[Resolvido!] Analise esse log

[karoline ferreira 0]

ESTE É O LOG do HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:03:30, on 9/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\dale mail.exe

O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [frag rect] C:\DOCUME~1\FILHOE~1\DADOSD~1\POPLOU~1\WAY REGS.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 7731 bytes

 

 

 

 

_________________________________________________________________________

 

Este é o log do findlop.txt

 

[TRACE] Enumerating jobs and queues

[TRACE] Activating job 'A94855479197D43F.job'

[TRACE] Printing all job properties

 

ApplicationName: 'c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exe'

Parameters: ''

WorkingDirectory: ''

Comment: ''

Creator: 'Filho e Karol'

Priority: NORMAL

MaxRunTime: 259200000 (3d 0:00:00)

IdleWait: 10

IdleDeadline: 60

MostRecentRun: 04/09/2008 23:00:00

NextRun: 04/10/2008 0:00:00

StartError: S_OK

ExitCode: 0

Status: SCHED_S_TASK_READY

ScheduledWorkItem Flags:

DeleteWhenDone = 0

Suspend = 0

StartOnlyIfIdle = 0

KillOnIdleEnd = 0

RestartOnIdleResume = 0

DontStartIfOnBatteries = 0

KillIfGoingOnBatteries = 0

RunOnlyIfLoggedOn = 1

SystemRequired = 0

Hidden = 1

TaskFlags: 0

 

1 Trigger

 

Trigger 0:

Type: Daily

DaysInterval: 1

StartDate: 10/10/1995

EndDate: 00/00/0000

StartTime: 00:00

MinutesDuration: 1440

MinutesInterval: 60

Flags:

HasEndDate = 0

KillAtDuration = 0

Disabled = 0

[DigRam 144]

Bom Dia! karoline ferreira

 

>@< Abra o HijackThis >> Clique: Do a system scan only

>@< Marque as entradas,logo abaixo,e clique em Fix checked.

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - (no file)

O4 - HKLM\..\Run: [meet great active lies] C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great\dale mail.exe

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll (file missing)

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

@@@@@@@@@@@@@@@@@@@

>@< Faça o download do Avenger.

>@< Descompacte-o,e crie uma pasta para o programa. ( Avenger.exe )

>@< Coloque esta pasta,no Desktop!

>@< Selecione e copie,tudo o que estiver abaixo da palavra code.

>@< Ou,caso queira,utilize os atalhos: ( control + a ) >> ( control + c )

 

Files to delete:c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exec:\windows\tasks\A94855479197D43F.jobFolders to delete:C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great

>@< Execute o Avenger.exe

>@< Clique com o direito do mouse,na janela Input script here.

>@< Clique em Paste ou ( control + v ).

>@< Clique em Execute.

>@< Escolha "Yes",duas vezes, quando solicitado.

>@< Terminando o script,o computador será reiniciado.

>@< É possivel que o PC, seja reiniciado mais de uma vez!

>@< Poste o relatório,que estará em: C:\avenger.txt + HJT,atualizado.

 

Abraços!

[karoline ferreira 0]

Boa Tarde esse são os Logs,agradeço por sua atenção.....

Abraços.

 

 

LOG AVENGER

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: file "c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exe" not found!

Deletion of file "c:\docume~1\filhoe~1\dadosd~1\poplou~1\Third Ref Eggs.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

 

Error: file "c:\windows\tasks\A94855479197D43F.job" not found!

Deletion of file "c:\windows\tasks\A94855479197D43F.job" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

 

Folder "C:\Documents and Settings\All Users\Dados de aplicativos\soft chic meet great" deleted successfully.

 

Completed script processing.

 

********************************

 

Finished! Terminate.

 

________________________________

 

LOG HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:23:11, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

End of file - 6816 bytes

[DigRam 144]

Bom Dia! Karoline ferreira

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[karoline ferreira 0]

Bom Dia! Karoline ferreira

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

_______________________

 

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

________________________________________________________________________________

___

 

 

 

Boa Noite td bom,esses são os logs.

 

log do combofix

 

ComboFix 08-04-12.4 - Filho e Karol 2008-04-12 19:43:01.4 - NTFSx86

Executando de: C:\Documents and Settings\Filho e Karol\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\NPF

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))

.

 

2008-04-11 23:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-11 23:19 . 2008-04-11 23:21 <DIR> d-------- C:\Arquivos de programas\Java

2008-04-11 23:13 . 2008-04-11 23:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-04-11 22:18 . 2008-04-11 22:18 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Windows Live Writer

2008-04-11 20:47 . 2008-04-11 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-04-11 20:16 . 2007-01-08 15:53 1,640,960 --a------ C:\WINDOWS\lhelp.exe

2008-04-11 20:12 . 2008-04-11 20:16 <DIR> d-------- C:\Arquivos de programas\Oi Velox

2008-04-11 17:26 . 2008-04-11 17:26 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-04-11 16:42 . 2008-04-12 06:25 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-04-10 23:19 . 2008-04-10 23:19 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Configurações locais

2008-04-10 22:30 . 2008-04-10 22:30 180,719 --a------ C:\bankerfix.exe

2008-04-10 13:06 . 2008-04-10 13:41 <DIR> d-------- C:\backups

2008-04-10 10:37 . 2008-04-10 10:37 93,696 --a------ C:\KillBox.exe

2008-04-10 08:41 . 2008-04-10 17:03 <DIR> d-------- C:\Arquivos de programas\NitroPC

2008-04-10 08:03 . 2008-04-12 19:49 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-09 16:55 . 2008-04-09 22:51 401,720 --a------ C:\HijackThis.exe

2008-04-09 15:40 . 2008-04-10 10:43 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Pop Loud Log

2008-04-09 15:40 . 2008-04-09 15:40 <DIR> d-------- C:\Arquivos de programas\Pop Loud Log

2008-04-07 21:25 . 2008-04-07 21:25 <DIR> d-------- C:\Arquivos de programas\Google

2008-04-07 07:55 . 2008-04-07 07:55 <DIR> d-------- C:\Arquivos de programas\Macrovision Corporation

2008-04-07 07:54 . 2008-04-07 07:54 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\InstallShield

2008-04-07 00:02 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-07 00:02 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-03 18:38 . 2008-04-10 17:15 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2008-03-18 13:11 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll

2008-03-13 18:02 . 2008-03-13 18:02 1,190 --a------ C:\WINDOWS\mozver.dat

2008-03-13 17:17 . 2008-03-13 17:17 <DIR> d-------- C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Talkback

2008-03-13 17:17 . 2008-03-13 17:17 0 --a------ C:\WINDOWS\nsreg.dat

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-12 00:14 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-04-11 23:23 --------- d-----w C:\Documents and Settings\Filho e Karol\Dados de aplicativos\Lightcomm

2008-04-02 12:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-04 21:26 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2008-01-03 15:00 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus C45 Series (cópia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.exe" [2004-01-14 08:00 99840]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2007-11-15 14:03 1975824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-04-30 17:21 180269]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 07:15 106496]

"PCTVOICE"="pctspk.exe" [2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"Ink Monitor"="C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe" [2004-03-31 17:46 258114]

"EPSON Stylus C45 Series (cópia 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.exe" [2004-01-14 08:00 99840]

"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.exe" [2004-01-14 08:00 99840]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 16:05 65536]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2007-03-27 00:29 128512]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"C:\\Arquivos de programas\\Sony Ericsson\\Update Service\\Update Service.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 10:11]

R3 IrUSB;ArkMicro USB Infrared Miniport Adapter;C:\WINDOWS\system32\DRIVERS\IrUSB.sys [2006-03-06 17:47]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

 

.

**************************************************************************

 

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-12 19:49:31

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\ArcSoft\PhotoImpression 5\share\pihook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-12 19:54:35 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-12 22:54:15

Pre-Run: 24,579,395,584 bytes disponíveis

Post-Run: 24,545,361,920 bytes dispon¡veis

.

2008-04-12 20:31:27 --- E O F ---

________________________________________________________________________________

___

 

 

E esse do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:06:00, on 12/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{09AB1DDE-C316-492F-8DFA-5A5DFA98C026}: NameServer = 200.165.132.155 200.149.55.142

O17 - HKLM\System\CS1\Services\Tcpip\..\{09AB1DDE-C316-492F-8DFA-5A5DFA98C026}: NameServer = 200.165.132.155 200.149.55.142

O17 - HKLM\System\CS2\Services\Tcpip\..\{09AB1DDE-C316-492F-8DFA-5A5DFA98C026}: NameServer = 200.165.132.155 200.149.55.142

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 8024 bytes

 

 

 

Obs:esta aparecendo uma janela quando eu inicio o pc depois que eu fiz o procedimento do combofix a janela que aparece no é essa.

 

""desp2k.exe_ nao é possivel localizar componente.''

''este aplicativo nao pode ser iniciado porque nao foi encontrado wpcap.dll.a reinstalaçao do aplicativo pode corrigir o problema.''

 

Nao sei o que significa essa janela.

[DigRam 144]

Boa Noite! karoline ferreira

 

""desp2k.exe_ nao é possivel localizar componente.''

''este aplicativo nao pode ser iniciado porque nao foi encontrado wpcap.dll.a reinstalaçao do aplicativo pode corrigir o problema.''

>@< O ComboFix removeu um arquivo legítimo,que pertence ao discador Velox.

>@< Reinstale o seu discador,para que o problema seja sanado.

----------------------------------

>@< Faça o download do LopS&D.

>@< Salve-o no Disco Local-C.

>@< Instale o programa e clique em: LopSD.cmd

>@< Na janela que abrir,aperte o "p" >> Aperte Enter.

>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )

>@< Poste,também,HJT atualizado.

 

Abraços!

[karoline ferreira 0]

Boa Noite! karoline ferreira

 

""desp2k.exe_ nao é possivel localizar componente.''

''este aplicativo nao pode ser iniciado porque nao foi encontrado wpcap.dll.a reinstalaçao do aplicativo pode corrigir o problema.''

>@< O ComboFix removeu um arquivo legítimo,que pertence ao discador Velox.

>@< Reinstale o seu discador,para que o problema seja sanado.

----------------------------------

>@< Faça o download do LopS&D.

>@< Salve-o no Disco Local-C.

>@< Instale o programa e clique em: LopSD.cmd

>@< Na janela que abrir,aperte o "p" >> Aperte Enter.

>@< Em outra janela,aperte a opção 2 >> Aperte Enter >> Aguarde!

>@< Terminando,salve e poste o relatório. ( C:\lopR.txt )

>@< Poste,também,HJT atualizado.

 

Abraços!

 

 

********************************************************************************

**

 

Boa Noite,

tou com uma duvida tenho que primeiro reinstalar a oi velox e fazer o procedimento ou eu posso fazer logo o procedimento e depois reinstalar a oi velox.

[DigRam 144]

Boa Noite! karoline ferreira

 

tou com uma duvida tenho que primeiro reinstalar a oi velox e fazer o procedimento ou eu posso fazer logo o procedimento e depois reinstalar a oi velox.

>@< Siga a ordem que postei!

>@< Primeiramente,reinstale o discador Velox.

 

Abraços!

[karoline ferreira 0]

Boa Noite! karoline ferreira

 

tou com uma duvida tenho que primeiro reinstalar a oi velox e fazer o procedimento ou eu posso fazer logo o procedimento e depois reinstalar a oi velox.

>@< Siga a ordem que postei!

>@< Primeiramente,reinstale o discador Velox.

 

Abraços!

 

 

 

********************************************************************************

********************************************************************************

*

*****

 

 

Boa tarde "Dig Ram''

 

 

Este é o log do Lop.

 

 

-----------------------[ Lop S&D 4.1.1-0 XP/Vista ]---------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Filho e Karol ] [ "C:\Lop SD" ]

[ ter 15/04/2008 | 13:18:34,81 ] [ PC : FILHO ]

[ MAJ : 14-04-2008 | 20:30 ]

 

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Lista de pastas em Application Data ]------------

 

[11/04/2008|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\.

[11/04/2008|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\..

[29/04/2007|12:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[29/04/2007|08:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\desktop.ini

[04/01/2008|18:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ezsid.dat

[02/04/2008|09:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[10/12/2007|23:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Installations

[03/01/2008|11:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

[11/04/2008|20:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[15/04/2008|12:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[14/12/2007|21:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft Help

[29/04/2007|13:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Office Genuine Advantage

[03/05/2007|12:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Sony Ericsson

[03/05/2007|12:50] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Teleca

[15/04/2008|13:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[29/04/2007|13:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[11/04/2008|21:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[29/04/2007|08:10] C:\DOCUME~1\DEFAUL~1\DADOSD~1\.

[29/04/2007|08:10] C:\DOCUME~1\DEFAUL~1\DADOSD~1\..

[29/04/2007|08:10] C:\DOCUME~1\DEFAUL~1\DADOSD~1\desktop.ini

[29/04/2007|11:23] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[11/04/2008|22:18] C:\DOCUME~1\FILHOE~1\DADOSD~1\.

[11/04/2008|22:18] C:\DOCUME~1\FILHOE~1\DADOSD~1\..

[13/03/2008|18:03] C:\DOCUME~1\FILHOE~1\DADOSD~1\Adobe

[19/12/2007|17:03] C:\DOCUME~1\FILHOE~1\DADOSD~1\AdobeUM

[29/04/2007|18:16] C:\DOCUME~1\FILHOE~1\DADOSD~1\ArcSoft

[03/01/2008|11:14] C:\DOCUME~1\FILHOE~1\DADOSD~1\Bitstream

[29/04/2007|08:10] C:\DOCUME~1\FILHOE~1\DADOSD~1\desktop.ini

[02/06/2007|13:42] C:\DOCUME~1\FILHOE~1\DADOSD~1\Help

[29/04/2007|11:35] C:\DOCUME~1\FILHOE~1\DADOSD~1\Identities

[07/04/2008|07:54] C:\DOCUME~1\FILHOE~1\DADOSD~1\InstallShield

[11/04/2008|20:23] C:\DOCUME~1\FILHOE~1\DADOSD~1\Lightcomm

[29/04/2007|13:26] C:\DOCUME~1\FILHOE~1\DADOSD~1\Macromedia

[11/04/2008|16:59] C:\DOCUME~1\FILHOE~1\DADOSD~1\Microsoft

[13/03/2008|17:16] C:\DOCUME~1\FILHOE~1\DADOSD~1\Mozilla

[10/04/2008|10:43] C:\DOCUME~1\FILHOE~1\DADOSD~1\Pop Loud Log

[30/04/2007|17:23] C:\DOCUME~1\FILHOE~1\DADOSD~1\Real

[03/05/2007|11:09] C:\DOCUME~1\FILHOE~1\DADOSD~1\Sony Ericsson

[13/03/2008|17:17] C:\DOCUME~1\FILHOE~1\DADOSD~1\Talkback

[03/05/2007|11:09] C:\DOCUME~1\FILHOE~1\DADOSD~1\Teleca

[11/04/2008|22:18] C:\DOCUME~1\FILHOE~1\DADOSD~1\Windows Live Writer

 

[05/03/2008|21:52] C:\DOCUME~1\LOCALS~1\DADOSD~1\.

[05/03/2008|21:52] C:\DOCUME~1\LOCALS~1\DADOSD~1\..

[05/03/2008|21:52] C:\DOCUME~1\LOCALS~1\DADOSD~1\Identities

[29/04/2007|11:28] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[29/04/2007|11:27] C:\DOCUME~1\NETWOR~1\DADOSD~1\.

[29/04/2007|11:27] C:\DOCUME~1\NETWOR~1\DADOSD~1\..

[29/04/2007|11:27] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

----------------[ Tarefas Agendadas na pasta C:\WINDOWS\Tasks ]---------------

 

[15/04/2008 12:54][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 12:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Lista de pastas em C:\Arquivos de programas ]--------------

 

[15/04/2008|11:53] C:\Arquivos de programas\.

[15/04/2008|11:53] C:\Arquivos de programas\..

[29/04/2007|12:05] C:\Arquivos de programas\Adobe

[26/01/2008|14:16] C:\Arquivos de programas\Alwil Software

[29/04/2007|18:13] C:\Arquivos de programas\ArcSoft

[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns

[03/01/2008|19:29] C:\Arquivos de programas\CCleaner

[29/04/2007|11:45] C:\Arquivos de programas\C-Media 3D Audio

[10/12/2007|22:56] C:\Arquivos de programas\DIFX

[02/06/2007|13:51] C:\Arquivos de programas\EPSON

[29/04/2007|19:00] C:\Arquivos de programas\InstallShield Installation Information

[09/04/2008|19:08] C:\Arquivos de programas\Internet Explorer

[11/04/2008|23:21] C:\Arquivos de programas\Java

[11/04/2008|17:26] C:\Arquivos de programas\Messenger Plus! Live

[29/04/2007|11:23] C:\Arquivos de programas\microsoft frontpage

[16/12/2007|20:47] C:\Arquivos de programas\Microsoft Office

[15/01/2008|19:45] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[16/12/2007|20:49] C:\Arquivos de programas\Microsoft.NET

[29/04/2007|11:20] C:\Arquivos de programas\Movie Maker

[12/04/2008|00:03] C:\Arquivos de programas\Mozilla Firefox

[15/12/2007|13:01] C:\Arquivos de programas\MSECache

[29/04/2007|11:18] C:\Arquivos de programas\MSN Gaming Zone

[13/08/2007|14:17] C:\Arquivos de programas\MSXML 4.0

[29/04/2007|12:20] C:\Arquivos de programas\Nero

[29/04/2007|11:20] C:\Arquivos de programas\NetMeeting

[10/04/2008|17:03] C:\Arquivos de programas\NitroPC

[29/04/2007|13:27] C:\Arquivos de programas\NovaLogic

[15/04/2008|12:28] C:\Arquivos de programas\Oi Velox

[13/08/2007|10:29] C:\Arquivos de programas\Outlook Express

[30/04/2007|17:21] C:\Arquivos de programas\Real

[06/01/2008|18:53] C:\Arquivos de programas\Scpad

[29/04/2007|11:21] C:\Arquivos de programas\Servi‡os on-line

[29/04/2007|11:42] C:\Arquivos de programas\SiS VGA Utilities V3.59

[10/12/2007|22:05] C:\Arquivos de programas\Sony Ericsson

[29/04/2007|11:35] C:\Arquivos de programas\Uninstall Information

[12/04/2008|06:25] C:\Arquivos de programas\Windows Live

[04/09/2007|20:52] C:\Arquivos de programas\Windows Media Connect 2

[11/08/2007|22:53] C:\Arquivos de programas\Windows Media Player

[29/04/2007|11:18] C:\Arquivos de programas\Windows NT

[14/01/2008|10:05] C:\Arquivos de programas\WinRAR

[29/04/2007|11:23] C:\Arquivos de programas\xerox

 

------[ Lista de pastas em C:\Arquivos de programas\Arquivos comuns ]------

 

[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns\.

[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns\..

[29/04/2007|12:06] C:\Arquivos de programas\Arquivos comuns\Adobe

[29/04/2007|12:20] C:\Arquivos de programas\Arquivos comuns\Ahead

[01/06/2007|13:42] C:\Arquivos de programas\Arquivos comuns\Borland Shared

[03/01/2008|11:17] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[03/01/2008|11:17] C:\Arquivos de programas\Arquivos comuns\InstallShield

[11/04/2008|23:13] C:\Arquivos de programas\Arquivos comuns\Java

[15/04/2008|11:57] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[29/04/2007|11:20] C:\Arquivos de programas\Arquivos comuns\MSSoap

[29/04/2007|08:10] C:\Arquivos de programas\Arquivos comuns\ODBC

[03/01/2008|11:13] C:\Arquivos de programas\Arquivos comuns\Protexis

[30/04/2007|17:22] C:\Arquivos de programas\Arquivos comuns\Real

[29/04/2007|11:20] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[29/04/2007|08:10] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[13/08/2007|10:29] C:\Arquivos de programas\Arquivos comuns\System

[03/05/2007|12:50] C:\Arquivos de programas\Arquivos comuns\Teleca Shared

[15/01/2008|18:44] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[30/04/2007|17:22] C:\Arquivos de programas\Arquivos comuns\xing shared

 

----------------------[ Procura pelo S_Lop ]---------------------

 

Não foram encontradas pastas com o Lop!

 

-----------------[ Procura por Arquivos/Ficheiros e pastas do Lop ]-----------------

 

Não foram encontradas pastas com o Lop!

 

----------------------[ Procura no Registro ]----------------------

 

..... OK !

 

--------------------[ Verificando o Arquivos/Ficheiros Hosts ]---------------------

 

Arquivos/Ficheiros Hosts LIMPO

 

 

----------------[ Procurando Arquivos/Ficheiros ocultos com o Catchme ]-----------------

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 13:21:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------[ Procurando por outras infecções ]---------------------

 

Não foram encontradas outras infecções.

 

/!\ [Fich:3][Doss:5] C:\DOCUME~1\FILHOE~1\CONFIG~1\Temp

/!\ [Fich:10][Doss:0] C:\DOCUME~1\FILHOE~1\Cookies

/!\ [Fich:453][Doss:4] C:\DOCUME~1\FILHOE~1\CONFIG~1\TEMPOR~1\content.IE5

 

--------------------[ Verificação completa em 13:22:45,85 ]----------------------

 

 

********************************************************************************

********************************************************************************

*

*****

 

E este outro do do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:25:34, on 15/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [desp2k] C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

O4 - HKCU\..\Run: [EPSON Stylus C45 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P33 "EPSON Stylus C45 Series (cópia 1)" /M "Stylus C45" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.ac.getran.com.br/sah/js/smsx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://karoline-br.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://imagem.caixa.gov.br/cab/gbpdist.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 7440 bytes

 

 

 

 

 

Obs:Apareceu esse bloco de nota no pc no desktop,o que significa.

'''catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-15 13:21:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

IPC error: 2 O sistema não pode encontrar o arquivo especificado.

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden files: 0'''

[DigRam 144]

Boa Tarde! karoline ferreira

 

DELETE: C:\Qoobox

------------------------------

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

------------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O Log está limpo!

>@< Algum problema ainda?

 

Abraços!

[karoline ferreira 0]

Boa Tarde! karoline ferreira

 

DELETE: C:\Qoobox

------------------------------

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

------------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O Log está limpo!

>@< Algum problema ainda?

 

Abraços!

 

 

********************************************************************************

********************************************************************************

*

*****

 

Boa Noite,'DigRam'

só passei pra agradecer sua ajuda esta tudo ok,sua ajuda foi de grande importancia muito Obrigado.Ate uma proxima vez.

Abraços.

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.