[Resolvido!]Virus Gusano Bagle...

[ZecAdi 0]

Amigos do Fórum - Bom Dia.

Há dois dias, meu PC principal está com problema. De repente, sumiu o Avast e ao tentar reinstalar, tanto ele quanto outro (o AV7) não foi possível, dando a msg ".../win32.exe Não Valido. Depois de pesquisar a respeito, aqui mesmo no iMaster, sobre casos identicos, executei algumas ações (baixar o ccleaner, o Kill..., o Hithjack... etc). Tbem baixei o EliBagle da Satinfo e scanei o PC, que constatou os vírus: NEROCHECK.EXE -> Bagle.dldr e ainda MDELK.EXE -> Bagle, que segundo o EliBagle foram eliminados.

 

Ocorre que, ainda assim, não consegui reinstalar o Avast - pois dá a mesma msg de Win32 ñ valido, e mesmo em modo de Segurança, ñ consegui executar o HijackThis para lhes enviar um log para analise.

 

Hoje, estive quase o dia todo, tentando soluções, e agora mesmo, estou lhes relatando este Problema - solicitando ajuda, POR MEIO DE OUTRO PC que tenho em casa, pois que o PC com problema, tbem está "reiniciando", e CADA vez que reinicia, novamente aparece a Tela da Satinfo informando que o PC está infectado com o vírus Bagle novamente. Já escanei varias vezes, e sempre que reinicia - dá a mesma msg. Agora há pouco, ao reiniciar, aparece tbem uma tela "Select File to crack" nunca dantes vista, com janela de Examinar Arquivos / Nome do Arq. / e Tipo unico (/executable file [*.exe}, que eu fecho.

 

Desde já agradeço pela atenção, e caso tenha "remédio" para esse problema, como fazer para poder executar o HijackThis, se mesmo no Modo Segurança ñ abre o Hijack e ainda por cima, o PC reinicia inesperadamente!

Abraços amigos,

Prof. Avelar

[DigRam 144]

Bom Dia ZecAdi!

 

<!> Uma pergunta: Voçê está conseguindo entrar em Modo de Segurança?

_______________________

 

>@< Caso consiga,rode novamente o EliBagla,em Modo Seguro.

_______________________

 

>@< Faça o download do BlackLight.

>@< Baixe-o para o Disco Local-C!

>@< Estabeleça uma pasta própria para o programa ( FSBlackLight ).

>@< Ao roda-lo,feche todas as janelas e o navegador!

>@< Execute o programa,clicando no seu executável,e aceite o contrato de Licença.

>@< Na janela Step1 ( Scan for hidden itens ) >> Clique em Scan.

>@< Quando o scan terminar,aparecerá o botão Show all processes.

>@< O relatório ( Log ),estará na mesma pasta do executável.

_______________________

 

>@< Poste o conteúdo dêste Log ( fsbl xxxxx.log ),na sua resposta.Onde xxxxx são números!

>@< Poste,também,infoSat.txt,na sua resposta.

 

Abraços!

[ZecAdi 0]

Bom Dia ZecAdi!

 

<!> Uma pergunta: Voçê está conseguindo entrar em Modo de Segurança?

_______________________

 

>@< Caso consiga,rode novamente o EliBagla,em Modo Seguro.

_______________________

ba

>@< Faça o download do BlackLight.

>@< Baixe-o para o Disco Local-C!

>@< Estabeleça uma pasta própria para o programa ( FSBlackLight ).

>@< Ao roda-lo,feche todas as janelas e o navegador!

>@< Execute o programa,clicando no seu executável,e aceite o contrato de Licença.

>@< Na janela Step1 ( Scan for hidden itens ) >> Clique em Scan.

>@< Quando o scan terminar,aparecerá o botão Show all processes.

>@< O relatório ( Log ),estará na mesma pasta do executável.

_______________________

 

>@< Poste o conteúdo dêste Log ( fsbl xxxxx.log ),na sua resposta.Onde xxxxx são números!

>@< Poste,também,infoSat.txt,na sua resposta.

 

Abraços!

 

 

 

Ola Amigo - Obrigado pela ajuda. Respondendo sua perg info que meu PC funciona no Modo Seguro, visto que reinstalei o "Safe Mode". Procedi ao scaneamento do Elibagle conf. orientado, e as orientações sobre o FlashBlackLight.

Abaixo, o Relatório do mesmo e a seguir o Log do Elibagle.

Obrigado e saudações a todos do iMaster.

Prof.Avelar

 

02/29/08 14:39:44 [info]: BlackLight Engine 1.0.67 initialized

02/29/08 14:39:44 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/29/08 14:39:48 [Note]: 7019 4

02/29/08 14:39:48 [Note]: 7005 0

02/29/08 14:39:57 [Note]: 7006 0

02/29/08 14:39:57 [Note]: 7011 456

02/29/08 14:39:58 [Note]: 7026 0

02/29/08 14:39:58 [Note]: 7026 0

02/29/08 14:40:01 [Note]: FSRAW library version 1.7.1024

02/29/08 14:56:22 [Note]: 7007 0

 

Log do InfoSat:

Thu Feb 28 19:34:31 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Thu Feb 28 19:35:44 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Alwil Software\Avast4\ASHDISP.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6888

Nº Total de Ficheros: 76404

Nº de Ficheros Analizados: 9289

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

 

Thu Feb 28 19:45:13 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 43

Nº Total de Ficheros: 515

Nº de Ficheros Analizados: 16

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Thu Feb 28 19:45:20 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad E:\

 

Nº Total de Directorios: 23

Nº Total de Ficheros: 1545

Nº de Ficheros Analizados: 79

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Thu Feb 28 20:02:50 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Thu Feb 28 20:03:43 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Alwil Software\Avast4\ASHDISP.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6888

Nº Total de Ficheros: 76406

Nº de Ficheros Analizados: 9289

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

 

Thu Feb 28 20:42:57 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Thu Feb 28 20:43:47 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6888

Nº Total de Ficheros: 76409

Nº de Ficheros Analizados: 9289

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Thu Feb 28 21:26:49 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Thu Feb 28 21:27:20 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6888

Nº Total de Ficheros: 76316

Nº de Ficheros Analizados: 9289

Nº de Ficheros Infectados: 1

Nº de Ficheros Limpiados: 1

 

Thu Feb 28 22:06:26 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Thu Feb 28 22:07:29 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6889

Nº Total de Ficheros: 76322

Nº de Ficheros Analizados: 9290

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

 

Fri Feb 29 00:19:10 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Fri Feb 29 00:19:46 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6889

Nº Total de Ficheros: 76327

Nº de Ficheros Analizados: 9290

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

 

Fri Feb 29 08:50:41 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Fri Feb 29 08:51:48 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 643

Nº Total de Ficheros: 7713

Nº de Ficheros Analizados: 615

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Exploración Detenida por el Usuario.

 

Fri Feb 29 10:09:06 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.

C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.

Reinicie para Completar la Limpieza.

 

Fri Feb 29 10:10:10 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle.dldr

C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

 

Nº Total de Directorios: 6885

Nº Total de Ficheros: 76240

Nº de Ficheros Analizados: 9249

Nº de Ficheros Infectados: 2

Nº de Ficheros Limpiados: 2

 

Fri Feb 29 11:27:02 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle

 

Fri Feb 29 11:27:41 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\WINDOWS\system32\drivers\down\15403500.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\157250.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\227234.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\269562.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\279031.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\391093.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\4162859.EXE --> Eliminado Bagle

C:\WINDOWS\system32\drivers\down\539000.EXE --> Eliminado Bagle

 

Nº Total de Directorios: 6903

Nº Total de Ficheros: 79189

Nº de Ficheros Analizados: 9287

Nº de Ficheros Infectados: 8

Nº de Ficheros Limpiados: 8

 

Fri Feb 29 12:16:47 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

 

Fri Feb 29 12:16:54 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

Nº Total de Directorios: 6904

Nº Total de Ficheros: 79193

Nº de Ficheros Analizados: 9280

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

 

Fri Feb 29 14:36:43 2008

EliBagle v11.08 ©2008 S.G.H. / Satinfo S.L.

----------------------------------------------

Lista de Acciones (por Acción Directa):

[DigRam 144]

Opa! ZecAdi!

Boa Tarde!

 

>@< Foram muitas as tentativas de eliminar o Bagle,utilizando o EliBagla,mas...bastava,somente,executá-lo uma vez em Modo Normal e,a seguir,em Modo Seguro.

______________________

 

>@< Faça o download do UnHook.

>@< Baixe-o para o Desktop,mas não execute-o ainda!

______________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Reinicie em Modo de Segurança e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

>@< Terminando,reinicie em Modo Normal.

______________________

 

>@< Execute,agora,a ferramenta da Symantec. ( UnHookExec.inf )

>@< Clique com o lado direito,do Mouse >> Clique em Instalar.

>@< Reinicie o computador!

>@< Veja se já pode utilizar o HijackThis,e poste o seu relatório.

>@< Poste,também,o relatório: C:\ComboFix.txt,na sua resposta.

 

Abraços!

[ZecAdi 0]

Opa! ZecAdi!

Boa Tarde!

 

>@< Foram muitas as tentativas de eliminar o Bagle,utilizando o EliBagla,mas...bastava,somente,executá-lo uma vez em Modo Normal e,a seguir,em Modo Seguro.

______________________

 

>@< Faça o download do UnHook.

>@< Baixe-o para o Desktop,mas não execute-o ainda!

______________________

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Reinicie em Modo de Segurança e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

>@< Terminando,reinicie em Modo Normal.

______________________

 

>@< Execute,agora,a ferramenta da Symantec. ( UnHookExec.inf )

>@< Clique com o lado direito,do Mouse >> Clique em Instalar.

>@< Reinicie o computador!

>@< Veja se já pode utilizar o HijackThis,e poste o seu relatório.

>@< Poste,também,o relatório: C:\ComboFix.txt,na sua resposta.

 

Abraços!

 

Ola Amigo - Eis-me aqui de novo...

Segui suas instruções. No inicio, não executava o HijackThis. Baixei a versão nova 1.99.0.1 (para ver se adiantava) e desta vez abriu. Assim fiz o log conf orientações para esse Aplicativo e agora envio o log do mesmo e a seguir do ComboFix.

re-Obrigado sempre e abraços cordiais.

Prof. Avelar

 

Logfile of HijackThis v1.99.1

Scan saved at 18:38, on 2008-02-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\msn_livers.exe

C:\WINDOWS\system32\ACER.exe

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [msn_livers] C:\Arquivos de programas\msn_livers.exe

O4 - HKLM\..\Run: [GlobalFlagACER] C:\WINDOWS\system32\ACER.exe

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [broadCamRun] "C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -logon

O4 - HKLM\..\Run: [Recordpad] "C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" -logon

O4 - HKLM\..\Run: [symantec Fillter Check] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [EyelineRun] "C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: ACER.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -service (file missing)

O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

__________________________

 

ComboFix 08-03-01 - PattyMM 2008-02-29 17:37:13.4 - NTFSx86 MINIMAL

 

Executando de: C:\AVELAR\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\ADSTechnology

C:\Arquivos de programas\ADSTechnology\Uninstall.exe

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\imglog.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\bsyys.scr

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\imglog.exe

C:\WINDOWS\system32\bsyys.scr

C:\WINDOWS\system32\drivers\down

C:\WINDOWS\system32\drivers\down\15361531.exe

C:\WINDOWS\system32\drivers\down\15414656.exe

C:\WINDOWS\system32\drivers\down\15421484.exe

C:\WINDOWS\system32\drivers\down\15431703.exe

C:\WINDOWS\system32\drivers\down\15484109.exe

C:\WINDOWS\system32\drivers\down\15511812.exe

C:\WINDOWS\system32\drivers\down\155406.exe

C:\WINDOWS\system32\drivers\down\15546156.exe

C:\WINDOWS\system32\drivers\down\15556046.exe

C:\WINDOWS\system32\drivers\down\15580750.exe

C:\WINDOWS\system32\drivers\down\15598156.exe

C:\WINDOWS\system32\drivers\down\15600828.exe

C:\WINDOWS\system32\drivers\down\178031.exe

C:\WINDOWS\system32\drivers\down\189781.exe

C:\WINDOWS\system32\drivers\down\190218.exe

C:\WINDOWS\system32\drivers\down\19218671.exe

C:\WINDOWS\system32\drivers\down\19225906.exe

C:\WINDOWS\system32\drivers\down\19275687.exe

C:\WINDOWS\system32\drivers\down\195156.exe

C:\WINDOWS\system32\drivers\down\198609.exe

C:\WINDOWS\system32\drivers\down\205078.exe

C:\WINDOWS\system32\drivers\down\220203.exe

C:\WINDOWS\system32\drivers\down\226828.exe

C:\WINDOWS\system32\drivers\down\228109.exe

C:\WINDOWS\system32\drivers\down\236718.exe

C:\WINDOWS\system32\drivers\down\242640.exe

C:\WINDOWS\system32\drivers\down\243218.exe

C:\WINDOWS\system32\drivers\down\248859.exe

C:\WINDOWS\system32\drivers\down\250171.exe

C:\WINDOWS\system32\drivers\down\250359.exe

C:\WINDOWS\system32\drivers\down\254656.exe

C:\WINDOWS\system32\drivers\down\275593.exe

C:\WINDOWS\system32\drivers\down\281921.exe

C:\WINDOWS\system32\drivers\down\283359.exe

C:\WINDOWS\system32\drivers\down\289312.exe

C:\WINDOWS\system32\drivers\down\289718.exe

C:\WINDOWS\system32\drivers\down\291062.exe

C:\WINDOWS\system32\drivers\down\296953.exe

C:\WINDOWS\system32\drivers\down\297890.exe

C:\WINDOWS\system32\drivers\down\299234.exe

C:\WINDOWS\system32\drivers\down\300078.exe

C:\WINDOWS\system32\drivers\down\304250.exe

C:\WINDOWS\system32\drivers\down\307078.exe

C:\WINDOWS\system32\drivers\down\310234.exe

C:\WINDOWS\system32\drivers\down\320093.exe

C:\WINDOWS\system32\drivers\down\322531.exe

C:\WINDOWS\system32\drivers\down\323359.exe

C:\WINDOWS\system32\drivers\down\328093.exe

C:\WINDOWS\system32\drivers\down\329046.exe

C:\WINDOWS\system32\drivers\down\331390.exe

C:\WINDOWS\system32\drivers\down\333765.exe

C:\WINDOWS\system32\drivers\down\334031.exe

C:\WINDOWS\system32\drivers\down\335984.exe

C:\WINDOWS\system32\drivers\down\338218.exe

C:\WINDOWS\system32\drivers\down\338406.exe

C:\WINDOWS\system32\drivers\down\339156.exe

C:\WINDOWS\system32\drivers\down\341437.exe

C:\WINDOWS\system32\drivers\down\343640.exe

C:\WINDOWS\system32\drivers\down\346156.exe

C:\WINDOWS\system32\drivers\down\349046.exe

C:\WINDOWS\system32\drivers\down\350156.exe

C:\WINDOWS\system32\drivers\down\352234.exe

C:\WINDOWS\system32\drivers\down\354453.exe

C:\WINDOWS\system32\drivers\down\354671.exe

C:\WINDOWS\system32\drivers\down\361390.exe

C:\WINDOWS\system32\drivers\down\362984.exe

C:\WINDOWS\system32\drivers\down\364750.exe

C:\WINDOWS\system32\drivers\down\377453.exe

C:\WINDOWS\system32\drivers\down\378625.exe

C:\WINDOWS\system32\drivers\down\388546.exe

C:\WINDOWS\system32\drivers\down\393781.exe

C:\WINDOWS\system32\drivers\down\395046.exe

C:\WINDOWS\system32\drivers\down\401218.exe

C:\WINDOWS\system32\drivers\down\405421.exe

C:\WINDOWS\system32\drivers\down\408359.exe

C:\WINDOWS\system32\drivers\down\410500.exe

C:\WINDOWS\system32\drivers\down\412203.exe

C:\WINDOWS\system32\drivers\down\412578.exe

C:\WINDOWS\system32\drivers\down\412640.exe

C:\WINDOWS\system32\drivers\down\413937.exe

C:\WINDOWS\system32\drivers\down\417218.exe

C:\WINDOWS\system32\drivers\down\4196453.exe

C:\WINDOWS\system32\drivers\down\420406.exe

C:\WINDOWS\system32\drivers\down\4226046.exe

C:\WINDOWS\system32\drivers\down\4229828.exe

C:\WINDOWS\system32\drivers\down\4232296.exe

C:\WINDOWS\system32\drivers\down\423578.exe

C:\WINDOWS\system32\drivers\down\4242531.exe

C:\WINDOWS\system32\drivers\down\4256578.exe

C:\WINDOWS\system32\drivers\down\428296.exe

C:\WINDOWS\system32\drivers\down\428562.exe

C:\WINDOWS\system32\drivers\down\4302546.exe

C:\WINDOWS\system32\drivers\down\434687.exe

C:\WINDOWS\system32\drivers\down\436453.exe

C:\WINDOWS\system32\drivers\down\4369375.exe

C:\WINDOWS\system32\drivers\down\439187.exe

C:\WINDOWS\system32\drivers\down\4407625.exe

C:\WINDOWS\system32\drivers\down\441812.exe

C:\WINDOWS\system32\drivers\down\4421187.exe

C:\WINDOWS\system32\drivers\down\4435203.exe

C:\WINDOWS\system32\drivers\down\443968.exe

C:\WINDOWS\system32\drivers\down\4466171.exe

C:\WINDOWS\system32\drivers\down\449375.exe

C:\WINDOWS\system32\drivers\down\4500953.exe

C:\WINDOWS\system32\drivers\down\4521234.exe

C:\WINDOWS\system32\drivers\down\4527343.exe

C:\WINDOWS\system32\drivers\down\4533187.exe

C:\WINDOWS\system32\drivers\down\4561640.exe

C:\WINDOWS\system32\drivers\down\4569875.exe

C:\WINDOWS\system32\drivers\down\461062.exe

C:\WINDOWS\system32\drivers\down\4624406.exe

C:\WINDOWS\system32\drivers\down\466296.exe

C:\WINDOWS\system32\drivers\down\466796.exe

C:\WINDOWS\system32\drivers\down\470765.exe

C:\WINDOWS\system32\drivers\down\473031.exe

C:\WINDOWS\system32\drivers\down\473046.exe

C:\WINDOWS\system32\drivers\down\475796.exe

C:\WINDOWS\system32\drivers\down\478281.exe

C:\WINDOWS\system32\drivers\down\478656.exe

C:\WINDOWS\system32\drivers\down\485546.exe

C:\WINDOWS\system32\drivers\down\489359.exe

C:\WINDOWS\system32\drivers\down\496156.exe

C:\WINDOWS\system32\drivers\down\497671.exe

C:\WINDOWS\system32\drivers\down\500109.exe

C:\WINDOWS\system32\drivers\down\501187.exe

C:\WINDOWS\system32\drivers\down\503421.exe

C:\WINDOWS\system32\drivers\down\507906.exe

C:\WINDOWS\system32\drivers\down\508875.exe

C:\WINDOWS\system32\drivers\down\511312.exe

C:\WINDOWS\system32\drivers\down\513234.exe

C:\WINDOWS\system32\drivers\down\520515.exe

C:\WINDOWS\system32\drivers\down\535968.exe

C:\WINDOWS\system32\drivers\down\542078.exe

C:\WINDOWS\system32\drivers\down\544609.exe

C:\WINDOWS\system32\drivers\down\547515.exe

C:\WINDOWS\system32\drivers\down\548203.exe

C:\WINDOWS\system32\drivers\down\552187.exe

C:\WINDOWS\system32\drivers\down\553578.exe

C:\WINDOWS\system32\drivers\down\557734.exe

C:\WINDOWS\system32\drivers\down\560671.exe

C:\WINDOWS\system32\drivers\down\561546.exe

C:\WINDOWS\system32\drivers\down\563984.exe

C:\WINDOWS\system32\drivers\down\565937.exe

C:\WINDOWS\system32\drivers\down\589015.exe

C:\WINDOWS\system32\drivers\down\595062.exe

C:\WINDOWS\system32\drivers\down\598093.exe

C:\WINDOWS\system32\drivers\down\636500.exe

C:\WINDOWS\system32\drivers\down\648437.exe

C:\WINDOWS\system32\drivers\down\648890.exe

C:\WINDOWS\system32\drivers\down\654828.exe

C:\WINDOWS\system32\drivers\down\661203.exe

C:\WINDOWS\system32\drivers\down\669296.exe

C:\WINDOWS\system32\drivers\down\697968.exe

C:\WINDOWS\system32\drivers\down\700031.exe

C:\WINDOWS\system32\drivers\down\708421.exe

C:\WINDOWS\system32\drivers\down\720031.exe

C:\WINDOWS\system32\drivers\down\736015.exe

C:\WINDOWS\system32\drivers\down\751796.exe

C:\WINDOWS\system32\drivers\down\775515.exe

C:\WINDOWS\system32\drivers\down\792406.exe

C:\WINDOWS\system32\drivers\down\815890.exe

C:\WINDOWS\system32\drivers\down\819312.exe

C:\WINDOWS\system32\drivers\down\823125.exe

C:\WINDOWS\system32\drivers\down\840078.exe

C:\WINDOWS\system32\drivers\down\846578.exe

C:\WINDOWS\system32\drivers\down\910781.exe

C:\windows\system32\explorer.exe

C:\WINDOWS\system32\imglog.exe

C:\WINDOWS\system32\msn.exe

C:\WINDOWS\system32\msnobj.dll

C:\WINDOWS\system32\msnprint.dll

C:\WINDOWS\system32\msssc.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_SROSA

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))

.

 

2008-02-29 14:30 . 2008-02-29 14:39 <DIR> d-------- C:\FlashBlackLight

2008-02-29 12:00 . 2008-02-28 18:59 218,112 --a------ C:\HijackThisz.exe

2008-02-29 10:49 . 2008-02-29 10:49 <DIR> d-------- C:\WINDOWS\EVEREST Ultimate Edition

2008-02-29 10:49 . 2008-02-29 11:01 <DIR> d-------- C:\Arquivos de programas\EVEREST Ultimate Edition

2008-02-29 09:40 . 2008-02-29 09:40 244 --ah----- C:\sqmnoopt15.sqm

2008-02-29 09:40 . 2008-02-29 09:40 232 --ah----- C:\sqmdata14.sqm

2008-02-29 09:39 . 2008-02-29 09:39 244 --ah----- C:\sqmnoopt14.sqm

2008-02-29 09:39 . 2008-02-29 09:39 232 --ah----- C:\sqmdata13.sqm

2008-02-29 09:37 . 2008-02-29 09:37 244 --ah----- C:\sqmnoopt13.sqm

2008-02-29 09:37 . 2008-02-29 09:37 232 --ah----- C:\sqmdata12.sqm

2008-02-29 09:36 . 2008-02-29 09:36 244 --ah----- C:\sqmnoopt12.sqm

2008-02-29 09:36 . 2008-02-29 09:36 232 --ah----- C:\sqmdata11.sqm

2008-02-29 09:35 . 2008-02-29 09:35 244 --ah----- C:\sqmnoopt11.sqm

2008-02-29 09:35 . 2008-02-29 09:35 232 --ah----- C:\sqmdata10.sqm

2008-02-29 09:34 . 2008-02-29 09:34 244 --ah----- C:\sqmnoopt10.sqm

2008-02-29 09:34 . 2008-02-29 09:34 232 --ah----- C:\sqmdata08.sqm

2008-02-29 09:32 . 2008-02-29 09:32 244 --ah----- C:\sqmnoopt07.sqm

2008-02-29 09:32 . 2008-02-29 09:32 232 --ah----- C:\sqmdata07.sqm

2008-02-29 09:31 . 2008-02-29 09:31 244 --ah----- C:\sqmnoopt06.sqm

2008-02-29 09:31 . 2008-02-29 09:31 232 --ah----- C:\sqmdata06.sqm

2008-02-29 09:29 . 2008-02-29 09:29 244 --ah----- C:\sqmnoopt05.sqm

2008-02-29 09:29 . 2008-02-29 09:29 232 --ah----- C:\sqmdata05.sqm

2008-02-29 09:28 . 2008-02-29 09:28 244 --ah----- C:\sqmnoopt04.sqm

2008-02-29 09:28 . 2008-02-29 09:28 232 --ah----- C:\sqmdata04.sqm

2008-02-29 09:27 . 2008-02-29 09:27 244 --ah----- C:\sqmnoopt03.sqm

2008-02-29 09:27 . 2008-02-29 09:27 232 --ah----- C:\sqmdata03.sqm

2008-02-29 09:25 . 2008-02-29 09:25 244 --ah----- C:\sqmnoopt02.sqm

2008-02-29 09:25 . 2008-02-29 09:25 232 --ah----- C:\sqmdata02.sqm

2008-02-29 09:24 . 2008-02-29 09:24 172 --ah----- C:\sqmnoopt01.sqm

2008-02-29 09:24 . 2008-02-29 09:24 172 --ah----- C:\sqmdata01.sqm

2008-02-29 08:54 . 2008-02-29 08:54 268 --ah----- C:\sqmdata00.sqm

2008-02-29 08:54 . 2008-02-29 08:54 244 --ah----- C:\sqmnoopt00.sqm

2008-02-28 17:24 . 2008-03-01 17:44 2,318 --a------ C:\WINDOWS\TSCTNDBG.INI

2008-02-28 16:19 . 2008-02-28 16:19 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-02-28 04:57 . 2008-02-28 04:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-28 02:28 . 2007-12-04 10:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-28 02:28 . 2007-12-04 12:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-28 02:28 . 2007-12-04 12:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-28 02:28 . 2007-12-04 12:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-28 02:28 . 2007-12-04 12:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-28 02:28 . 2007-12-04 12:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-02-28 02:27 . 2007-12-04 11:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-28 02:27 . 2004-01-09 07:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-28 02:13 . 2008-02-28 02:13 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-02-28 01:58 . 2008-02-28 01:58 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-02-27 23:32 . 2008-02-28 05:24 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-02-27 12:23 . 2008-02-27 12:23 <DIR> d-------- C:\Documents and Settings\Loren\Dados de aplicativos\Ahead

2008-02-26 20:26 . 2008-02-27 13:52 244 --ah----- C:\sqmnoopt09.sqm

2008-02-26 20:26 . 2008-02-27 13:52 244 --ah----- C:\sqmnoopt08.sqm

2008-02-26 20:26 . 2008-02-27 13:52 232 --ah----- C:\sqmdata09.sqm

2008-02-26 17:21 . 2008-02-26 17:21 <DIR> d-------- C:\Arquivos de programas\EasyDVDShrink

2008-02-26 17:15 . 2008-02-26 17:15 <DIR> d-------- C:\Arquivos de programas\Xara

2008-02-26 17:15 . 2008-02-26 17:15 <DIR> d-------- C:\Arquivos de programas\Common Files

2008-02-26 16:14 . 2008-02-26 16:21 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\Ahead

2008-02-26 16:09 . 2008-02-26 16:09 <DIR> d-------- C:\Arquivos de programas\Nero

2008-02-26 16:09 . 2008-02-26 16:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-02-26 15:10 . 2007-12-20 18:49 133,725,496 --a------ C:\Arquivos de programas\nero start smart 7(2).exe

2008-02-26 14:46 . 2004-08-30 21:00 1,470,464 --a------ C:\WINDOWS\system32\WinSecure.exe

2008-02-26 14:46 . 2008-02-27 15:07 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-02-25 14:59 . 2008-02-25 14:59 0 ---hs---- C:\WINDOWS\system32\ghost.ini

2008-02-25 14:59 . 2008-02-25 14:59 0 ---hs---- C:\WINDOWS\system32\aoutox.ini

2008-02-25 14:35 . 2008-02-26 13:03 <DIR> d-------- C:\SAW-0L-LW1.1_DES

2008-02-25 14:34 . 2008-02-25 14:44 1,491,720 --a------ C:\WINDOWS\system32\imglog.pif

2008-02-25 14:32 . 2008-02-25 14:33 324,360 ---hs---- C:\WINDOWS\system32\ACER.exe

2008-02-25 14:32 . 2008-02-25 14:32 221,960 ---hs---- C:\WINDOWS\system32\msn_livers.exe

2008-02-25 14:32 . 2008-02-25 14:32 221,960 ---hs---- C:\Arquivos de programas\msn_livers.exe

2008-02-25 14:31 . 2008-02-25 14:43 23,692 --a------ C:\WINDOWS\foto2008.jpg

2008-02-25 12:39 . 2008-02-25 15:33 <DIR> d-------- C:\dvds

2008-02-24 01:08 . 2008-02-24 01:08 <DIR> d-------- C:\Documents and Settings\BibaBibi\Configuraes locais

2008-02-24 00:42 . 2008-02-24 00:42 <DIR> d-------- C:\Documents and Settings\BibaBibi\Shared

2008-02-24 00:42 . 2008-02-24 00:42 <DIR> d-------- C:\Documents and Settings\BibaBibi\Incomplete

2008-02-24 00:42 . 2008-02-24 02:21 <DIR> d-------- C:\Documents and Settings\BibaBibi\Dados de aplicativos\LimeWire

2008-02-23 15:47 . 2008-02-27 14:14 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-02-22 14:26 . 2004-07-26 03:16 1,117,491 --a------ C:\Arquivos de programas\dvdshrink32setup.exe

2008-02-22 01:26 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-02-22 01:26 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-22 01:26 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-22 01:26 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-02-22 01:26 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-02-22 01:26 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-02-22 01:26 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-02-22 01:26 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-02-22 01:26 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-22 01:24 . 2008-02-22 01:27 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-02-20 14:23 . 2008-02-20 14:23 <DIR> d-------- C:\Documents and Settings\User\Dados de aplicativos\RipIt4Me

2008-02-19 17:17 . 2008-02-19 17:17 <DIR> d-------- C:\Dominando o DVD Shrink - Gratuito

2008-02-19 15:30 . 2008-02-29 10:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-19 15:29 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-02-19 15:29 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-02-19 15:29 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL

2008-02-19 15:29 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE

2008-02-19 14:55 . 2008-02-19 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

2008-02-19 14:52 . 2008-02-19 14:55 24 ---hs---- C:\WINDOWS\SDAA1EBEC.tmp

2008-02-19 14:51 . 2008-02-21 15:37 <DIR> d-------- C:\Arquivos de programas\SlySoft

2008-02-19 14:47 . 2008-02-19 14:50 2,138,560 --a------ C:\Arquivos de programas\SetupAnyDVD6315.exe

2008-02-17 23:57 . 2008-02-17 23:57 <DIR> d-------- C:\Documents and Settings\MiNaSa\Contacts

2008-02-17 22:36 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys

2008-02-17 22:36 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys

2008-02-17 19:11 . 2008-02-17 19:11 <DIR> d-------- C:\WINDOWS\Dominando o DVD Shrink - Gratuito

2008-02-14 14:07 . 2008-02-14 14:07 <DIR> d-------- C:\Documents and Settings\MiNaSa\Dados de aplicativos\Recordpad

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-29 11:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-28 20:25 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\Skype

2008-02-27 17:02 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-27 17:02 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2008-02-27 17:00 --------- d-----w C:\Arquivos de programas\LimeWire

2008-02-27 17:00 --------- d-----w C:\Arquivos de programas\eMule

2008-02-26 18:38 --------- d-----w C:\Arquivos de programas\Ahead

2008-02-25 18:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-22 13:24 --------- d-----w C:\Arquivos de programas\Java

2008-02-13 04:05 --------- d-----w C:\Documents and Settings\User\Dados de aplicativos\LimeWire

2008-02-12 18:13 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-12 17:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-07 01:41 --------- d-----w C:\Documents and Settings\Loren\Dados de aplicativos\LimeWire

2008-02-04 02:38 --------- d-----w C:\Arquivos de programas\PlayMP3z

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2008-01-08 17:24 92,776 ----a-w C:\Documents and Settings\User\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2007-12-06 13:05 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2006-12-17 18:07 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56 159800]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 33280 C:\WINDOWS\system32\rundll32.exe]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 33280 C:\WINDOWS\system32\rundll32.exe]

"msn_livers"="C:\Arquivos de programas\msn_livers.exe" [2008-02-25 14:32 221960]

"GlobalFlagACER"="C:\WINDOWS\system32\ACER.exe" [2008-02-25 14:33 324360]

"Detector"="C:\WINDOWS\twain_32\600x1200\Detector.exe" [2000-08-07 01:00 38400]

"BroadCamRun"="C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" [ ]

"Recordpad"="C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" [ ]

"Symantec Fillter Check"="C:\WINDOWS\system32\imglog.exe" [ ]

"nwiz"="nwiz.exe" [2001-12-16 14:55 782336 C:\WINDOWS\system32\nwiz.exe]

"EyelineRun"="C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" [ ]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [ ]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [ ]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

ACER.exe [2008-02-25 14:33:05 324360]

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Remote Controller.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE [2006-08-18 11:28:47 106496]

TV Scheduler.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE [2006-08-18 11:28:47 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll [2007-03-06 10:00 222376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\windows\\system32\\ACER.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

"4100:UDP"= 4100:UDP:uPNP Router Control Port

 

R2 BT848;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.SYS [2003-01-16 17:14]

R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2003-01-16 17:14]

R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2003-01-16 17:14]

S2 BroadCamService;BroadCam Service;"C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -service []

S2 EyelineService;Eyeline Service;"C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -service []

S3 dTVdrvNT;dTVdrvNT;C:\Arquivos de programas\Prolink\PlayTV Pro\dTVdrvNT.sys [2001-02-20 14:04]

S3 pmxscan;USB 600x1200 V7 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-01 20:45:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

 

____________

[DigRam 144]

Bom Dia ZecAdi!

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\ACER.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ACER.exe

C:\WINDOWS\system32\ACER.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GlobalFlagACER"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec Fillter Check"=-

>@< Faça estes procedimentos,logo abaixo,estando em Modo de Segurança.

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

[ZecAdi 0]

Bom Dia ZecAdi!

 

Delete:

 

C:\QooBox << Pertence ao ComboFix.

C:\ComboFix.txt << Log anterior do ComboFix.

__________________

 

>@< Selecione e copie,todo o conteúdo que está na área do quote,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\ACER.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ACER.exe

C:\WINDOWS\system32\ACER.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GlobalFlagACER"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec Fillter Check"=-

>@< Faça estes procedimentos,logo abaixo,estando em Modo de Segurança.

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

 

Obrigado pela ajuda sempre preciosa. Executei conf. orientado. Abaixo os logs.

Abraços.

Prof. Avelar

 

ComboFix 08-03-04.3 - Administrador 2008-03-04 17:37:36.5 - NTFSx86 MINIMAL

 

Executando de: C:\BaixaFirefox\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\ACER.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ACER.exe

C:\WINDOWS\system32\ACER.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\PlayMP3z

C:\Arquivos de programas\PlayMP3z\uninstall.exe

C:\WINDOWS\system32\msnobj.dll

C:\WINDOWS\system32\msnprint.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))

.

 

2008-03-03 22:28 . 2008-03-03 22:28 <DIR> d-------- C:\Documents and Settings\Amovo6\Dados de aplicativos\Ahead

2008-03-03 21:48 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt12.sqm

2008-03-03 21:48 . 2008-03-03 22:12 232 --ah----- C:\sqmdata12.sqm

2008-03-03 20:31 . 2008-03-03 20:31 <DIR> d-------- C:\Documents and Settings\Amovo6\Dados de aplicativos\Talkback

2008-03-03 15:13 . 2008-03-03 16:26 <DIR> d-------- C:\fotos montagens

2008-03-03 13:10 . 2008-03-03 13:10 <DIR> d-------- C:\Virtual

2008-03-03 13:08 . 2008-03-03 13:08 <DIR> d-------- C:\WINDOWS\E4153266612C460FAB94C9DB6802459A.TMP

2008-03-03 13:08 . 2008-03-03 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BufferZone

2008-03-03 13:08 . 2008-03-03 14:30 <DIR> d-------- C:\Arquivos de programas\BufferZone

2008-03-03 13:07 . 2008-03-03 21:31 <DIR> d-------- C:\Arquivos de programas\securedie

2008-03-03 13:05 . 2008-03-03 13:10 <DIR> d-------- C:\Arquivos de programas\Secured IE

2008-03-03 00:20 . 2008-03-04 16:45 2,318 --a------ C:\WINDOWS\TSCTNDBG.INI

2008-03-03 00:18 . 2008-03-04 10:16 <DIR> d-------- C:\Documents and Settings\Loren\Dados de aplicativos\Skype

2008-03-03 00:18 . 2008-03-04 10:17 <DIR> d-------- C:\Documents and Settings\Loren\Dados de aplicativos\AVG7

2008-03-01 23:31 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt11.sqm

2008-03-01 23:31 . 2008-03-03 22:12 232 --ah----- C:\sqmdata11.sqm

2008-03-01 23:09 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt10.sqm

2008-03-01 23:09 . 2008-03-03 22:12 232 --ah----- C:\sqmdata10.sqm

2008-03-01 17:25 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt09.sqm

2008-03-01 17:25 . 2008-03-03 22:12 232 --ah----- C:\sqmdata09.sqm

2008-03-01 16:55 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt08.sqm

2008-03-01 16:55 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt07.sqm

2008-03-01 16:55 . 2008-03-03 22:12 244 --ah----- C:\sqmnoopt06.sqm

2008-03-01 16:55 . 2008-03-03 22:12 232 --ah----- C:\sqmdata08.sqm

2008-03-01 16:55 . 2008-03-03 22:12 232 --ah----- C:\sqmdata07.sqm

2008-03-01 16:55 . 2008-03-03 22:12 232 --ah----- C:\sqmdata06.sqm

2008-03-01 16:54 . 2008-03-03 21:48 <DIR> d-------- C:\Documents and Settings\BibaBibi\Dados de aplicativos\AVG7

2008-03-01 12:08 . 2008-03-04 14:54 <DIR> d-------- C:\Documents and Settings\MiNaSa\Dados de aplicativos\AVG7

2008-02-29 23:59 . 2008-03-04 16:44 <DIR> d-------- C:\Documents and Settings\Amovo6\Dados de aplicativos\AVG7

2008-02-29 23:38 . 2006-08-15 14:43 <DIR> d--h----- C:\Documents and Settings\Amovo6\Modelos

2008-02-29 23:38 . 2008-03-03 20:53 <DIR> dr------- C:\Documents and Settings\Amovo6\Meus documentos

2008-02-29 23:38 . 2006-08-15 11:20 <DIR> dr------- C:\Documents and Settings\Amovo6\Menu Iniciar

2008-02-29 23:38 . 2008-03-01 00:06 <DIR> dr------- C:\Documents and Settings\Amovo6\Favoritos

2008-02-29 23:38 . 2008-02-14 14:08 <DIR> d-------- C:\Documents and Settings\Amovo6\Dados de aplicativos\NCH Swift Sound

2008-02-29 23:38 . 2008-03-03 22:28 <DIR> dr-h----- C:\Documents and Settings\Amovo6\Dados de aplicativos

2008-02-29 23:38 . 2008-02-29 23:59 <DIR> d--h----- C:\Documents and Settings\Amovo6\Configurações locais

2008-02-29 23:38 . 2006-08-15 11:20 <DIR> d--h----- C:\Documents and Settings\Amovo6\Ambiente de rede

2008-02-29 23:38 . 2006-08-15 11:20 <DIR> d--h----- C:\Documents and Settings\Amovo6\Ambiente de impressão

2008-02-29 19:21 . 2008-02-29 19:28 <DIR> d-------- C:\Documents and Settings\PattyMM\Dados de aplicativos\AVG7

2008-02-29 19:20 . 2008-02-29 19:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2008-02-29 19:20 . 2008-02-29 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-02-29 19:20 . 2008-02-29 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-29 18:33 . 2008-02-29 18:38 <DIR> d-------- C:\hijackthis

2008-02-29 18:30 . 2008-02-29 18:30 212,849 --a------ C:\hijackthis.zip

2008-02-29 14:30 . 2008-02-29 14:39 <DIR> d-------- C:\FlashBlackLight

2008-02-29 10:49 . 2008-02-29 10:49 <DIR> d-------- C:\WINDOWS\EVEREST Ultimate Edition

2008-02-29 10:49 . 2008-02-29 11:01 <DIR> d-------- C:\Arquivos de programas\EVEREST Ultimate Edition

2008-02-28 16:19 . 2008-02-28 16:19 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-02-28 04:57 . 2008-02-28 04:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-02-28 02:13 . 2008-02-28 02:13 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-02-28 01:58 . 2008-02-28 01:58 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-02-27 23:32 . 2008-02-28 05:24 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2008-02-27 12:23 . 2008-02-27 12:23 <DIR> d-------- C:\Documents and Settings\Loren\Dados de aplicativos\Ahead

2008-02-26 17:21 . 2008-02-26 17:21 <DIR> d-------- C:\Arquivos de programas\EasyDVDShrink

2008-02-26 17:15 . 2008-02-26 17:15 <DIR> d-------- C:\Arquivos de programas\Xara

2008-02-26 17:15 . 2008-02-26 17:15 <DIR> d-------- C:\Arquivos de programas\Common Files

2008-02-26 16:09 . 2008-02-26 16:09 <DIR> d-------- C:\Arquivos de programas\Nero

2008-02-26 16:09 . 2008-02-26 16:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

2008-02-26 15:10 . 2007-12-20 18:49 133,725,496 --a------ C:\Arquivos de programas\nero start smart 7(2).exe

2008-02-26 14:46 . 2008-02-27 15:07 37,888 --a------ C:\WINDOWS\system32\rar.exe

2008-02-25 14:59 . 2008-02-25 14:59 0 ---hs---- C:\WINDOWS\system32\ghost.ini

2008-02-25 14:59 . 2008-02-25 14:59 0 ---hs---- C:\WINDOWS\system32\aoutox.ini

2008-02-25 14:35 . 2008-02-26 13:03 <DIR> d-------- C:\SAW-0L-LW1.1_DES

2008-02-25 14:32 . 2008-02-25 14:32 221,960 ---hs---- C:\WINDOWS\system32\msn_livers.exe

2008-02-25 14:32 . 2008-02-25 14:32 221,960 ---hs---- C:\Arquivos de programas\msn_livers.exe

2008-02-25 14:31 . 2008-02-25 14:43 23,692 --a------ C:\WINDOWS\foto2008.jpg

2008-02-25 12:39 . 2008-02-25 15:33 <DIR> d-------- C:\dvds

2008-02-24 01:08 . 2008-02-24 01:08 <DIR> d-------- C:\Documents and Settings\BibaBibi\Configuraes locais

2008-02-24 00:42 . 2008-02-24 00:42 <DIR> d-------- C:\Documents and Settings\BibaBibi\Shared

2008-02-24 00:42 . 2008-02-24 00:42 <DIR> d-------- C:\Documents and Settings\BibaBibi\Incomplete

2008-02-24 00:42 . 2008-02-24 02:21 <DIR> d-------- C:\Documents and Settings\BibaBibi\Dados de aplicativos\LimeWire

2008-02-23 15:47 . 2008-03-04 15:00 <DIR> d-------- C:\Arquivos de programas\DreMule

2008-02-22 14:26 . 2004-07-26 03:16 1,117,491 --a------ C:\Arquivos de programas\dvdshrink32setup.exe

2008-02-22 01:26 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-02-22 01:26 . 2007-07-01 00:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-22 01:26 . 2007-07-01 00:36 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-22 01:26 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-02-22 01:26 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-02-22 01:26 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-02-22 01:26 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-02-22 01:26 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-02-22 01:26 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-22 01:24 . 2008-02-22 01:27 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-02-19 17:17 . 2008-02-19 17:17 <DIR> d-------- C:\Dominando o DVD Shrink - Gratuito

2008-02-19 15:30 . 2008-02-29 10:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-02-19 15:29 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2008-02-19 15:29 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2008-02-19 15:29 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL

2008-02-19 15:29 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE

2008-02-19 14:55 . 2008-02-19 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

2008-02-19 14:52 . 2008-02-19 14:55 24 ---hs---- C:\WINDOWS\SDAA1EBEC.tmp

2008-02-19 14:51 . 2008-02-21 15:37 <DIR> d-------- C:\Arquivos de programas\SlySoft

2008-02-19 14:47 . 2008-02-19 14:50 2,138,560 --a------ C:\Arquivos de programas\SetupAnyDVD6315.exe

2008-02-17 23:57 . 2008-02-17 23:57 <DIR> d-------- C:\Documents and Settings\MiNaSa\Contacts

2008-02-17 22:36 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys

2008-02-17 22:36 . 2004-08-03 22:32 84,480 --a--c--- C:\WINDOWS\system32\dllcache\ac97via.sys

2008-02-17 19:11 . 2008-02-17 19:11 <DIR> d-------- C:\WINDOWS\Dominando o DVD Shrink - Gratuito

2008-02-14 14:07 . 2008-02-14 14:07 <DIR> d-------- C:\Documents and Settings\MiNaSa\Dados de aplicativos\Recordpad

2008-02-14 14:07 . 2008-02-14 14:07 <DIR> d-------- C:\Documents and Settings\MiNaSa\Dados de aplicativos\NCH Swift Sound

2008-02-14 14:06 . 2008-02-14 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-29 11:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-02-27 17:02 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-02-27 17:02 --------- d-----w C:\Arquivos de programas\CyberLink DVD Solution

2008-02-27 17:00 --------- d-----w C:\Arquivos de programas\eMule

2008-02-26 18:38 --------- d-----w C:\Arquivos de programas\Ahead

2008-02-25 18:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-22 13:24 --------- d-----w C:\Arquivos de programas\Java

2008-02-12 18:13 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-12 17:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-02-07 01:41 --------- d-----w C:\Documents and Settings\Loren\Dados de aplicativos\LimeWire

2008-01-09 18:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-06 13:05 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2006-12-17 18:07 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

------- Sigcheck -------

 

5de3e7b6f7624552f2f06664f110820d C:\WINDOWS\system32\svchost.exe

----a-w 14,336 2004-08-04 03:45:44 C:\WINDOWS\system32\svchost.exe

-c--a-w 14,336 2004-08-04 03:45:44 C:\WINDOWS\system32\dllcache\svchost.exe

 

b5782ee6eafe3c218236f79f1a27b747 C:\WINDOWS\system32\user32.dll

----a-w 577,536 2005-03-02 18:20:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

----a-w 578,560 2007-03-08 15:50:25 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

-c----w 577,536 2004-08-04 03:45:28 C:\WINDOWS\$NtUninstallKB890859$\user32.dll

-c----w 577,536 2005-03-02 18:18:26 C:\WINDOWS\$NtUninstallKB925902$\user32.dll

----a-w 578,048 2007-03-08 15:36:54 C:\WINDOWS\system32\user32.dll

-c--a-w 578,048 2007-03-08 15:36:54 C:\WINDOWS\system32\dllcache\user32.dll

 

a5163442377d3c305bbff612f80047d7 C:\WINDOWS\system32\ws2_32.dll

----a-w 82,944 2004-08-04 03:45:30 C:\WINDOWS\system32\ws2_32.dll

-c--a-w 82,944 2004-08-04 03:45:30 C:\WINDOWS\system32\dllcache\ws2_32.dll

 

769ce05cb67b19196e47ce6aa9246243 C:\WINDOWS\system32\wininet.dll

----a-w 666,624 2006-06-23 11:25:41 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll

----a-w 666,624 2006-09-14 08:36:07 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll

----a-w 666,624 2006-10-23 15:34:37 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll

----a-w 667,136 2007-01-04 14:02:17 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll

----a-w 667,648 2007-02-19 15:23:06 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll

----a-w 667,648 2007-04-18 12:44:42 C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll

----a-w 667,648 2007-06-26 14:37:06 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll

----a-w 667,648 2007-08-22 12:57:26 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll

----a-w 668,160 2007-10-11 06:00:15 C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll

----a-w 825,344 2007-10-10 23:22:49 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

----a-w 668,160 2007-12-07 00:46:55 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll

----a-w 825,344 2007-12-07 01:42:59 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

-c----w 658,432 2004-08-04 03:45:28 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll

-c----w 660,992 2006-06-23 11:11:49 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll

-c----w 660,992 2006-09-14 08:40:35 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll

-c----w 660,992 2006-10-23 15:19:19 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll

-c----w 660,992 2007-01-04 13:38:04 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll

-c----w 660,992 2007-02-19 15:05:24 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll

-c----w 660,992 2007-04-18 12:32:49 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll

-c----w 660,992 2007-06-26 14:09:18 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll

-c----w 660,992 2007-08-22 13:13:32 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll

-c----w 661,504 2007-10-11 06:13:37 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll

-c----w 661,504 2007-12-07 01:07:12 C:\WINDOWS\ie7\wininet.dll

-c----w 818,688 2007-08-13 21:54:10 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

-c----w 824,832 2007-10-10 23:50:45 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

----a-w 824,832 2007-10-10 23:50:45 C:\WINDOWS\SoftwareDistribution\Download\403706b49a5b64cb23f999332f28cebb\SP2GDR\wininet.dll

----a-w 825,344 2007-10-10 23:22:49 C:\WINDOWS\SoftwareDistribution\Download\403706b49a5b64cb23f999332f28cebb\SP2QFE\wininet.dll

----a-w 824,832 2007-12-07 02:09:22 C:\WINDOWS\SoftwareDistribution\Download\6e80bf60d338f63192100633ca701e83\SP2GDR\wininet.dll

----a-w 825,344 2007-12-07 01:42:59 C:\WINDOWS\SoftwareDistribution\Download\6e80bf60d338f63192100633ca701e83\SP2QFE\wininet.dll

----a-w 824,832 2007-12-07 02:09:22 C:\WINDOWS\system32\wininet.dll

-c----w 824,832 2007-12-07 02:09:22 C:\WINDOWS\system32\dllcache\wininet.dll

 

90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

----a-w 360,576 2006-04-20 12:18:35 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

-c----w 359,040 2004-08-04 02:14:42 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

-c--a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys

----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys

 

6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\system32\winlogon.exe

----a-w 504,320 2004-08-04 03:45:46 C:\WINDOWS\system32\winlogon.exe

-c--a-w 504,320 2004-08-04 03:45:46 C:\WINDOWS\system32\dllcache\winlogon.exe

 

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

-c--a-w 182,912 2004-08-04 02:14:30 C:\WINDOWS\system32\dllcache\ndis.sys

----a-w 182,912 2004-08-04 02:14:30 C:\WINDOWS\system32\drivers\ndis.sys

 

4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

-c--a-w 29,056 2004-08-04 02:00:08 C:\WINDOWS\system32\dllcache\ip6fw.sys

----a-w 29,056 2004-08-04 02:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys

 

1683af18422f7de34575ee95be882ad1 C:\WINDOWS\system32\ntkrnlpa.exe

----a-w 2,061,184 2005-03-02 18:13:12 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

----a-w 2,063,616 2006-12-19 18:45:35 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

----a-w 2,063,616 2007-02-28 16:08:25 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

-c----w 2,061,056 2004-08-04 03:55:42 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

-c----w 2,061,056 2005-03-02 18:08:49 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe

-c----w 2,061,824 2006-12-19 18:22:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

------w 2,061,824 2007-02-28 16:02:34 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

----a-w 2,061,824 2007-02-28 16:02:34 C:\WINDOWS\system32\ntkrnlpa.exe

-c----w 2,061,824 2007-02-28 16:02:34 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

 

986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\system32\ntoskrnl.exe

----a-w 2,183,808 2005-03-02 18:13:23 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

----a-w 2,186,240 2006-12-19 18:45:34 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

----a-w 2,186,368 2007-02-28 16:08:18 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

-c----w 2,185,216 2004-08-04 03:40:34 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

-c----w 2,183,552 2005-03-02 18:09:01 C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe

-c----w 2,184,576 2006-12-19 18:22:38 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

------w 2,184,576 2007-02-28 16:02:28 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

----a-w 2,184,576 2007-02-28 16:02:28 C:\WINDOWS\system32\ntoskrnl.exe

-c----w 2,184,576 2007-02-28 16:02:28 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

 

dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\explorer.exe

----a-w 1,035,264 2007-06-13 13:21:56 C:\WINDOWS\explorer.exe

----a-w 1,035,264 2007-06-13 13:10:29 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

-c----w 1,034,240 2004-08-04 03:45:34 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

-c--a-w 1,035,264 2007-06-13 13:21:56 C:\WINDOWS\system32\dllcache\explorer.exe

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2008-02-09 13:02 6051144]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-29 19:20 219136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"PowerS"="C:\WINDOWS\PowerS.exe" [2001-08-03 17:56 159800]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:45 33280 C:\WINDOWS\system32\rundll32.exe]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:45 33280 C:\WINDOWS\system32\rundll32.exe]

"msn_livers"="C:\Arquivos de programas\msn_livers.exe" [2008-02-25 14:32 221960]

"Detector"="C:\WINDOWS\twain_32\600x1200\Detector.exe" [2000-08-07 01:00 38400]

"BroadCamRun"="C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" [ ]

"Recordpad"="C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" [ ]

"nwiz"="nwiz.exe" [2001-12-16 14:55 782336 C:\WINDOWS\system32\nwiz.exe]

"EyelineRun"="C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" [ ]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [ ]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-02-29 19:20 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-02-29 19:20 219136]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

Remote Controller.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE [2006-08-18 11:28:47 106496]

TV Scheduler.lnk - C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE [2006-08-18 11:28:47 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll [2007-03-06 10:00 222376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

"4100:UDP"= 4100:UDP:uPNP Router Control Port

 

 

*Newly Created Service* - BTTUNER

*Newly Created Service* - BTXBAR

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-04 19:45:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-04 17:39:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-03-04 17:41:21

ComboFix-quarantined-files.txt 2008-03-04 20:41:01

.

2008-02-29 12:44:45 --- E O F ---

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:10:16, on 4/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\msn_livers.exe

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com.br/8SEPTBR030000TBR/FRWCo...iteFinalDEFAULT

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [msn_livers] C:\Arquivos de programas\msn_livers.exe

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [broadCamRun] "C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -logon

O4 - HKLM\..\Run: [Recordpad] "C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" -logon

O4 - HKLM\..\Run: [symantec Fillter Check] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [EyelineRun] "C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -service (file missing)

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Arquivos de programas\BufferZone\CLNTSVC.EXE (file missing)

O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[DigRam 144]

Boa Noite ZecAdi!

 

>@< Não daremos,ainda,por concluída a desinfecção no computador!

>@< Fazendo-se uma observação mais acurada,ao Log,pude constatar a presença de Trojans-Bankers.

>@< Somente,após a sua remoção,finalizaremos o caso,que foi em relação ao Bagle.

>@< Desculpe-me o contratempo!

_________________________

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix,que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

_________________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

_________________________

 

>@< O Bagle,ainda,lhe incomoda?

>@< Pois saiba,que o Log está limpo. :)

 

Abraços!

[ZecAdi 0]

Boa Noite ZecAdi!

 

>@< Não daremos,ainda,por concluída a desinfecção no computador!

>@< Fazendo-se uma observação mais acurada,ao Log,pude constatar a presença de Trojans-Bankers.

>@< Somente,após a sua remoção,finalizaremos o caso,que foi em relação ao Bagle.

>@< Desculpe-me o contratempo!

_________________________

 

>@< Faça o download do BankerFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e o navegador,ao rodar o BankerFix.

>@< Desabilite,se possível,as proteções residente de AntiVírus e AntiSpywares.

>@< Dê um duplo clique no Bankerfix.exe,depois Enter.

>@< Aguarde!Ao terminar,leia a mensagem na tela ( Dos ),e dê Enter,novamente.

>@< Poste o relatorio.txt do BankerFix,que está em C:\LinhaDefensiva\relatorio.txt

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

_________________________

 

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

_________________________

 

>@< O Bagle,ainda,lhe incomoda?

>@< Pois saiba,que o Log está limpo. :)

 

Abraços!

 

 

Ola Amigo DigRam e demais do iMaster. Sou-lhe agradecido pela ajuda de sempre! Nada há que desculpar,

ao contrário, agradeço por não ter fechado o tópico e me ajudar a eliminar o Trojan Banker. Informo que ao ligar o PC ha pouco, piscava intermitente o monitor, e o ícone da ampulheta (como se a carregar algum programa tbem piscava e entrava e saia. Quando desabilitei o AVG conforme suas instruções, para rodar o bankerfix, parou a tremedeira, inclusive agora, quando reabilitei o AVG. Caso seja outro problema, posso salvo melhor juizo seu, abrir novo tópico.

Informo ainda, que quanto ao famigerado Vírus Bagle, com sua ajuda valioza, não mais me importunou.

Agradeço sinceramente, e envio abaixo os logs.

Abraços - Prof. Avelar

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 5/3/2008 - 10:37

-------------------------------------------------------

Lista de Definição: 2008-02-22-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\msn_livers.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Arquivos de programas\msn_livers.exe

Arquivo infectado removido com sucesso!

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 11:47:40, on 5/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\ARQUIV~1\Grisoft\AVG7\avgw.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com.br/8SEPTBR030000TBR/FRWCo...iteFinalDEFAULT

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [broadCamRun] "C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -logon

O4 - HKLM\..\Run: [Recordpad] "C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" -logon

O4 - HKLM\..\Run: [symantec Fillter Check] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [EyelineRun] "C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\DreMule\emule.exe -AutoStart

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -service (file missing)

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Arquivos de programas\BufferZone\CLNTSVC.EXE (file missing)

O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[DigRam 144]

Boa Tarde ZecAdi!

 

>@< O BankerFix conseguiu remover,apenas,um banker.

>@< Execute,novamente,o BankerFix em Modo de Segurança. << Importante!

>@< Delete o antigo relatório,e poste o novo,que será gerado em Modo Seguro.

_________________________

 

>@< Poste,também,um novo log do HijackThis,feito em Modo Normal.

 

Abraços!

[ZecAdi 0]

Boa Tarde ZecAdi!

 

>@< O BankerFix conseguiu remover,apenas,um banker.

>@< Execute,novamente,o BankerFix em Modo de Segurança. << Importante!

>@< Delete o antigo relatório,e poste o novo,que será gerado em Modo Seguro.

_________________________

 

>@< Poste,também,um novo log do HijackThis,feito em Modo Normal.

 

Abraços!

 

 

Ola Amigo DigRam - Boa Noite!

 

Executei conf. sua orientação (em modo seguro). A seguir envio os logs. Mesmo entendendo pouco, parece que o Banker Fix não conseguiu eliminar outros Bankers (olhando no log do HijackThis - vejo umas linhas estranhas, quais as):

 

O2 - BHO: G-Buster Browser Defense Unibanco ...

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} ...

O11 - Options group: [iNTERNATIONAL] International*

 

No entanto, caso eu tenha falado besteira, favor desconsiderar (pois sei que pouco sei...)

 

Agradeço sempre, pela sua ajuda e de todos do iMaster.

Abraços - Prof. Avelar

 

BankerFix 2.5b - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 5/3/2008 - 23:7

-------------------------------------------------------

Lista de Definição: .zip

=======================================================

 

 

Killando arquivos em Help

-----------------------------------

 

Killing '*'

 

Removendo Arquivos em Help

-----------------------------------

 

 

 

----- Fim -------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 23:15:56, on 5/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Pando Networks\Pando\pando.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com.br/8SEPTBR030000TBR/FRWCo...iteFinalDEFAULT

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [broadCamRun] "C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -logon

O4 - HKLM\..\Run: [Recordpad] "C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" -logon

O4 - HKLM\..\Run: [symantec Fillter Check] C:\WINDOWS\system32\imglog.exe

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [EyelineRun] "C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Arquivos de programas\DreMule\emule.exe -AutoStart

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -service (file missing)

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Arquivos de programas\BufferZone\CLNTSVC.EXE (file missing)

O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[DigRam 144]

Bom Dia ZecAdi!

 

Executei conf. sua orientação (em modo seguro). A seguir envio os logs. Mesmo entendendo pouco, parece que o Banker Fix não conseguiu eliminar outros Bankers (olhando no log do HijackThis - vejo umas linhas estranhas, quais as):

>@< Sim...e o mais curioso,foi não ter removido imglog.exe,que é de sua competência.

>@< Tente,manualmente,deletar o ficheiro ou removê-lo pelo reboot do Killbox.

>@< Ps: Ao tentar o procedimento manual,faça-o estando em Modo Seguro.

>@< Quantos aos objetos,indicados por voçê,são componentes bancários e configurações do IE7.

_______________________

 

>@< Faça o download do KillBox.

>@< Salve-o no Desktop!

>@< Abra o KillBox,e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\WINDOWS\system32\imglog.exe

 

>@< Clique no botão < > e na pergunta,sobre o reboot,confirme!

>@< E,caso exista o arquivo,o computador irá reiniciar!

________________________

 

>@< Abra o HijackThis e clique em: Do a system scan only.

>@< Marque esta entrada,que está abaixo,e com todos os programas fechados,clique em Fix checked!

 

O4 - HKLM\..\Run: [symantec Fillter Check] C:\WINDOWS\system32\imglog.exe

>@< Faça e poste um novo Log,do HijackThis,na sua resposta.

 

Abraços!

[ZecAdi 0]

Bom Dia ZecAdi!

 

Executei conf. sua orientação (em modo seguro). A seguir envio os logs. Mesmo entendendo pouco, parece que o Banker Fix não conseguiu eliminar outros Bankers (olhando no log do HijackThis - vejo umas linhas estranhas, quais as):

>@< Sim...e o mais curioso,foi não ter removido imglog.exe,que é de sua competência.

>@< Tente,manualmente,deletar o ficheiro ou removê-lo pelo reboot do Killbox.

>@< Ps: Ao tentar o procedimento manual,faça-o estando em Modo Seguro.

>@< Quantos aos objetos,indicados por voçê,são componentes bancários e configurações do IE7.

_______________________

 

>@< Faça o download do KillBox.

>@< Salve-o no Desktop!

>@< Abra o KillBox,e marque Delete on reboot.

>@< Insira ou digite na caixa Full path of file to delete,o seguinte ficheiro:

 

C:\WINDOWS\system32\imglog.exe

 

>@< Clique no botão < > e na pergunta,sobre o reboot,confirme!

>@< E,caso exista o arquivo,o computador irá reiniciar!

________________________

 

>@< Abra o HijackThis e clique em: Do a system scan only.

>@< Marque esta entrada,que está abaixo,e com todos os programas fechados,clique em Fix checked!

 

O4 - HKLM\..\Run: [symantec Fillter Check] C:\WINDOWS\system32\imglog.exe

>@< Faça e poste um novo Log,do HijackThis,na sua resposta.

 

Abraços!

 

Amigo DigRam - Boa Noite! - Fui verificar agora neste tópico do Fórum e para minha surpresa, NÃO constava a resposta que lhes postei hoje as 15:45 hs (e que no meu PC = confirmei o envio???). Bem, não sei o que houve, e agora envio novamente o log do HijackThis, após as providencias conf. sua orientação.

Boa Noite e Bom Findi a todos do iMaster.

Abraços - Prof. Avelar

 

Logfile of HijackThis v1.99.1

Scan saved at 15:44:18, on 7/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS\PowerS.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\twain_32\600x1200\Detector.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Pando Networks\Pando\pando.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com.br/8SEPTBR030000TBR/FRWCo...iteFinalDEFAULT

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar4.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Detector] C:\WINDOWS\twain_32\600x1200\Detector.exe

O4 - HKLM\..\Run: [broadCamRun] "C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -logon

O4 - HKLM\..\Run: [Recordpad] "C:\Arquivos de programas\NCH Swift Sound\Recordpad\recordpad.exe" -logon

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [EyelineRun] "C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -logon

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [CloneCDTray] "C:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Remote Controller.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVRMVCR.EXE

O4 - Global Startup: TV Scheduler.lnk = C:\Arquivos de programas\Prolink\PlayTV Pro\TVSCHL.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gigachatbrasil.com/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{5C50C462-8BCB-49CC-B374-F5344D5CF295}: NameServer = 201.10.120.3,201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Arquivos de programas\NCH Software\BroadCam\broadCam.exe" -service (file missing)

O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Arquivos de programas\BufferZone\CLNTSVC.EXE (file missing)

O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Arquivos de programas\NCH Software\Eyeline\eyeline.exe" -service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

[DigRam 144]

Boa Noite ZecAdi!

 

>@< O Log está limpo!

>@< Algum problema,ainda,com o computador?

>@< Bom trabalho! :thumbsup:

 

Abraços!

[ZecAdi 0]

Boa Noite ZecAdi!

 

>@< O Log está limpo!

>@< Algum problema,ainda,com o computador?

>@< Bom trabalho! :thumbsup:

 

Abraços!

 

Bom Dia amigo DigRam e demais do iMaster.

Por enquanto, tudo 0k com o meu PC. Quando houver problemas, recorrerei como sempre, a vocês.

Muito Obrigado mesmo!

Prof. Avelar (ZecAdi)

gaDs!!!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.