 Speakerphone Modem

Mozilla Firefox (2.0.0.3)

MSXML 6.0 Parser (KB933579)

Natural Color Pro

Nero Suite

Novo Dicionário Aurélio

Oxford Advanced Learner's Dictionary - 7th edition

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card

Panda ActiveScan

Personal Translator 2008 Professional English Italian

Pocket StripPoker

Poker Pop

PowerISO

QUICKfind

QuickTime

Replay Converter 2.8

SafeCast Shared Components

Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)

Share Accelerator MM Toolbar

sharks_1024x768_brasil Screen Saver

Skype™ 3.5

SolutionCenter

SpeedBit Video Accelerator

SPSS 11.5 for Windows

STATISTICA 7

Status

Surfer 8

Texas Hold'em Poker 3D - Deluxe Edition 1.0

Toolbox

TrayApp

Unload

USB PC Camera-168

VobSub v2.23 (Remove Only)

WebFldrs XP

WebReg

Winamp

Windows Communication Foundation

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows Movie Maker 2.0

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation

Windows Workflow Foundation BR Language Pack

Windows XP Creativity Fun Packs - Windows Movie Maker 2

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

XP Codec Pack

Yahoo! Install Manager

Yahoo! Toolbar

 

 

 

O volume na unidade C é Disco local

O número de série do volume é C0B0-BE5A

 

Pasta de C:\Arquivos de programas

 

04/02/2008 11:36 <DIR> .

04/02/2008 11:36 <DIR> ..

20/09/2007 17:20 <DIR> ACD Systems

02/11/2007 18:10 <DIR> Adobe

18/08/2007 07:37 <DIR> AdVantage

31/03/2007 11:28 <DIR> Ahead

14/10/2007 18:01 <DIR> Arquivos comuns

10/11/2007 13:50 <DIR> Atrativa Games

08/12/2007 19:38 <DIR> Audio Phonics, Inc

15/01/2006 17:21 1.990.144 Billion Chords.exe

10/11/2007 12:15 <DIR> BitTorrent

23/08/2007 19:27 <DIR> CCleaner

01/08/2007 10:03 <DIR> Chave Windows

01/04/2007 17:43 <DIR> Chess Eye

06/04/2007 21:31 <DIR> COMMON~1

18/05/1999 15:25 581.632 Converte.exe

31/01/2008 11:03 <DIR> Copernic Desktop Search 2

01/02/2008 09:30 <DIR> DAP

02/11/2007 19:50 <DIR> Dic

29/11/2007 18:16 <DIR> Dicionário de Acordes

31/03/2007 19:23 <DIR> Dicionário de Sinônimos AOL

04/02/2008 15:00 <DIR> eMule

01/02/2008 14:33 <DIR> EsetOnlineScanner

27/09/2007 16:22 <DIR> FLV Player

07/10/2007 22:07 <DIR> Gabest

24/09/2007 08:39 <DIR> Garmin

01/02/2008 10:48 <DIR> GbPlugin

30/11/2007 18:20 <DIR> Geolcalc

05/10/2007 12:14 <DIR> Golden Software

19/12/2007 11:12 <DIR> Google

04/02/2008 11:36 <DIR> Grisoft

07/12/2007 10:28 <DIR> Guitar Pro 5

01/05/2007 11:16 <DIR> Handmark

15/04/2007 17:26 <DIR> Hewlett-Packard

15/04/2007 17:40 <DIR> HP

01/05/2007 23:02 <DIR> IDM

06/01/2005 01:03 <DIR> IE

31/03/2007 10:38 <DIR> Intel

01/02/2008 10:57 <DIR> Internet Explorer

05/11/2007 13:22 <DIR> Java

10/04/2007 07:32 <DIR> jose

20/08/2007 09:01 <DIR> Kristanix

01/04/2007 11:15 <DIR> LHSP

26/08/2007 22:17 <DIR> linguatec

30/11/2007 11:13 <DIR> LizardTech

03/05/2007 21:19 <DIR> Longman

01/04/2007 13:54 <DIR> Lord Of The Chess

31/03/2007 10:49 <DIR> Marvell

31/03/2007 21:17 <DIR> Messenger

11/09/2007 14:32 <DIR> MicroPower Software

01/05/2007 11:36 <DIR> Microsoft ActiveSync

31/03/2007 10:31 <DIR> microsoft frontpage

31/03/2007 10:54 <DIR> Microsoft Office

31/03/2007 10:53 <DIR> Microsoft Visual Studio

02/05/2007 08:23 <DIR> Microsoft Works

31/03/2007 10:54 <DIR> Microsoft.NET

30/11/2007 18:52 <DIR> Movie Maker

24/11/2007 20:32 <DIR> Moyea

18/11/2007 11:51 <DIR> Mozilla Firefox

01/04/2007 11:18 <DIR> MSBuild

31/03/2007 10:28 <DIR> MSN Gaming Zone

28/07/2007 09:08 <DIR> MSN Messenger

02/05/2007 09:40 <DIR> MSXML 6.0

31/03/2007 10:29 <DIR> NetMeeting

12/06/2007 20:49 <DIR> Outlook Express

01/05/2007 23:26 <DIR> Oxford

02/11/2007 12:38 <DIR> Play+Smile

02/11/2007 11:33 <DIR> Pôker

11/11/2007 20:35 <DIR> Poker Master

31/03/2007 19:15 <DIR> Positivo

01/02/2008 11:28 <DIR> PowerISO

02/02/2008 14:15 <DIR> PrevxCSI

01/05/2007 23:13 <DIR> QuickTime

31/03/2007 17:16 <DIR> ReefNet

01/04/2007 11:14 <DIR> Reference Assemblies

27/09/2007 17:22 <DIR> Replay Converter

05/04/2007 16:55 <DIR> SEC

31/03/2007 10:30 <DIR> Serviços on-line

01/02/2008 11:40 <DIR> Share_Accelerator_MM

12/11/2007 20:34 <DIR> SIERRA

22/04/2007 14:44 <DIR> SigmaStat

28/09/2007 20:46 <DIR> Skype

06/12/2007 20:05 <DIR> Softinterface, Inc

01/04/2007 13:26 <DIR> Softwin

01/02/2008 15:40 <DIR> Sophos

08/12/2007 19:43 <DIR> Soulseek-Test

31/03/2007 18:28 <DIR> SpeedBit Video Accelerator

22/01/2008 08:34 <DIR> SPSS

30/11/2007 19:09 <DIR> StatSoft

06/01/2008 13:27 <DIR> StreetChaves

06/01/2008 13:27 <DIR> streetchaves PC GAME

01/05/2007 23:02 <DIR> TEXTware

24/09/2007 18:05 <DIR> Trackmaker

23/09/2007 18:19 <DIR> Trend Micro

06/01/2005 01:03 <DIR> VB

05/04/2007 15:44 <DIR> Viewpoint

27/12/2007 11:28 <DIR> wavpack-4.41

02/11/2007 19:51 <DIR> WDIC

18/08/2007 07:37 <DIR> Webteh

29/01/2008 21:19 <DIR> Winamp

31/03/2007 20:04 <DIR> Windows Media Connect 2

01/02/2008 11:55 <DIR> Windows Media Player

31/03/2007 10:28 <DIR> Windows NT

31/03/2007 19:29 <DIR> Windows.Genuine.Advantage.Validation.v1.7.18.5.CRACKED-ETH0

01/02/2008 11:55 <DIR> WinRAR

31/03/2007 10:31 <DIR> xerox

31/03/2007 18:41 <DIR> XP Codec Pack

03/02/2008 14:34 <DIR> Yahoo!

20/11/2007 19:00 <DIR> ZLink

2 arquivo(s) 2.571.776 bytes

107 pasta(s) 140.245.602.304 bytes disponíveis

O volume na unidade C é Disco local

O número de série do volume é C0B0-BE5A

 

Pasta de C:\

 

03/02/2008 13:57 423.736 avgarkt-setup-1.1.0.42.exe

03/02/2008 09:25 180.719 bankerfix.exe

31/01/2008 14:11 2.733.928 ccsetup204.exe

02/02/2008 13:55 1.593.209 ComboFix.exe

02/02/2008 08:03 49.163 EliBaglA.exe

04/02/2008 08:47 103.641 Flash_Disinfector.exe

31/01/2008 14:07 92.672 KillBox.exe

04/02/2008 13:01 350.891 l2mfix.exe

02/02/2008 13:57 25.121 SProces.exe

9 arquivo(s) 5.553.080 bytes

0 pasta(s) 140.245.598.208 bytes disponíveis

 

 

 

 

c:\Documents and Settings\Cliente\Configurações locais\Temp\nircmd.exe

c:\Documents and Settings\Cliente\Configurações locais\Temp\ycomp_setup.exe

c:\Documents and Settings\Cliente\Configurações locais\Temporary Internet Files\Content.IE5\BCIO8DIH\Flash_Disinfector[1].exe

c:\Documents and Settings\Cliente\Configurações locais\Temporary Internet Files\Content.IE5\CZCZ0GEQ\l2mfix[1].exe

c:\Documents and Settings\Cliente\Dados de aplicativos\arasan.exe

c:\Documents and Settings\Cliente\Dados de aplicativos\arasanx.exe

c:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Installer\{03DEC52D-B335-45C9-BA02-2A1C59F1E3F3}\ARPPRODUCTICON.exe

c:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Installer\{03DEC52D-B335-45C9-BA02-2A1C59F1E3F3}\NewShortcut1_03DEC52DB33545C9BA022A1C59F1E3F3.exe

c:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Installer\{79ED0EE7-098C-465F-A853-B17F6FC6CDD8}\ARPPRODUCTICON.exe

c:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Installer\{79ED0EE7-098C-465F-A853-B17F6FC6CDD8}\NewShortcut1_79ED0EE7098C465FA853B17F6FC6CDD8.exe

c:\Documents and Settings\Cliente\Dados de aplicativos\Microsoft\Installer\{B6987ECB-076F-47A2-874D-99C7FAD6A775}\ARPPRODUCTICON.exe

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_USER.tar.gz a l'adresse http://upload.malekal.com

[DigRam 144]

Boa Noite jgarciajr!

 

>@< Desinstale: < Copernic Desktop Search 2 >

>@< Após desinstalar,reinicie o computador!

________________________

 

Recherche d'infections connues

possible infection rogues : l'utilisation de SmitFraudFix est recommandé

>@< DiagHelp,recomenda a utilização da ferramenta SmitFraudFix,na remoção de malwares.

________________________

 

>@< Faça o download do SmitfraudFix.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( SmitfraudFix.cmd ),para o Desktop.

>@< Reinicie o computador em Modo de Segurança!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

________________________

 

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta.

 

Abraços!

[jgarciajr 0]

Caro DigRam,

 

Segue abaixo os logs do SmitfraudFix e do HiJackThis.

Com relação aos atributos administrativos da minha máquina, reparei que o login de administrador só aparece quando reinicio no modo de segurança, entro (não tem senha) e acesso arquivos normalmente. Já quando reinicio no modo normal somente o meu login de usuário aparece. Sempre possuí somente o meu login de usuário e que o login de administrador deve ter algum acesso a arquivos restritos. Creio que isso seja normal, correto?

 

Muito obrigado,

 

Garcia Jr

 

 

 

SmitFraudFix v2.281

 

Scan done at 21:37:53,01, seg 04/02/2008

Run from C:\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [versão 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost127.0.0.1 update.bitdefender.com

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

C:\WINDOWS\system32\WPDShServiceObj.dll deleted.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\Arquivos de programas\vb\ Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix.exe by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 21:46:54, on 4/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\sm56hlpr.exe

C:\arquivos de programas\softwin\bitdefender8\bdnagent.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\tsnpstd3.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\Arquivos de programas\SEC\MagicTune3.6\GammaTray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

D:\Downloads\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.70:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bDNewsAgent] "c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MagicTune 3.6.lnk = ?

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185403795437

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185399534593

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[DigRam 144]

Bom Dia jgarciajr!

 

Com relação aos atributos administrativos da minha máquina, reparei que o login de administrador só aparece quando reinicio no modo de segurança, entro (não tem senha) e acesso arquivos normalmente. Já quando reinicio no modo normal somente o meu login de usuário aparece. Sempre possuí somente o meu login de usuário e que o login de administrador deve ter algum acesso a arquivos restritos. Creio que isso seja normal, correto?

>@< Sim,está correto!

________________________

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.70:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

>@< Se voçê não utiliza um servidor Proxy,para acessar a Net,pode dar Fix nestas entradas.

 

UAService.exe is Trojan/Backdoor. Kill the process UAService.exe and remove UAService.exe from Windows startup.

 

< http://www.softwaretipsandtricks.com/dange...Serviceexe.html >

>@< Vejamos se EliTriIP,em sua data base,remove o serviço malicioso.

________________________

 

>@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

>@< Faça o download da EliStarA.

>@< Baixe-a para o Desktop!

>@< Faça o download do EliTriIP.

>@< Baixe-o para o Desktop!

>@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

>@< Selecione as ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da ferramenta escolhida!

>@< Faça o download do Clean.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável para o Desktop! ( Atalho. )

>@< O executável é um ícone denominado: clean.cmd

>@< Reinicie o computador e entre em Modo de Segurança.

>@< Execute,primeiro,a ferramenta: EliStartA.

>@< Vá ao seu ícone e execute-a!

>@< Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois,pode demorar alguns minutos.

>@< Terminando,execute a ferramenta EliTriIP.

>@< O scan desta ferramenta é mais rápido!

>@< Terminando,execute o programa de limpeza profunda ( clean ) com um duplo clique no seu executável.

>@< Abrir-se-á um prompt com três opções: Escolha o dois ( 2 )!

>@< Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

>@< Aperte Enter,novamente!

>@< Surgirá um relatório ( rapport_clean ),que voçê deverá copiar e postar para análise.

_________________________

 

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + rapport_clean.

>@< Poste,também,um nôvo Log do HijackThis,feito em Modo Normal,na sua resposta.

>@< Ps: A ferramenta EliStarA,deletará (Opcional! ) a sua página inicial!Posteriormente,voçê à configurará novamente.

 

Abraços!

[jgarciajr 0]

Bom dia DigRam,

 

Segue o relatório e os logs.

 

 

Obrigado mais uma vez,

 

Garcia Jr

 

 

 

 

Tue Feb 05 07:31:11 2008

EliStartPage v15.58 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Documents and Settings\Cliente\SmitfraudFix\SmitfraudFix\REBOOT.EXE --> Eliminado, DollarRevenue (dldr)

C:\SmitfraudFix\SmitfraudFix\REBOOT.EXE --> Eliminado, DollarRevenue (dldr)

C:\WINDOWS\NIRCMD.EXE --> Eliminado, Tool-NirCmd

C:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

 

Nº Total de Directorios: 6090

Nº Total de Ficheros: 74889

Nº de Ficheros Analizados: 23101

Nº de Ficheros Infectados: 5

Nº de Ficheros Limpiados: 5

 

Tue Feb 05 07:44:23 2008

EliStartPage v15.58 ©2008 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

D:\Programas\RCSETUP.EXE --> Eliminado, P2PAdware.A

 

Nº Total de Directorios: 4562

Nº Total de Ficheros: 58277

Nº de Ficheros Analizados: 524

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Tue Feb 05 07:47:11 2008

EliTriIP v4.33 ©2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

 

Tue Feb 05 07:47:15 2008

EliTriIP v4.33 ©2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 6089

Nº Total de Ficheros: 74884

Nº de Ficheros Analizados: 21385

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Tue Feb 05 07:50:03 2008

EliTriIP v4.33 ©2008 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 4562

Nº Total de Ficheros: 58276

Nº de Ficheros Analizados: 508

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

 

 

 

 

Script executed in Safe Mode

Rapport clean par Malekal_morte - http://www.malekal.com

Script executed in Safe Mode ter 05/02/2008 a 7:53:47,32

 

Microsoft Windows XP [versão 5.1.2600]

 

*** Suppression C:

 

*** Suppression C:\WINDOWS\

 

*** Suppression C:\WINDOWS\system32

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 07:56:09, on 5/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\sm56hlpr.exe

C:\arquivos de programas\softwin\bitdefender8\bdnagent.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

C:\WINDOWS\CameraFixer.exe

C:\WINDOWS\tsnpstd3.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\vsnpstd3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

C:\WINDOWS\System32\svchost.exe

D:\Downloads\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.179.112.70:3127

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: (no name) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Arquivos de programas\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Atalho para a Página de Propriedades do High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bDNewsAgent] "c:\arquivos de programas\softwin\bitdefender8\bdnagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [WindowsTranslator] C:\ARQUIV~1\MICROP~1\DELTAT~1.0\DWinTrsl.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe

O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185403795437

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185399534593

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/...tail/DASAct.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll (file missing)

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

[DigRam 144]

Boa Tarde jgarciajr!

 

>@< Pare este serviço: < SecuROM User Access Service > Mas,ainda,não o delete!

___________________

 

>@< Vá em Iniciar >> Executar >> Digite: combofix /u >> Clique Ok.

>@< Na mensagem,selecione o "2". Se não funcionar,delete manualmente o ComboFix e baixe outra ferramenta!

___________________

 

>@< Rode,novamente,o ComboFix em Modo Seguro.Mas,faça-o Logado como Administrador!

>@< Terminando,reinicie em Modo Normal!

>@< Ps: Faça o procedimento,com o seu HD externo conectado.

___________________

 

>@< Poste,na sua resposta,apenas este relatório do ComboFix. ( ComboFix.txt )

 

Abraços!