Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Reinn

[Resolvido!]iexplore.exe inicia sozinho

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Reinn    0

Reinn
Postado

No meu gerenciador de tarefas, o iexplore.exe fica executando sozinho, eu finalizo e ele volta. Taí meu log do hijackthis. O que eu faço?

 

Abraços

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:36:17, on 1/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\eMule\emule.exe

C:\DOCUME~1\mariana\CONFIG~1\Temp\Vx10py4h.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\msagent\AgentSvr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Defesa do Computador\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://br.yahoo.com/

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: adsonmedia browser optimizer - {260d16cb-597d-acf6-5b08-6b053d22f75e} - C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll" DllInit

O4 - HKLM\..\Run: [{53f51281-a4c5-1499-84b1-f08d0742f258}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll" DllInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Reinn

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

---------------------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Reinn    0

Reinn
Postado

Logfile of HijackThis v1.99.1

Scan saved at 23:12, on 2008-05-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\AdVantage\AdVantage.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Defesa do Computador\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://br.yahoo.com/

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: adsonmedia browser optimizer - {260d16cb-597d-acf6-5b08-6b053d22f75e} - C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll" DllInit

O4 - HKLM\..\Run: [{53f51281-a4c5-1499-84b1-f08d0742f258}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll" DllInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

 

 

 

 

 

 

ComboFix 08-05-15.3 - mariana 2008-05-16 23:08:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.602 [GMT -3:00]

Executando de: C:\Documents and Settings\mariana\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Reinn

 

<@> DESINSTALE: C:\Arquivos de programas\AdVantage <<--

-----------------------------

<@> O ComboFix,não executou! Tente em Modo de Segurança.

-----------------------------

<@> Poste:

 

<1> ComboFix.txt + HJT,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Reinn    0

Reinn
Postado

Boa tarde, DigRam!

 

Mando aqui os relatórios:

 

Combofix

 

 

ComboFix 08-05-15.3 - mariana 2008-05-17 12:37:08.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.835 [GMT -3:00]

Executando de: C:\Documents and Settings\mariana\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))))

.

 

2008-05-17 12:32 . 2008-03-17 20:40 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-05-17 12:32 . 2008-05-17 12:38 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-05-17 12:32 . 2008-05-17 12:32 <DIR> d-------- C:\Documents and Settings\Administrador

2008-05-17 12:32 . 2008-05-17 12:37 1,024 --ah----- C:\Documents and Settings\Administrador\NTUSER.DAT.LOG

2008-05-16 12:03 . 2008-05-16 12:03 <DIR> d-------- C:\Arquivos de programas\MSECache

2008-05-14 11:52 . 2008-05-14 11:52 29,248 --a------ C:\jfidoj.exe

2008-05-13 07:47 . 2008-05-13 07:47 29,248 --a------ C:\WINDOWS\system32\J0KB00NH.exe

2008-05-12 18:10 . 2008-05-12 18:21 <DIR> d-------- C:\Margot e o Casamento

2008-05-12 09:42 . 2008-05-12 09:41 29,248 --a------ C:\WINDOWS\system32\4pRAG02e.exe

2008-05-10 23:07 . 2008-05-11 03:02 <DIR> d-------- C:\Arquivos de programas\ArtMoney

2008-05-09 04:03 . 2008-05-09 04:03 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-05-07 23:42 . 2008-05-07 23:42 30,210 --a------ C:\WINDOWS\system32\PbwF4Sh1.exe

2008-05-03 22:54 . 2008-05-17 12:37 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-01 14:56 . 2008-05-01 14:56 <DIR> d-------- C:\Arquivos de programas\AC3Filter

2008-05-01 14:56 . 2007-08-18 04:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-04-28 16:58 . 2008-04-29 06:11 63,926 --a------ C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll-uninst.exe

2008-04-28 11:42 . 2008-04-28 11:42 330,752 --a------ C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

2008-04-17 07:32 . 2008-04-17 07:32 <DIR> d-------- C:\Arquivos de programas\Webteh

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 15:14 30,210 ----a-w C:\WINDOWS\system32\JExOl7MA.exe

2008-05-13 21:57 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\LimeWire

2008-05-13 19:20 --------- d-----w C:\Arquivos de programas\Desktop Taipei

2008-05-13 19:16 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-05-13 18:08 --------- d-----w C:\Arquivos de programas\eMule

2008-05-12 14:39 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\BSplayer

2008-05-03 08:15 --------- d-----w C:\Arquivos de programas\DAP

2008-04-18 21:21 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\U3

2008-04-10 21:22 --------- d-----w C:\Arquivos de programas\DAP_v8.5.5.5_Premium

2008-04-10 21:19 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-10 09:41 2,887,680 ----a-w C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-04-10 08:54 8,657,207 ----a-w C:\Arquivos de programas\DAP_v8.5.5.5_Premium.rar

2008-04-07 04:46 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-04-03 22:21 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-04-02 23:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-04-02 23:02 --------- d-----w C:\Arquivos de programas\Ahead

2008-04-02 23:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-04-02 23:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-04-02 22:54 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\Microsoft Web Folders

2008-04-02 22:54 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-04-02 21:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-04-02 18:35 --------- d-----w C:\Arquivos de programas\DVD Decrypter

2008-04-02 16:36 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

2008-04-02 02:32 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-04-02 02:30 --------- d-----w C:\Arquivos de programas\NeroInstall.bak

2008-04-02 02:28 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\Nero

2008-04-01 23:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

2008-04-01 23:10 --------- d-----w C:\Arquivos de programas\SlySoft

2008-03-29 17:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-28 22:15 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-27 22:02 97,600 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys

2008-03-26 14:23 --------- d-----w C:\Arquivos de programas\Java

2008-03-26 14:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-26 14:17 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-26 13:58 --------- d-----w C:\Arquivos de programas\VeryPDF PDF2Word v3.0

2008-03-26 10:57 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-26 10:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-26 10:35 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-03-26 10:35 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-03-26 10:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-03-26 10:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-03-25 23:54 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\InstallShield

2008-03-25 23:54 --------- d-----w C:\Arquivos de programas\Realtek

2008-03-25 23:51 4,716 ----a-w C:\WINDOWS\gdrv.sys

2008-03-25 23:45 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\Skype

2008-03-25 23:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\Google

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\ESET

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\CCleaner

2008-03-25 23:41 --------- d-----w C:\Arquivos de programas\Mozilla Firefox(2)

2008-03-25 23:41 --------- d-----w C:\Arquivos de programas\BitComet

2008-03-25 03:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-18 22:36 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\BSplayer Pro

2008-03-18 02:06 --------- d-----w C:\Arquivos de programas\Real

2008-03-18 01:04 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-17 23:56 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-03-17 23:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-03-17 23:49 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-03-17 23:49 --------- d-----w C:\Arquivos de programas\Intel

2008-03-17 23:42 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-03-17 23:42 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll

2008-02-28 16:26 1,414,440 ----a-w C:\WINDOWS\system32\ShellManager310E2D762.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260d16cb-597d-acf6-5b08-6b053d22f75e}]

2008-04-28 11:42 330752 --a------ C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"AnyDVD"="C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-28 12:33 1743808]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 02:55 98304]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 02:52 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 02:55 118784]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 06:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-03-26 07:35 185896]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"{53f51281-a4c5-1499-84b1-f08d0742f258}"="C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll" [2008-04-28 11:42 330752]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-28 19:15 337992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-28 19:15 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-25 20:51]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff83424-0742-11dd-a5c2-001d7d8af897}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-17 07:59:36 C:\WINDOWS\Tasks\At1.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 15:03:24 C:\WINDOWS\Tasks\At10.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-15 13:00:05 C:\WINDOWS\Tasks\At11.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-15 14:00:05 C:\WINDOWS\Tasks\At12.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 15:22:49 C:\WINDOWS\Tasks\At13.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 02:09:58 C:\WINDOWS\Tasks\At14.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 17:00:05 C:\WINDOWS\Tasks\At15.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 18:00:05 C:\WINDOWS\Tasks\At16.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 19:00:05 C:\WINDOWS\Tasks\At17.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 20:00:06 C:\WINDOWS\Tasks\At18.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 21:00:05 C:\WINDOWS\Tasks\At19.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-15 04:00:05 C:\WINDOWS\Tasks\At2.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 22:00:05 C:\WINDOWS\Tasks\At20.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 23:00:00 C:\WINDOWS\Tasks\At21.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 00:00:05 C:\WINDOWS\Tasks\At22.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 01:00:05 C:\WINDOWS\Tasks\At23.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 02:00:00 C:\WINDOWS\Tasks\At24.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-15 03:24:05 C:\WINDOWS\Tasks\At25.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-15 04:00:05 C:\WINDOWS\Tasks\At26.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-11 05:00:05 C:\WINDOWS\Tasks\At27.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-11 06:00:05 C:\WINDOWS\Tasks\At28.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-11 07:00:05 C:\WINDOWS\Tasks\At29.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-11 05:00:05 C:\WINDOWS\Tasks\At3.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 13:19:51 C:\WINDOWS\Tasks\At30.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-12 09:14:40 C:\WINDOWS\Tasks\At31.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-13 10:46:43 C:\WINDOWS\Tasks\At32.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-13 11:00:05 C:\WINDOWS\Tasks\At33.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-15 12:00:05 C:\WINDOWS\Tasks\At34.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-15 13:00:05 C:\WINDOWS\Tasks\At35.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-15 14:00:05 C:\WINDOWS\Tasks\At36.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-17 15:00:05 C:\WINDOWS\Tasks\At37.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 16:00:05 C:\WINDOWS\Tasks\At38.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 17:00:05 C:\WINDOWS\Tasks\At39.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-11 06:00:05 C:\WINDOWS\Tasks\At4.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 18:00:05 C:\WINDOWS\Tasks\At40.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 19:00:05 C:\WINDOWS\Tasks\At41.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 20:00:06 C:\WINDOWS\Tasks\At42.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 21:00:05 C:\WINDOWS\Tasks\At43.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 22:00:05 C:\WINDOWS\Tasks\At44.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-16 23:00:00 C:\WINDOWS\Tasks\At45.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-17 00:00:05 C:\WINDOWS\Tasks\At46.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-17 01:00:05 C:\WINDOWS\Tasks\At47.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-17 02:00:00 C:\WINDOWS\Tasks\At48.job"

- C:\WINDOWS\system32\PbwF4Sh1.exe

"2008-05-15 03:49:01 C:\WINDOWS\Tasks\At49.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-11 07:00:05 C:\WINDOWS\Tasks\At5.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-15 04:00:01 C:\WINDOWS\Tasks\At50.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-12 12:42:26 C:\WINDOWS\Tasks\At51.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-12 12:42:26 C:\WINDOWS\Tasks\At52.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-12 12:42:26 C:\WINDOWS\Tasks\At53.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-17 08:00:03 C:\WINDOWS\Tasks\At54.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-12 12:42:26 C:\WINDOWS\Tasks\At55.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-13 10:00:02 C:\WINDOWS\Tasks\At56.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-13 11:00:01 C:\WINDOWS\Tasks\At57.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-15 12:00:01 C:\WINDOWS\Tasks\At58.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-15 13:00:01 C:\WINDOWS\Tasks\At59.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-17 08:00:07 C:\WINDOWS\Tasks\At6.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-15 14:00:02 C:\WINDOWS\Tasks\At60.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-17 15:00:01 C:\WINDOWS\Tasks\At61.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 16:00:02 C:\WINDOWS\Tasks\At62.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 17:00:01 C:\WINDOWS\Tasks\At63.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 18:00:01 C:\WINDOWS\Tasks\At64.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 19:00:01 C:\WINDOWS\Tasks\At65.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 20:00:03 C:\WINDOWS\Tasks\At66.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 21:00:01 C:\WINDOWS\Tasks\At67.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 22:00:01 C:\WINDOWS\Tasks\At68.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-16 23:00:00 C:\WINDOWS\Tasks\At69.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-12 09:00:05 C:\WINDOWS\Tasks\At7.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-17 00:00:00 C:\WINDOWS\Tasks\At70.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-17 01:00:00 C:\WINDOWS\Tasks\At71.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-17 02:00:00 C:\WINDOWS\Tasks\At72.job"

- C:\WINDOWS\system32\4pRAG02e.exe

"2008-05-17 03:07:01 C:\WINDOWS\Tasks\At73.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-15 04:00:01 C:\WINDOWS\Tasks\At74.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 10:47:41 C:\WINDOWS\Tasks\At75.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 10:47:41 C:\WINDOWS\Tasks\At76.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 10:47:41 C:\WINDOWS\Tasks\At77.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-17 08:00:05 C:\WINDOWS\Tasks\At78.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 10:47:41 C:\WINDOWS\Tasks\At79.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 10:00:05 C:\WINDOWS\Tasks\At8.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-13 10:47:41 C:\WINDOWS\Tasks\At80.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 11:00:02 C:\WINDOWS\Tasks\At81.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-15 12:00:01 C:\WINDOWS\Tasks\At82.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-15 13:00:01 C:\WINDOWS\Tasks\At83.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-15 14:00:02 C:\WINDOWS\Tasks\At84.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-17 15:00:01 C:\WINDOWS\Tasks\At85.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 16:00:02 C:\WINDOWS\Tasks\At86.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 17:00:01 C:\WINDOWS\Tasks\At87.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 18:00:01 C:\WINDOWS\Tasks\At88.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 19:00:01 C:\WINDOWS\Tasks\At89.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-13 11:00:05 C:\WINDOWS\Tasks\At9.job"

- C:\WINDOWS\system32\JExOl7MA.exe

"2008-05-16 20:00:03 C:\WINDOWS\Tasks\At90.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 21:00:01 C:\WINDOWS\Tasks\At91.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 22:00:01 C:\WINDOWS\Tasks\At92.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-16 23:00:00 C:\WINDOWS\Tasks\At93.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-17 00:00:00 C:\WINDOWS\Tasks\At94.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-17 01:00:00 C:\WINDOWS\Tasks\At95.job"

- C:\WINDOWS\system32\J0KB00NH.exe

"2008-05-17 02:00:00 C:\WINDOWS\Tasks\At96.job"

- C:\WINDOWS\system32\J0KB00NH.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-17 12:38:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-17 12:40:13

ComboFix-quarantined-files.txt 2008-05-17 15:40:06

 

Pre-Run: 74,730,577,920 bytes disponíveis

Post-Run: 76,110,434,304 bytes disponíveis

 

358

 

HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:44:38, on 17/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Defesa do Computador\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://br.yahoo.com/

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: adsonmedia browser optimizer - {260d16cb-597d-acf6-5b08-6b053d22f75e} - C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [{53f51281-a4c5-1499-84b1-f08d0742f258}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll" DllInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

 

 

 

Obrigado pela ajuda!

Abração

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Reinn

 

Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB.

<!> Delete:

 

C:\QooBox

C:\ComboFix.txt << Log anterior do ComboFix.

------------------------------

>@< Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

>@< Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\jfidoj.exe

C:\WINDOWS\system32\J0KB00NH.exe

C:\WINDOWS\system32\4pRAG02e.exe

C:\WINDOWS\system32\PbwF4Sh1.exe

C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll-uninst.exe

C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

C:\WINDOWS\system32\JExOl7MA.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At73.job

C:\WINDOWS\Tasks\At74.job

C:\WINDOWS\Tasks\At75.job

C:\WINDOWS\Tasks\At76.job

C:\WINDOWS\Tasks\At77.job

C:\WINDOWS\Tasks\At78.job

C:\WINDOWS\Tasks\At79.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At80.job

C:\WINDOWS\Tasks\At81.job

C:\WINDOWS\Tasks\At82.job

C:\WINDOWS\Tasks\At83.job

C:\WINDOWS\Tasks\At84.job

C:\WINDOWS\Tasks\At85.job

C:\WINDOWS\Tasks\At86.job

C:\WINDOWS\Tasks\At87.job

C:\WINDOWS\Tasks\At88.job

C:\WINDOWS\Tasks\At89.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At90.job

C:\WINDOWS\Tasks\At91.job

C:\WINDOWS\Tasks\At92.job

C:\WINDOWS\Tasks\At93.job

C:\WINDOWS\Tasks\At94.job

C:\WINDOWS\Tasks\At95.job

C:\WINDOWS\Tasks\At96.job

E:\LaunchU3.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ff83424-0742-11dd-a5c2-001d7d8af897}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260d16cb-597d-acf6-5b08-6b053d22f75e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{53f51281-a4c5-1499-84b1-f08d0742f258}"=-

>@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

>@< Veja a demonstração!

 

cpiadecfscriptxt7.gif

 

>@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

>@< Caso não reinicie,faça-o manualmente!

>@< Durante a execução,não utilize o teclado ou Mouse!

>@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

 

Abraços!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Reinn    0

Reinn
Postado

Boa noite, DigRam!

 

Olha aí:

 

Combofix

 

ComboFix 08-05-15.3 - mariana 2008-05-18 16:24:57.2 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.787 [GMT -3:00]

Executando de: C:\Documents and Settings\mariana\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\mariana\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\jfidoj.exe

C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll-uninst.exe

C:\WINDOWS\system32\4pRAG02e.exe

C:\WINDOWS\system32\J0KB00NH.exe

C:\WINDOWS\system32\JExOl7MA.exe

C:\WINDOWS\system32\PbwF4Sh1.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At73.job

C:\WINDOWS\Tasks\At74.job

C:\WINDOWS\Tasks\At75.job

C:\WINDOWS\Tasks\At76.job

C:\WINDOWS\Tasks\At77.job

C:\WINDOWS\Tasks\At78.job

C:\WINDOWS\Tasks\At79.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At80.job

C:\WINDOWS\Tasks\At81.job

C:\WINDOWS\Tasks\At82.job

C:\WINDOWS\Tasks\At83.job

C:\WINDOWS\Tasks\At84.job

C:\WINDOWS\Tasks\At85.job

C:\WINDOWS\Tasks\At86.job

C:\WINDOWS\Tasks\At87.job

C:\WINDOWS\Tasks\At88.job

C:\WINDOWS\Tasks\At89.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At90.job

C:\WINDOWS\Tasks\At91.job

C:\WINDOWS\Tasks\At92.job

C:\WINDOWS\Tasks\At93.job

C:\WINDOWS\Tasks\At94.job

C:\WINDOWS\Tasks\At95.job

C:\WINDOWS\Tasks\At96.job

E:\LaunchU3.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\jfidoj.exe

C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll-uninst.exe

C:\WINDOWS\system32\{9b171542-0a18-2af8-18c3-3a9ec3f45f27}.dll

C:\WINDOWS\system32\4pRAG02e.exe

C:\WINDOWS\system32\J0KB00NH.exe

C:\WINDOWS\system32\JExOl7MA.exe

C:\WINDOWS\system32\PbwF4Sh1.exe

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

C:\WINDOWS\Tasks\At49.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At50.job

C:\WINDOWS\Tasks\At51.job

C:\WINDOWS\Tasks\At52.job

C:\WINDOWS\Tasks\At53.job

C:\WINDOWS\Tasks\At54.job

C:\WINDOWS\Tasks\At55.job

C:\WINDOWS\Tasks\At56.job

C:\WINDOWS\Tasks\At57.job

C:\WINDOWS\Tasks\At58.job

C:\WINDOWS\Tasks\At59.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At60.job

C:\WINDOWS\Tasks\At61.job

C:\WINDOWS\Tasks\At62.job

C:\WINDOWS\Tasks\At63.job

C:\WINDOWS\Tasks\At64.job

C:\WINDOWS\Tasks\At65.job

C:\WINDOWS\Tasks\At66.job

C:\WINDOWS\Tasks\At67.job

C:\WINDOWS\Tasks\At68.job

C:\WINDOWS\Tasks\At69.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At70.job

C:\WINDOWS\Tasks\At71.job

C:\WINDOWS\Tasks\At72.job

C:\WINDOWS\Tasks\At73.job

C:\WINDOWS\Tasks\At74.job

C:\WINDOWS\Tasks\At75.job

C:\WINDOWS\Tasks\At76.job

C:\WINDOWS\Tasks\At77.job

C:\WINDOWS\Tasks\At78.job

C:\WINDOWS\Tasks\At79.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At80.job

C:\WINDOWS\Tasks\At81.job

C:\WINDOWS\Tasks\At82.job

C:\WINDOWS\Tasks\At83.job

C:\WINDOWS\Tasks\At84.job

C:\WINDOWS\Tasks\At85.job

C:\WINDOWS\Tasks\At86.job

C:\WINDOWS\Tasks\At87.job

C:\WINDOWS\Tasks\At88.job

C:\WINDOWS\Tasks\At89.job

C:\WINDOWS\Tasks\At9.job

C:\WINDOWS\Tasks\At90.job

C:\WINDOWS\Tasks\At91.job

C:\WINDOWS\Tasks\At92.job

C:\WINDOWS\Tasks\At93.job

C:\WINDOWS\Tasks\At94.job

C:\WINDOWS\Tasks\At95.job

C:\WINDOWS\Tasks\At96.job

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))

.

 

2008-05-17 21:56 . 2004-08-04 00:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-05-17 21:56 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-05-17 21:56 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-05-17 21:56 . 2001-09-05 23:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-05-17 12:32 . 2008-03-17 20:40 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-05-17 12:32 . 2008-05-18 16:26 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-05-17 12:32 . 2008-03-17 17:35 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-05-17 12:32 . 2008-05-17 12:32 <DIR> d-------- C:\Documents and Settings\Administrador

2008-05-17 12:32 . 2008-05-18 16:19 1,024 --ah----- C:\Documents and Settings\Administrador\NTUSER.DAT.LOG

2008-05-16 12:03 . 2008-05-16 12:03 <DIR> d-------- C:\Arquivos de programas\MSECache

2008-05-12 18:10 . 2008-05-12 18:21 <DIR> d-------- C:\Margot e o Casamento

2008-05-10 23:07 . 2008-05-11 03:02 <DIR> d-------- C:\Arquivos de programas\ArtMoney

2008-05-09 04:03 . 2008-05-09 04:03 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritos

2008-05-03 22:54 . 2008-05-18 16:12 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-05-01 14:56 . 2008-05-01 14:56 <DIR> d-------- C:\Arquivos de programas\AC3Filter

2008-05-01 14:56 . 2007-08-18 04:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 18:03 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\BSplayer

2008-05-13 21:57 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\LimeWire

2008-05-13 19:20 --------- d-----w C:\Arquivos de programas\Desktop Taipei

2008-05-13 19:16 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-05-13 18:08 --------- d-----w C:\Arquivos de programas\eMule

2008-05-03 08:15 --------- d-----w C:\Arquivos de programas\DAP

2008-04-18 21:21 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\U3

2008-04-17 10:32 --------- d-----w C:\Arquivos de programas\Webteh

2008-04-10 21:22 --------- d-----w C:\Arquivos de programas\DAP_v8.5.5.5_Premium

2008-04-10 21:19 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-10 09:41 2,887,680 ----a-w C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-04-10 08:54 8,657,207 ----a-w C:\Arquivos de programas\DAP_v8.5.5.5_Premium.rar

2008-04-07 04:46 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-04-03 22:21 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-04-02 23:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-04-02 23:02 --------- d-----w C:\Arquivos de programas\Ahead

2008-04-02 23:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-04-02 23:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-04-02 22:54 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\Microsoft Web Folders

2008-04-02 22:54 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-04-02 21:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-04-02 18:35 --------- d-----w C:\Arquivos de programas\DVD Decrypter

2008-04-02 16:36 --------- d-----w C:\Arquivos de programas\Elaborate Bytes

2008-04-02 02:32 --------- d-----w C:\Arquivos de programas\DVD Shrink

2008-04-02 02:30 --------- d-----w C:\Arquivos de programas\NeroInstall.bak

2008-04-02 02:28 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\Nero

2008-04-01 23:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

2008-04-01 23:10 --------- d-----w C:\Arquivos de programas\SlySoft

2008-03-29 17:19 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-03-28 22:15 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-03-27 22:02 97,600 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys

2008-03-26 14:23 --------- d-----w C:\Arquivos de programas\Java

2008-03-26 14:19 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-03-26 14:17 --------- d-----w C:\Arquivos de programas\LimeWire

2008-03-26 13:58 --------- d-----w C:\Arquivos de programas\VeryPDF PDF2Word v3.0

2008-03-26 10:57 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-26 10:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-26 10:35 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-03-26 10:35 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-03-26 10:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-03-26 10:35 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-03-25 23:54 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\InstallShield

2008-03-25 23:54 --------- d-----w C:\Arquivos de programas\Realtek

2008-03-25 23:51 4,716 ----a-w C:\WINDOWS\gdrv.sys

2008-03-25 23:45 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\Skype

2008-03-25 23:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\Google

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\ESET

2008-03-25 23:45 --------- d-----w C:\Arquivos de programas\CCleaner

2008-03-25 23:41 --------- d-----w C:\Arquivos de programas\Mozilla Firefox(2)

2008-03-25 23:41 --------- d-----w C:\Arquivos de programas\BitComet

2008-03-25 03:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-03-18 22:36 --------- d-----w C:\Documents and Settings\mariana\Dados de aplicativos\BSplayer Pro

2008-03-18 02:06 --------- d-----w C:\Arquivos de programas\Real

2008-03-18 01:04 --------- d-----w C:\Arquivos de programas\Windows Live

2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll

2008-02-28 16:26 1,414,440 ----a-w C:\WINDOWS\system32\ShellManager310E2D762.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"AnyDVD"="C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-28 12:33 1743808]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 02:55 98304]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 02:52 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 02:55 118784]

"SkyTel"="SkyTel.EXE" [2006-05-16 07:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 06:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-03-26 07:35 185896]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"NBKeyScan"="C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-28 19:15 337992]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-28 19:15 337992 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-25 20:51]

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 16:26:25

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-05-18 16:28:20

ComboFix-quarantined-files.txt 2008-05-18 19:27:28

 

Pre-Run: 76,472,233,984 bytes disponíveis

Post-Run: 76,513,271,808 bytes disponíveis

 

361

 

 

 

HJT

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:42:47, on 18/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Defesa do Computador\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://br.yahoo.com/

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe

 

 

 

Obrigado pela ajuda =)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Reinn

 

<@> DELETE: QooBox

--------------------------

>@< Faça o download do CCleaner.

>@< Baixe-o para o Desktop!

>@< Abra o programa e clique em Analisar >> Executar Limpeza.

>@< Terminando,clique em Registro >> Procurar erros >> Corrigir erros selecionados.

--------------------------

Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

Depois,desmarque novamente! >> Aplicar >> Ok.

Para maiores detalhes,vá em:< Docs >

>@< O log está limpo!

>@< Tudo Ok?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o Tópico seja reaberto é preciso enviar uma Mensagem Privada,para um Moderador,com um Link para o Tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito