[Resolvido!]virus/malware no pen drive

[REDENTOR 0]

Usei recentemente meu pen drive numa lan house, e quando coloquei no micro meu antivirus acusou virus no arquivo Knight.exe (o qual exclui), e código mal intencionado no arquivo autorun.inf. Este ultimo, o antivirus não consegue limpar.

 

Estou postando logs do hijackthis de ambas as partições do computador:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:30, on 19/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\conime.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe" /m

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: Agente de Gerenciamento do F-Secure (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9177 bytes

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:00:23, on 20/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\OEM02Mon.exe

D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\DellTPad\Apoint.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

D:\Arquivos de programas\DellTPad\ApMsgFwd.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe

D:\Arquivos de programas\DellTPad\Apntex.exe

D:\Arquivos de programas\DellTPad\HidFind.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

D:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\alg.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

D:\WINDOWS\system32\wscntfy.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

D:\Arquivos de programas\F-Secure\Common\FSLAUNCHER0.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {ad8088d4-219c-40db-b16a-5e53261bed3d} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] D:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe /s

O4 - HKLM\..\Run: [Apoint] D:\Arquivos de programas\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSPM Startup] D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced WindowsCare 3] "D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - Winlogon Notify: GbPluginCef - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\Arquivos de programas\a-squared Free\a2service.exe (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

 

--

End of file - 9511 bytes

[Laurentino Mello 1]

Cole o texto abaixo no bloco de notas, salve com o nome clean.bat e execute-o. Feche todos os programas, pois o micro será reiniciado.

 

@echo off

attrib -s -r -h -a c:\autorun.*

del c:\autorun.*

attrib -s -r -h -a d:\autorun.*

del d:\autorun.*

attrib -s -r -h -a t:\autorun.*

del t:\autorun.*

attrib -s -r -h -a m:\autorun.*

del m:\autorun.*

attrib -s -r -h -a u:\autorun.*

del u:\autorun.*

attrib -s -r -h -a e:\autorun.*

del e:\autorun.*

attrib -s -r -h -a f:\autorun.*

del f:\autorun.*

attrib -s -r -h -a g:\autorun.*

del g:\autorun.*

attrib -s -r -h -a h:\autorun.*

del h:\autorun.*

attrib -s -r -h -a i:\autorun.*

del i:\autorun.*

attrib -s -r -h -a k:\autorun.*

del k:\autorun.*

cls

echo made by ->»SpeedY«<- terça-feira, 19 de junho de 2007.

PAUSE

shutdown -r -t 01

[REDENTOR 0]

ok, obrigada...

 

e no mais, os logs estão limpos?

[PedroN 1]

redentor

 

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[Raquel_Hacker 0]

Meu mp4 ta com uma praga de virus chamado RECYCLER esse virus é uma praga ja tentei de tudo e ñ consigo deletar ele ja formatei o mp4 passei anti virus e ñ adianta alguem tem um antivirus pra mp4 bom

[PedroN 1]

Meu mp4 ta com uma praga de virus chamado RECYCLER esse virus é uma praga ja tentei de tudo e ñ consigo deletar ele ja formatei o mp4 passei anti virus e ñ adianta alguem tem um antivirus pra mp4 bom

 

Opa Raquel_Hacker,

 

Cri um novo tópico nessa área, ok? :thumbsup:

[REDENTOR 0]

Não consegui rodar o Combofix em D: :mellow:

O combofix abre, eu digito a opção 1, mas quando vai começar as etapas, o micro reinicia sozinho, parece que dá algum erro porque aparece rapidamente aquela tela azul de erro, sabe?

Tem umas coisas acontecendo, tipo: quando vou tirar um pendrive ele dá um erro de dll, e eu tenho que desconectar sem que o micro autorize.... e tb o windows fica mostrando aquela msg de segurança dizendo que não tem nenhum antivirus instalado, mas tem, e está atualizado. Outra coisa é que quando estou nessa partição, não aparece no windows explorer a partição C:.

 

Bom, acho que é isso...

 

Coloco os logs que você pediu abaixo:

 

ComboFix 08-07-29.1 - CRIS 2008-07-30 3:47:41.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.1548 [GMT -3:00]

Executando de: C:\Users\CRIS\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))

.

 

2008-07-28 20:39 . 2008-07-28 20:39 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 <DIR> d-------- C:\Program Files\Common Files\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 129,248 --a------ C:\Windows\System32\drivers\snapman.sys

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d-------- C:\Program Files\Windows Live

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\ProgramData\WLInstaller

2008-07-28 03:01 . 2008-07-30 03:55 81,984 --a------ C:\Windows\System32\bdod.bin

2008-07-28 02:46 . 2008-07-28 02:46 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\BitDefender

2008-07-28 02:41 . 2008-07-28 02:46 <DIR> d-------- C:\Users\All Users\BitDefender

2008-07-28 02:41 . 2008-07-28 02:46 <DIR> d-------- C:\ProgramData\BitDefender

2008-07-28 02:41 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\BitDefender

2008-07-28 02:40 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\Common Files\BitDefender

2008-07-28 01:59 . 2008-07-28 01:58 203,776 --a------ C:\Windows\System32\clrviddc.dll

2008-07-28 01:59 . 1999-09-10 08:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll

2008-07-28 01:59 . 1999-09-10 08:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys

2008-07-28 01:59 . 1999-09-10 08:06 5,600 --a------ C:\Windows\system\winaspi.dll

2008-07-28 01:59 . 1999-09-10 08:06 4,672 --a------ C:\Windows\system\wowpost.exe

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\DreaMule

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Real

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Common Files\Real

2008-07-28 01:50 . 2008-07-28 01:50 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Desktopicon

2008-07-28 01:50 . 2008-07-30 03:06 <DIR> d-------- C:\Program Files\Unlocker

2008-07-28 01:49 . 2008-07-28 01:49 <DIR> d-------- C:\Program Files\CCleaner

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\Users\All Users\eMule

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\ProgramData\eMule

2008-07-28 01:00 . 2008-07-28 01:25 4,839 --a------ C:\error.htm

2008-07-28 01:00 . 2008-07-28 01:00 0 --a------ C:\infect.htm

2008-07-28 00:44 . 2008-06-25 22:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-28 00:44 . 2008-06-25 22:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-28 00:44 . 2008-06-26 00:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-28 00:34 . 2008-07-28 00:34 <DIR> d--hs---- C:\found.000

2008-07-27 09:13 . 2008-04-26 05:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-27 09:13 . 2008-04-26 05:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-27 09:13 . 2008-04-26 05:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-27 09:13 . 2008-05-10 00:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-07-27 09:13 . 2008-04-12 00:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-27 09:13 . 2008-05-10 00:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-27 09:13 . 2008-04-04 22:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-27 09:13 . 2008-04-05 00:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-27 09:13 . 2008-05-09 19:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-07-27 09:13 . 2008-05-09 19:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-07-27 09:12 . 2008-05-08 18:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-27 09:12 . 2008-05-08 18:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-27 09:12 . 2008-05-08 18:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-27 09:12 . 2008-05-08 18:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-27 09:12 . 2008-05-08 18:59 90,112 --a------ C:\Windows\System32\wshext.dll

2008-06-24 02:34 . 2008-07-28 00:30 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Skype

2008-06-24 02:25 . 2008-06-24 02:25 <DIR> d-------- C:\Users\All Users\Skype

2008-06-24 02:25 . 2008-06-24 02:25 <DIR> d-------- C:\ProgramData\Skype

2008-06-24 02:25 . 2008-06-24 02:25 <DIR> d-------- C:\Program Files\Skype

2008-06-24 02:25 . 2008-06-24 02:25 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-06-24 02:24 . 2008-06-24 02:24 <DIR> d-------- C:\Program Files\VS Revo Group

2008-06-24 02:22 . 2008-06-24 02:26 <DIR> d-------- C:\Program Files\Marcos Velasco Security

2008-06-24 02:21 . 2008-06-24 02:49 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\App Launcher Gadget

2008-06-24 02:16 . 2008-06-24 02:17 <DIR> d-------- C:\Users\All Users\Adobe

2008-06-24 02:16 . 2008-06-24 02:16 <DIR> d-------- C:\Program Files\IObit

2008-06-24 02:15 . 2008-06-24 02:16 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-06-24 02:11 . 2008-07-28 17:56 <DIR> d-------- C:\Program Files\a-squared Free

2008-06-12 11:39 . 2008-06-12 11:39 1,896,728 --a------ C:\Windows\System32\AutoPartNt.exe

2008-06-12 11:39 . 2008-06-12 11:46 1,024 --a------ C:\Windows\System32\AutoPartNt.let

2008-06-12 04:37 . 2008-06-12 04:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-06-12 01:58 . 2008-06-12 02:00 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\F-Secure

2008-06-12 01:58 . 2008-06-12 01:58 <DIR> d-------- C:\Program Files\7-Zip

2008-06-12 00:51 . 2008-06-12 00:51 <DIR> d-------- C:\PerfLogs

2008-06-12 00:04 . 2008-01-19 04:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe

2008-06-12 00:04 . 2008-01-19 04:36 1,541,120 --a------ C:\Windows\System32\onex.dll

2008-06-12 00:04 . 2008-01-19 04:42 51,768 --a------ C:\Windows\System32\PSHED.DLL

2008-06-12 00:02 . 2008-01-19 04:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-06-12 00:01 . 2008-01-19 04:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-06-12 00:00 . 2008-01-19 04:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-06-11 23:59 . 2008-01-19 03:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-06-11 23:58 . 2008-01-19 04:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe

2008-06-11 23:58 . 2008-01-19 04:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-06-11 23:58 . 2008-01-05 08:31 145,455 --a------ C:\Windows\System32\perfmon.msc

2008-06-11 23:58 . 2008-01-05 08:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc

2008-06-11 23:58 . 2008-01-05 08:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs

2008-06-11 23:58 . 2008-01-05 08:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs

2008-06-11 23:58 . 2008-01-05 08:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf

2008-06-11 23:57 . 2008-01-19 04:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-06-11 23:57 . 2008-01-19 04:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-06-11 23:57 . 2008-01-19 04:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-06-11 23:57 . 2008-01-19 04:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-06-11 23:56 . 2008-01-19 04:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-06-11 23:56 . 2008-01-19 04:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-06-11 23:56 . 2008-01-19 04:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-06-11 23:56 . 2008-01-19 04:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-06-11 23:31 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll

2008-06-11 23:29 . 2008-06-11 23:29 <DIR> d-------- C:\Program Files\Microsoft Works

2008-06-11 23:28 . 2008-06-11 23:28 <DIR> d-------- C:\Windows\PCHEALTH

2008-06-11 23:28 . 2008-06-11 23:28 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-06-11 23:26 . 2008-06-11 23:26 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8

2008-06-11 23:25 . 2008-06-11 23:29 <DIR> d-------- C:\Windows\SHELLNEW

2008-06-11 23:24 . 2008-07-27 09:38 <DIR> d-------- C:\Users\All Users\Microsoft Help

2008-06-11 23:24 . 2008-07-27 09:38 <DIR> d-------- C:\ProgramData\Microsoft Help

2008-06-11 23:22 . 2008-06-11 23:22 <DIR> dr-h----- C:\MSOCache

2008-06-11 05:37 . 2008-06-11 05:37 74,703 --a------ C:\Windows\System32\mfc45.dll

2008-06-11 05:36 . 2008-06-11 05:36 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\iolo

2008-06-11 05:36 . 2008-06-11 05:36 <DIR> d-------- C:\Users\All Users\iolo

2008-06-11 05:36 . 2008-06-11 05:36 <DIR> d-------- C:\ProgramData\iolo

2008-06-11 05:15 . 2008-06-11 05:15 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-06-11 05:10 . 2008-06-11 05:10 <DIR> d-------- C:\Windows\System32\Macromed

2008-06-11 04:56 . 2008-06-14 18:57 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Roxio

2008-06-11 04:41 . 2008-06-11 04:41 1,820 --a------ C:\Windows\System32\rasctrnm.h

2008-06-11 04:25 . 2008-06-11 04:25 988,216 --a------ C:\Windows\System32\winload.exe

2008-06-11 04:25 . 2008-06-11 04:25 927,288 --a------ C:\Windows\System32\winresume.exe

2008-06-11 04:25 . 2008-06-11 04:25 378,368 --a------ C:\Windows\System32\srcore.dll

2008-06-11 04:25 . 2008-06-11 04:25 318,464 --a------ C:\Windows\System32\rstrui.exe

2008-06-11 04:25 . 2008-06-11 04:25 46,592 --a------ C:\Windows\System32\setbcdlocale.dll

2008-06-11 04:25 . 2008-06-11 04:25 40,960 --a------ C:\Windows\System32\srclient.dll

2008-06-11 04:25 . 2008-06-11 04:25 19,000 --a------ C:\Windows\System32\kd1394.dll

2008-06-11 04:25 . 2008-06-11 04:25 14,848 --a------ C:\Windows\System32\srdelayed.exe

2008-06-11 04:25 . 2008-06-11 04:25 6,656 --a------ C:\Windows\System32\kbd106n.dll

2008-06-11 04:24 . 2008-06-11 04:24 615,992 --a------ C:\Windows\System32\ci.dll

2008-06-11 04:23 . 2008-06-11 04:23 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-11 04:21 . 2008-06-24 02:14 <DIR> d-------- C:\Program Files\Opera

2008-06-11 04:21 . 2008-06-11 04:21 2,032,128 --a------ C:\Windows\System32\win32k.sys

2008-06-11 04:20 . 2008-06-11 04:20 295,936 --a------ C:\Windows\System32\gdi32.dll

2008-06-11 04:19 . 2008-06-11 04:50 <DIR> d-------- C:\Windows\System32\DLA

2008-06-11 04:19 . 2006-07-21 11:21 99,176 --a------ C:\Windows\System32\drivers\DRVMCDB.SYS

2008-06-11 04:19 . 2006-10-26 16:21 92,920 --a------ C:\Windows\DLA.EXE

2008-06-11 04:19 . 2006-10-26 16:21 56,056 --a------ C:\Windows\System32\DLAAPI_W.DLL

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-28 02:28 --------- d-----w C:\Program Files\Windows Mail

2008-06-12 04:02 174 --sha-w C:\Program Files\desktop.ini

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Defender

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Calendar

2008-06-12 03:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-12 03:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-12 02:29 --------- d-----w C:\Program Files\MSBuild

2008-06-11 07:13 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-11 07:13 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-06-11 07:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-06-11 07:13 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-06-11 07:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Modelos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Menu Iniciar

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Favoritos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Documentos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Dados de aplicativos

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Common Files\Sistema

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Arquivos Comuns

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 04:33 1233920]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 11:14 118784]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-08-07 15:49 1548288]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 13:29 159744]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-06-11 02:42 77824]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-15 09:41 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-15 09:41 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-15 09:41 133656]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 17:01 36864]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 01:15 15872]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 01:54 185896]

"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]

"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{420FF8B0-5215-4561-A13F-FE1E57027EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C20FEE50-0171-4816-82AD-D2C30734914B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A9AB6CBB-BBFB-4B50-8EEE-6B253494F65A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBC50457-9415-4FFB-AC5F-357E8920F9AA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{352476FC-4E92-4070-8BF0-65908A313DC6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{22C513B0-ADC8-4DF4-8772-83B13C9EB978}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-28 03:17]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-20 15:31]

R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 23:21]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 10:22]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

.

Conte£do da pasta 'Tarefas Agendadas'

.

.

------- Ccan Suplementar -------

.

O8 -: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O18 -: Handler: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-30 03:54:10

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

-> C:\Windows\system32\DLAAPI_W.DLL

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\wlanext.exe

C:\Windows\System32\BCMWLTRY.EXE

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\hidfind.exe

C:\Program Files\DellTPad\ApntEx.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-30 3:57:59 - Maquina reiniciou [CRIS]

ComboFix-quarantined-files.txt 2008-07-30 06:57:40

 

Pre-Run: 53,018,832,896 bytes disponíveis

Post-Run: 52,792,614,912 bytes dispon¡veis

 

296 --- E O F --- 2008-07-28 03:49:19

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:19:42, on 30/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 10028 bytes

 

-----------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:24:48, on 30/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\OEM02Mon.exe

D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\DellTPad\Apoint.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe

D:\Arquivos de programas\DellTPad\ApMsgFwd.exe

D:\Arquivos de programas\DellTPad\Apntex.exe

D:\Arquivos de programas\DellTPad\HidFind.exe

D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\system32\notepad.exe

D:\Arquivos de programas\F-Secure\Common\FSLAUNCHER0.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {ad8088d4-219c-40db-b16a-5e53261bed3d} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] D:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe /s

O4 - HKLM\..\Run: [Apoint] D:\Arquivos de programas\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSPM Startup] D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced WindowsCare 3] "D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - Winlogon Notify: GbPluginCef - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\Arquivos de programas\a-squared Free\a2service.exe (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

 

--

End of file - 9577 bytes

[PedroN 1]

Esses dois log do hijackthis?

 

Vôu análisar apenas um, depois você posta o outro, preciso saber em qual maquina você executou o combofix.

[REDENTOR 0]

Não entendi seu comentário... como te disse, só consegui rodar o combofix na partição c...

 

mas coloquei os dois logs do hijackthis pra você olhar (de repente percebe o porque não consegui todar o combofix na outra) pq rodei cada um numa partição

[PedroN 1]

Vamos pela participação C: ok?

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\found.000

File::

C:\Program Files\desktop.ini

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[REDENTOR 0]

Fiz o que você pediu, aqui estão os logs, obrigada

 

ComboFix 08-07-29.1 - CRIS 2008-08-01 18:57:12.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.1594 [GMT -3:00]

Executando de: C:\Users\CRIS\Desktop\ComboFix.exe

Command switches used :: C:\Users\CRIS\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\found.000

C:\found.000\dir0000.chk\00fs.pre

C:\found.000\dir0000.chk\96_fs-mortgage.cf

C:\found.000\dir0000.chk\97_fs-domain-whitelist.cf

C:\found.000\dir0000.chk\97_fs-sdxudlly_vxplicit.cf

C:\found.000\dir0000.chk\97_fs-spf-whitelist.cf

C:\found.000\dir0000.chk\99_fs-bayes.cf

C:\found.000\dir0000.chk\99_fs-scores-aux.cf

C:\found.000\dir0000.chk\mappings.txt

C:\found.000\dir0001.chk\FS@scdb.ini

C:\found.000\dir0001.chk\spamscanner.pl

C:\found.000\file0000.chk

C:\found.000\file0001.chk

C:\found.000\file0002.chk

C:\Program Files\desktop.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))

.

 

2008-08-01 18:56 . 2008-08-01 18:56 <DIR> d-------- C:\327882R2FWJFW

2008-07-30 04:17 . 2008-07-30 04:17 812,344 --a------ C:\HJTInstall.exe

2008-07-28 20:39 . 2008-07-28 20:39 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 <DIR> d-------- C:\Program Files\Common Files\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 129,248 --a------ C:\Windows\System32\drivers\snapman.sys

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d-------- C:\Program Files\Windows Live

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\ProgramData\WLInstaller

2008-07-28 03:01 . 2008-08-01 19:03 81,984 --a------ C:\Windows\System32\bdod.bin

2008-07-28 02:46 . 2008-07-28 02:46 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\BitDefender

2008-07-28 02:41 . 2008-07-31 22:41 <DIR> d-------- C:\Users\All Users\BitDefender

2008-07-28 02:41 . 2008-07-31 22:41 <DIR> d-------- C:\ProgramData\BitDefender

2008-07-28 02:41 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\BitDefender

2008-07-28 02:40 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\Common Files\BitDefender

2008-07-28 01:59 . 2008-07-28 01:58 203,776 --a------ C:\Windows\System32\clrviddc.dll

2008-07-28 01:59 . 1999-09-10 08:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll

2008-07-28 01:59 . 1999-09-10 08:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys

2008-07-28 01:59 . 1999-09-10 08:06 5,600 --a------ C:\Windows\system\winaspi.dll

2008-07-28 01:59 . 1999-09-10 08:06 4,672 --a------ C:\Windows\system\wowpost.exe

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\DreaMule

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Real

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Common Files\Real

2008-07-28 01:50 . 2008-07-28 01:50 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Desktopicon

2008-07-28 01:50 . 2008-07-30 03:06 <DIR> d-------- C:\Program Files\Unlocker

2008-07-28 01:49 . 2008-07-28 01:49 <DIR> d-------- C:\Program Files\CCleaner

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\Users\All Users\eMule

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\ProgramData\eMule

2008-07-28 01:00 . 2008-07-28 01:25 4,839 --a------ C:\error.htm

2008-07-28 01:00 . 2008-07-28 01:00 0 --a------ C:\infect.htm

2008-07-28 00:44 . 2008-06-25 22:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-28 00:44 . 2008-06-25 22:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-28 00:44 . 2008-06-26 00:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-27 09:13 . 2008-04-26 05:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-27 09:13 . 2008-04-26 05:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-27 09:13 . 2008-04-26 05:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-27 09:13 . 2008-05-10 00:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-07-27 09:13 . 2008-04-12 00:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-27 09:13 . 2008-05-10 00:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-27 09:13 . 2008-04-04 22:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-27 09:13 . 2008-04-05 00:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-27 09:13 . 2008-05-09 19:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-07-27 09:13 . 2008-05-09 19:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-07-27 09:12 . 2008-05-08 18:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-27 09:12 . 2008-05-08 18:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-27 09:12 . 2008-05-08 18:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-27 09:12 . 2008-05-08 18:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-27 09:12 . 2008-05-08 18:59 90,112 --a------ C:\Windows\System32\wshext.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-30 07:19 --------- d-----w C:\Program Files\Trend Micro

2008-07-28 20:56 --------- d-----w C:\Program Files\a-squared Free

2008-07-28 06:18 441,760 ----a-w C:\Windows\system32\drivers\timntr.sys

2008-07-28 06:18 44,384 ----a-w C:\Windows\system32\drivers\tifsfilt.sys

2008-07-28 06:17 368,544 ----a-w C:\Windows\system32\drivers\tdrpman.sys

2008-07-28 06:17 --------- d-----w C:\Program Files\Acronis

2008-07-28 05:03 --------- d-----w C:\ProgramData\F-Secure

2008-07-28 03:30 --------- d-----w C:\Users\CRIS\AppData\Roaming\Skype

2008-07-28 02:28 --------- d-----w C:\Program Files\Windows Mail

2008-07-27 12:38 --------- d-----w C:\ProgramData\Microsoft Help

2008-06-24 05:49 --------- d-----w C:\Users\CRIS\AppData\Roaming\App Launcher Gadget

2008-06-24 05:26 --------- d-----w C:\Program Files\Marcos Velasco Security

2008-06-24 05:25 --------- d-----w C:\ProgramData\Skype

2008-06-24 05:25 --------- d-----w C:\Program Files\Skype

2008-06-24 05:25 --------- d-----w C:\Program Files\Common Files\Skype

2008-06-24 05:24 --------- d-----w C:\Program Files\VS Revo Group

2008-06-24 05:16 --------- d-----w C:\Program Files\IObit

2008-06-24 05:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-24 05:14 --------- d-----w C:\Program Files\Opera

2008-06-14 22:00 --------- d-----w C:\ProgramData\Roxio

2008-06-14 21:57 --------- d-----w C:\Users\CRIS\AppData\Roaming\Roxio

2008-06-12 14:39 1,896,728 ----a-w C:\Windows\System32\AutoPartNt.exe

2008-06-12 07:37 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-06-12 05:00 --------- d-----w C:\Users\CRIS\AppData\Roaming\F-Secure

2008-06-12 04:58 --------- d-----w C:\Program Files\7-Zip

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Defender

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Calendar

2008-06-12 03:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-12 03:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-12 02:29 --------- d-----w C:\Program Files\MSBuild

2008-06-12 02:29 --------- d-----w C:\Program Files\Microsoft Works

2008-06-12 02:28 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-12 02:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-06-11 09:00 --------- d-----w C:\ProgramData\Dell

2008-06-11 08:37 74,703 ----a-w C:\Windows\System32\mfc45.dll

2008-06-11 08:36 --------- d-----w C:\Users\CRIS\AppData\Roaming\iolo

2008-06-11 08:36 --------- d-----w C:\ProgramData\iolo

2008-06-11 08:15 --------- d-----w C:\Program Files\MSXML 4.0

2008-06-11 07:25 988,216 ----a-w C:\Windows\System32\winload.exe

2008-06-11 07:25 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-06-11 07:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-06-11 07:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-06-11 07:25 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-06-11 07:25 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-06-11 07:25 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-06-11 07:25 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-06-11 07:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-06-11 07:24 615,992 ----a-w C:\Windows\System32\ci.dll

2008-06-11 07:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-06-11 07:20 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-06-11 07:19 --------- d-----w C:\Program Files\Roxio

2008-06-11 07:15 14,848 ----a-w C:\Windows\System32\wshrm.dll

2008-06-11 07:15 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-06-11 07:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-06-11 07:13 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-11 07:13 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-06-11 07:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-11 07:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-06-11 07:13 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-06-11 07:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-06-11 07:13 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-06-11 07:12 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-06-11 07:11 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-06-11 07:09 --------- d-----w C:\ProgramData\Sonic

2008-06-11 07:08 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-06-11 07:08 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-06-11 07:04 --------- d-----w C:\ProgramData\InstallShield

2008-06-11 07:04 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-11 06:59 --------- d-----w C:\ProgramData\fssg

2008-06-11 06:41 --------- d-----w C:\ProgramData\Acronis

2008-06-11 06:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 06:09 --------- d-----w C:\Program Files\Creative

2008-06-11 06:09 --------- d-----w C:\Program Files\Common Files\Reallusion

2008-06-11 06:08 --------- d-----w C:\Program Files\Common Files\Creative

2008-06-11 06:07 --------- d-----w C:\Program Files\Dell

2008-06-11 06:07 --------- d-----w C:\Program Files\Creative Live! Cam

2008-06-11 05:43 --------- d-----w C:\ProgramData\SupportSoft

2008-06-11 05:43 --------- d-----w C:\Program Files\Dell Support Center

2008-06-11 05:43 --------- d-----w C:\Program Files\Common Files\supportsoft

2008-06-11 05:41 --------- d-----w C:\Program Files\Java

2008-06-11 05:41 --------- d-----w C:\Program Files\Common Files\Java

2008-06-11 05:16 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-06-11 05:16 --------- d-----w C:\Program Files\DellTPad

2008-06-11 05:10 --------- d-----w C:\Program Files\SigmaTel

2008-06-11 05:09 --------- d-----w C:\Program Files\Cisco

2008-06-11 05:07 --------- d-----w C:\Users\CRIS\AppData\Roaming\InstallShield

2008-06-11 05:06 --------- d-----w C:\Users\CRIS\AppData\Roaming\TMP

2008-06-11 05:06 --------- d-----w C:\Program Files\Marvell

2008-06-11 05:05 --------- d-----w C:\Program Files\CONEXANT

2008-06-11 04:50 --------- d-----w C:\Program Files\Intel

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Modelos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Menu Iniciar

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Favoritos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Documentos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Dados de aplicativos

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Common Files\Sistema

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Arquivos Comuns

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 04:33 1233920]

"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 11:14 118784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-08-07 15:49 1548288]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 13:29 159744]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-06-11 02:42 77824]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-15 09:41 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-15 09:41 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-15 09:41 133656]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 17:01 36864]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 01:15 15872]

"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]

"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-28 01:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{420FF8B0-5215-4561-A13F-FE1E57027EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C20FEE50-0171-4816-82AD-D2C30734914B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A9AB6CBB-BBFB-4B50-8EEE-6B253494F65A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBC50457-9415-4FFB-AC5F-357E8920F9AA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{352476FC-4E92-4070-8BF0-65908A313DC6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{22C513B0-ADC8-4DF4-8772-83B13C9EB978}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-28 03:17]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-20 15:31]

R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 23:21]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 10:22]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

.

Conte£do da pasta 'Tarefas Agendadas'

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 19:01:49

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

-> ?:\Windows\system32\authui.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\BCMWLTRY.EXE

C:\Windows\System32\wlanext.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\hidfind.exe

C:\Program Files\DellTPad\ApntEx.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

 

.

Tempo para conclusÆo: 2008-08-01 19:05:41 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-01 22:05:33

 

Pre-Run: 52,665,319,424 bytes disponíveis

Post-Run: 52,444,200,960 bytes dispon¡veis

 

305 --- E O F --- 2008-07-28 03:49:19

 

-----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:19:42, on 30/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 10028 bytes

[REDENTOR 0]

Fiz o que você pediu, aqui estão os logs, obrigada

 

ComboFix 08-07-29.1 - CRIS 2008-08-01 18:57:12.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.1594 [GMT -3:00]

Executando de: C:\Users\CRIS\Desktop\ComboFix.exe

Command switches used :: C:\Users\CRIS\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\found.000

C:\found.000\dir0000.chk\00fs.pre

C:\found.000\dir0000.chk\96_fs-mortgage.cf

C:\found.000\dir0000.chk\97_fs-domain-whitelist.cf

C:\found.000\dir0000.chk\97_fs-sdxudlly_vxplicit.cf

C:\found.000\dir0000.chk\97_fs-spf-whitelist.cf

C:\found.000\dir0000.chk\99_fs-bayes.cf

C:\found.000\dir0000.chk\99_fs-scores-aux.cf

C:\found.000\dir0000.chk\mappings.txt

C:\found.000\dir0001.chk\FS@scdb.ini

C:\found.000\dir0001.chk\spamscanner.pl

C:\found.000\file0000.chk

C:\found.000\file0001.chk

C:\found.000\file0002.chk

C:\Program Files\desktop.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))

.

 

2008-08-01 18:56 . 2008-08-01 18:56 <DIR> d-------- C:\327882R2FWJFW

2008-07-30 04:17 . 2008-07-30 04:17 812,344 --a------ C:\HJTInstall.exe

2008-07-28 20:39 . 2008-07-28 20:39 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 <DIR> d-------- C:\Program Files\Common Files\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 129,248 --a------ C:\Windows\System32\drivers\snapman.sys

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d-------- C:\Program Files\Windows Live

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\ProgramData\WLInstaller

2008-07-28 03:01 . 2008-08-01 19:03 81,984 --a------ C:\Windows\System32\bdod.bin

2008-07-28 02:46 . 2008-07-28 02:46 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\BitDefender

2008-07-28 02:41 . 2008-07-31 22:41 <DIR> d-------- C:\Users\All Users\BitDefender

2008-07-28 02:41 . 2008-07-31 22:41 <DIR> d-------- C:\ProgramData\BitDefender

2008-07-28 02:41 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\BitDefender

2008-07-28 02:40 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\Common Files\BitDefender

2008-07-28 01:59 . 2008-07-28 01:58 203,776 --a------ C:\Windows\System32\clrviddc.dll

2008-07-28 01:59 . 1999-09-10 08:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll

2008-07-28 01:59 . 1999-09-10 08:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys

2008-07-28 01:59 . 1999-09-10 08:06 5,600 --a------ C:\Windows\system\winaspi.dll

2008-07-28 01:59 . 1999-09-10 08:06 4,672 --a------ C:\Windows\system\wowpost.exe

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\DreaMule

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Real

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Common Files\Real

2008-07-28 01:50 . 2008-07-28 01:50 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Desktopicon

2008-07-28 01:50 . 2008-07-30 03:06 <DIR> d-------- C:\Program Files\Unlocker

2008-07-28 01:49 . 2008-07-28 01:49 <DIR> d-------- C:\Program Files\CCleaner

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\Users\All Users\eMule

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\ProgramData\eMule

2008-07-28 01:00 . 2008-07-28 01:25 4,839 --a------ C:\error.htm

2008-07-28 01:00 . 2008-07-28 01:00 0 --a------ C:\infect.htm

2008-07-28 00:44 . 2008-06-25 22:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-28 00:44 . 2008-06-25 22:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-28 00:44 . 2008-06-26 00:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-27 09:13 . 2008-04-26 05:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-27 09:13 . 2008-04-26 05:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-27 09:13 . 2008-04-26 05:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-27 09:13 . 2008-05-10 00:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-07-27 09:13 . 2008-04-12 00:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-27 09:13 . 2008-05-10 00:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-27 09:13 . 2008-04-04 22:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-27 09:13 . 2008-04-05 00:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-27 09:13 . 2008-05-09 19:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-07-27 09:13 . 2008-05-09 19:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-07-27 09:12 . 2008-05-08 18:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-27 09:12 . 2008-05-08 18:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-27 09:12 . 2008-05-08 18:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-27 09:12 . 2008-05-08 18:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-27 09:12 . 2008-05-08 18:59 90,112 --a------ C:\Windows\System32\wshext.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-30 07:19 --------- d-----w C:\Program Files\Trend Micro

2008-07-28 20:56 --------- d-----w C:\Program Files\a-squared Free

2008-07-28 06:18 441,760 ----a-w C:\Windows\system32\drivers\timntr.sys

2008-07-28 06:18 44,384 ----a-w C:\Windows\system32\drivers\tifsfilt.sys

2008-07-28 06:17 368,544 ----a-w C:\Windows\system32\drivers\tdrpman.sys

2008-07-28 06:17 --------- d-----w C:\Program Files\Acronis

2008-07-28 05:03 --------- d-----w C:\ProgramData\F-Secure

2008-07-28 03:30 --------- d-----w C:\Users\CRIS\AppData\Roaming\Skype

2008-07-28 02:28 --------- d-----w C:\Program Files\Windows Mail

2008-07-27 12:38 --------- d-----w C:\ProgramData\Microsoft Help

2008-06-24 05:49 --------- d-----w C:\Users\CRIS\AppData\Roaming\App Launcher Gadget

2008-06-24 05:26 --------- d-----w C:\Program Files\Marcos Velasco Security

2008-06-24 05:25 --------- d-----w C:\ProgramData\Skype

2008-06-24 05:25 --------- d-----w C:\Program Files\Skype

2008-06-24 05:25 --------- d-----w C:\Program Files\Common Files\Skype

2008-06-24 05:24 --------- d-----w C:\Program Files\VS Revo Group

2008-06-24 05:16 --------- d-----w C:\Program Files\IObit

2008-06-24 05:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-24 05:14 --------- d-----w C:\Program Files\Opera

2008-06-14 22:00 --------- d-----w C:\ProgramData\Roxio

2008-06-14 21:57 --------- d-----w C:\Users\CRIS\AppData\Roaming\Roxio

2008-06-12 14:39 1,896,728 ----a-w C:\Windows\System32\AutoPartNt.exe

2008-06-12 07:37 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-06-12 05:00 --------- d-----w C:\Users\CRIS\AppData\Roaming\F-Secure

2008-06-12 04:58 --------- d-----w C:\Program Files\7-Zip

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Defender

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Calendar

2008-06-12 03:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-12 03:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-12 02:29 --------- d-----w C:\Program Files\MSBuild

2008-06-12 02:29 --------- d-----w C:\Program Files\Microsoft Works

2008-06-12 02:28 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-12 02:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-06-11 09:00 --------- d-----w C:\ProgramData\Dell

2008-06-11 08:37 74,703 ----a-w C:\Windows\System32\mfc45.dll

2008-06-11 08:36 --------- d-----w C:\Users\CRIS\AppData\Roaming\iolo

2008-06-11 08:36 --------- d-----w C:\ProgramData\iolo

2008-06-11 08:15 --------- d-----w C:\Program Files\MSXML 4.0

2008-06-11 07:25 988,216 ----a-w C:\Windows\System32\winload.exe

2008-06-11 07:25 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-06-11 07:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-06-11 07:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-06-11 07:25 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-06-11 07:25 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-06-11 07:25 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-06-11 07:25 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-06-11 07:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-06-11 07:24 615,992 ----a-w C:\Windows\System32\ci.dll

2008-06-11 07:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-06-11 07:20 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-06-11 07:19 --------- d-----w C:\Program Files\Roxio

2008-06-11 07:15 14,848 ----a-w C:\Windows\System32\wshrm.dll

2008-06-11 07:15 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-06-11 07:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-06-11 07:13 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-11 07:13 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-06-11 07:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-11 07:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-06-11 07:13 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-06-11 07:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-06-11 07:13 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-06-11 07:12 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-06-11 07:11 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-06-11 07:09 --------- d-----w C:\ProgramData\Sonic

2008-06-11 07:08 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-06-11 07:08 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-06-11 07:04 --------- d-----w C:\ProgramData\InstallShield

2008-06-11 07:04 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-11 06:59 --------- d-----w C:\ProgramData\fssg

2008-06-11 06:41 --------- d-----w C:\ProgramData\Acronis

2008-06-11 06:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 06:09 --------- d-----w C:\Program Files\Creative

2008-06-11 06:09 --------- d-----w C:\Program Files\Common Files\Reallusion

2008-06-11 06:08 --------- d-----w C:\Program Files\Common Files\Creative

2008-06-11 06:07 --------- d-----w C:\Program Files\Dell

2008-06-11 06:07 --------- d-----w C:\Program Files\Creative Live! Cam

2008-06-11 05:43 --------- d-----w C:\ProgramData\SupportSoft

2008-06-11 05:43 --------- d-----w C:\Program Files\Dell Support Center

2008-06-11 05:43 --------- d-----w C:\Program Files\Common Files\supportsoft

2008-06-11 05:41 --------- d-----w C:\Program Files\Java

2008-06-11 05:41 --------- d-----w C:\Program Files\Common Files\Java

2008-06-11 05:16 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-06-11 05:16 --------- d-----w C:\Program Files\DellTPad

2008-06-11 05:10 --------- d-----w C:\Program Files\SigmaTel

2008-06-11 05:09 --------- d-----w C:\Program Files\Cisco

2008-06-11 05:07 --------- d-----w C:\Users\CRIS\AppData\Roaming\InstallShield

2008-06-11 05:06 --------- d-----w C:\Users\CRIS\AppData\Roaming\TMP

2008-06-11 05:06 --------- d-----w C:\Program Files\Marvell

2008-06-11 05:05 --------- d-----w C:\Program Files\CONEXANT

2008-06-11 04:50 --------- d-----w C:\Program Files\Intel

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Modelos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Menu Iniciar

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Favoritos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Documentos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Dados de aplicativos

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Common Files\Sistema

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Arquivos Comuns

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 04:33 1233920]

"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 11:14 118784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-08-07 15:49 1548288]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 13:29 159744]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-06-11 02:42 77824]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-15 09:41 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-15 09:41 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-15 09:41 133656]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 17:01 36864]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 01:15 15872]

"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]

"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-28 01:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{420FF8B0-5215-4561-A13F-FE1E57027EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C20FEE50-0171-4816-82AD-D2C30734914B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A9AB6CBB-BBFB-4B50-8EEE-6B253494F65A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBC50457-9415-4FFB-AC5F-357E8920F9AA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{352476FC-4E92-4070-8BF0-65908A313DC6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{22C513B0-ADC8-4DF4-8772-83B13C9EB978}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-28 03:17]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-20 15:31]

R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 23:21]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 10:22]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

.

Conte£do da pasta 'Tarefas Agendadas'

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 19:01:49

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

-> ?:\Windows\system32\authui.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\BCMWLTRY.EXE

C:\Windows\System32\wlanext.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\hidfind.exe

C:\Program Files\DellTPad\ApntEx.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

 

.

Tempo para conclusÆo: 2008-08-01 19:05:41 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-01 22:05:33

 

Pre-Run: 52,665,319,424 bytes disponíveis

Post-Run: 52,444,200,960 bytes dispon¡veis

 

305 --- E O F --- 2008-07-28 03:49:19

 

-----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:19:42, on 30/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 10028 bytes

[REDENTOR 0]

Fiz o que você pediu, aqui estão os logs, obrigada

 

ComboFix 08-07-29.1 - CRIS 2008-08-01 18:57:12.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1046.18.1594 [GMT -3:00]

Executando de: C:\Users\CRIS\Desktop\ComboFix.exe

Command switches used :: C:\Users\CRIS\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

 

 

FILE ::

C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\found.000

C:\found.000\dir0000.chk\00fs.pre

C:\found.000\dir0000.chk\96_fs-mortgage.cf

C:\found.000\dir0000.chk\97_fs-domain-whitelist.cf

C:\found.000\dir0000.chk\97_fs-sdxudlly_vxplicit.cf

C:\found.000\dir0000.chk\97_fs-spf-whitelist.cf

C:\found.000\dir0000.chk\99_fs-bayes.cf

C:\found.000\dir0000.chk\99_fs-scores-aux.cf

C:\found.000\dir0000.chk\mappings.txt

C:\found.000\dir0001.chk\FS@scdb.ini

C:\found.000\dir0001.chk\spamscanner.pl

C:\found.000\file0000.chk

C:\found.000\file0001.chk

C:\found.000\file0002.chk

C:\Program Files\desktop.ini

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))

.

 

2008-08-01 18:56 . 2008-08-01 18:56 <DIR> d-------- C:\327882R2FWJFW

2008-07-30 04:17 . 2008-07-30 04:17 812,344 --a------ C:\HJTInstall.exe

2008-07-28 20:39 . 2008-07-28 20:39 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 <DIR> d-------- C:\Program Files\Common Files\Acronis

2008-07-28 03:17 . 2008-07-28 03:17 129,248 --a------ C:\Windows\System32\drivers\snapman.sys

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d-------- C:\Program Files\Windows Live

2008-07-28 03:11 . 2008-07-28 03:24 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-07-28 03:09 . 2008-07-28 03:09 <DIR> d-------- C:\ProgramData\WLInstaller

2008-07-28 03:01 . 2008-08-01 19:03 81,984 --a------ C:\Windows\System32\bdod.bin

2008-07-28 02:46 . 2008-07-28 02:46 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\BitDefender

2008-07-28 02:41 . 2008-07-31 22:41 <DIR> d-------- C:\Users\All Users\BitDefender

2008-07-28 02:41 . 2008-07-31 22:41 <DIR> d-------- C:\ProgramData\BitDefender

2008-07-28 02:41 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\BitDefender

2008-07-28 02:40 . 2008-07-28 02:41 <DIR> d-------- C:\Program Files\Common Files\BitDefender

2008-07-28 01:59 . 2008-07-28 01:58 203,776 --a------ C:\Windows\System32\clrviddc.dll

2008-07-28 01:59 . 1999-09-10 08:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll

2008-07-28 01:59 . 1999-09-10 08:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys

2008-07-28 01:59 . 1999-09-10 08:06 5,600 --a------ C:\Windows\system\winaspi.dll

2008-07-28 01:59 . 1999-09-10 08:06 4,672 --a------ C:\Windows\system\wowpost.exe

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\DreaMule

2008-07-28 01:55 . 2008-07-28 01:55 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Real

2008-07-28 01:54 . 2008-07-28 01:54 <DIR> d-------- C:\Program Files\Common Files\Real

2008-07-28 01:50 . 2008-07-28 01:50 <DIR> d-------- C:\Users\CRIS\AppData\Roaming\Desktopicon

2008-07-28 01:50 . 2008-07-30 03:06 <DIR> d-------- C:\Program Files\Unlocker

2008-07-28 01:49 . 2008-07-28 01:49 <DIR> d-------- C:\Program Files\CCleaner

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\Users\All Users\eMule

2008-07-28 01:42 . 2008-07-28 01:42 <DIR> d-------- C:\ProgramData\eMule

2008-07-28 01:00 . 2008-07-28 01:25 4,839 --a------ C:\error.htm

2008-07-28 01:00 . 2008-07-28 01:00 0 --a------ C:\infect.htm

2008-07-28 00:44 . 2008-06-25 22:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-28 00:44 . 2008-06-25 22:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-28 00:44 . 2008-06-26 00:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-27 09:13 . 2008-04-26 05:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-27 09:13 . 2008-04-26 05:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-27 09:13 . 2008-04-26 05:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-27 09:13 . 2008-05-10 00:35 885,248 --a------ C:\Windows\System32\RacEngn.dll

2008-07-27 09:13 . 2008-04-12 00:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-27 09:13 . 2008-05-10 00:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-27 09:13 . 2008-04-04 22:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-27 09:13 . 2008-04-05 00:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-27 09:13 . 2008-05-09 19:22 9,127 --a------ C:\Windows\System32\RacUR.xml

2008-07-27 09:13 . 2008-05-09 19:22 153 --a------ C:\Windows\System32\RacUREx.xml

2008-07-27 09:12 . 2008-05-08 18:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-27 09:12 . 2008-05-08 18:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-27 09:12 . 2008-05-08 18:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-27 09:12 . 2008-05-08 18:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-27 09:12 . 2008-05-08 18:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-27 09:12 . 2008-05-08 18:59 90,112 --a------ C:\Windows\System32\wshext.dll

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-30 07:19 --------- d-----w C:\Program Files\Trend Micro

2008-07-28 20:56 --------- d-----w C:\Program Files\a-squared Free

2008-07-28 06:18 441,760 ----a-w C:\Windows\system32\drivers\timntr.sys

2008-07-28 06:18 44,384 ----a-w C:\Windows\system32\drivers\tifsfilt.sys

2008-07-28 06:17 368,544 ----a-w C:\Windows\system32\drivers\tdrpman.sys

2008-07-28 06:17 --------- d-----w C:\Program Files\Acronis

2008-07-28 05:03 --------- d-----w C:\ProgramData\F-Secure

2008-07-28 03:30 --------- d-----w C:\Users\CRIS\AppData\Roaming\Skype

2008-07-28 02:28 --------- d-----w C:\Program Files\Windows Mail

2008-07-27 12:38 --------- d-----w C:\ProgramData\Microsoft Help

2008-06-24 05:49 --------- d-----w C:\Users\CRIS\AppData\Roaming\App Launcher Gadget

2008-06-24 05:26 --------- d-----w C:\Program Files\Marcos Velasco Security

2008-06-24 05:25 --------- d-----w C:\ProgramData\Skype

2008-06-24 05:25 --------- d-----w C:\Program Files\Skype

2008-06-24 05:25 --------- d-----w C:\Program Files\Common Files\Skype

2008-06-24 05:24 --------- d-----w C:\Program Files\VS Revo Group

2008-06-24 05:16 --------- d-----w C:\Program Files\IObit

2008-06-24 05:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-24 05:14 --------- d-----w C:\Program Files\Opera

2008-06-14 22:00 --------- d-----w C:\ProgramData\Roxio

2008-06-14 21:57 --------- d-----w C:\Users\CRIS\AppData\Roaming\Roxio

2008-06-12 14:39 1,896,728 ----a-w C:\Windows\System32\AutoPartNt.exe

2008-06-12 07:37 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-06-12 05:00 --------- d-----w C:\Users\CRIS\AppData\Roaming\F-Secure

2008-06-12 04:58 --------- d-----w C:\Program Files\7-Zip

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Defender

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-12 03:54 --------- d-----w C:\Program Files\Windows Calendar

2008-06-12 03:34 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-12 03:34 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-12 02:29 --------- d-----w C:\Program Files\MSBuild

2008-06-12 02:29 --------- d-----w C:\Program Files\Microsoft Works

2008-06-12 02:28 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-12 02:26 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-06-11 09:00 --------- d-----w C:\ProgramData\Dell

2008-06-11 08:37 74,703 ----a-w C:\Windows\System32\mfc45.dll

2008-06-11 08:36 --------- d-----w C:\Users\CRIS\AppData\Roaming\iolo

2008-06-11 08:36 --------- d-----w C:\ProgramData\iolo

2008-06-11 08:15 --------- d-----w C:\Program Files\MSXML 4.0

2008-06-11 07:25 988,216 ----a-w C:\Windows\System32\winload.exe

2008-06-11 07:25 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-06-11 07:25 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-06-11 07:25 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-06-11 07:25 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-06-11 07:25 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-06-11 07:25 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-06-11 07:25 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-06-11 07:25 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-06-11 07:24 615,992 ----a-w C:\Windows\System32\ci.dll

2008-06-11 07:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-06-11 07:20 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-06-11 07:19 --------- d-----w C:\Program Files\Roxio

2008-06-11 07:15 14,848 ----a-w C:\Windows\System32\wshrm.dll

2008-06-11 07:15 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-06-11 07:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-06-11 07:13 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-11 07:13 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-06-11 07:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-11 07:13 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-06-11 07:13 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-06-11 07:13 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-06-11 07:13 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-06-11 07:12 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-06-11 07:11 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-06-11 07:09 --------- d-----w C:\ProgramData\Sonic

2008-06-11 07:08 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-06-11 07:08 --------- d-----w C:\Program Files\Common Files\Roxio Shared

2008-06-11 07:04 --------- d-----w C:\ProgramData\InstallShield

2008-06-11 07:04 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-11 06:59 --------- d-----w C:\ProgramData\fssg

2008-06-11 06:41 --------- d-----w C:\ProgramData\Acronis

2008-06-11 06:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 06:09 --------- d-----w C:\Program Files\Creative

2008-06-11 06:09 --------- d-----w C:\Program Files\Common Files\Reallusion

2008-06-11 06:08 --------- d-----w C:\Program Files\Common Files\Creative

2008-06-11 06:07 --------- d-----w C:\Program Files\Dell

2008-06-11 06:07 --------- d-----w C:\Program Files\Creative Live! Cam

2008-06-11 05:43 --------- d-----w C:\ProgramData\SupportSoft

2008-06-11 05:43 --------- d-----w C:\Program Files\Dell Support Center

2008-06-11 05:43 --------- d-----w C:\Program Files\Common Files\supportsoft

2008-06-11 05:41 --------- d-----w C:\Program Files\Java

2008-06-11 05:41 --------- d-----w C:\Program Files\Common Files\Java

2008-06-11 05:16 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-06-11 05:16 --------- d-----w C:\Program Files\DellTPad

2008-06-11 05:10 --------- d-----w C:\Program Files\SigmaTel

2008-06-11 05:09 --------- d-----w C:\Program Files\Cisco

2008-06-11 05:07 --------- d-----w C:\Users\CRIS\AppData\Roaming\InstallShield

2008-06-11 05:06 --------- d-----w C:\Users\CRIS\AppData\Roaming\TMP

2008-06-11 05:06 --------- d-----w C:\Program Files\Marvell

2008-06-11 05:05 --------- d-----w C:\Program Files\CONEXANT

2008-06-11 04:50 --------- d-----w C:\Program Files\Intel

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Modelos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Menu Iniciar

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Favoritos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Documentos

2008-06-11 03:10 --------- d-sh--w C:\ProgramData\Dados de aplicativos

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Common Files\Sistema

2008-06-11 03:10 --------- d-sh--w C:\Program Files\Arquivos Comuns

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 04:33 1233920]

"DELL Webcam Manager"="C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" [2007-06-07 11:14 118784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-08-07 15:49 1548288]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 13:29 159744]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-06-11 02:42 77824]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-15 09:41 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-15 09:41 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-15 09:41 133656]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-09 17:01 36864]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 01:15 15872]

"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]

"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]

"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-30 20:06 2595616]

"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-30 20:11 909208]

"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-30 20:07 140568]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-28 01:54 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{420FF8B0-5215-4561-A13F-FE1E57027EDA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C20FEE50-0171-4816-82AD-D2C30734914B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{A9AB6CBB-BBFB-4B50-8EEE-6B253494F65A}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{BBC50457-9415-4FFB-AC5F-357E8920F9AA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{352476FC-4E92-4070-8BF0-65908A313DC6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{22C513B0-ADC8-4DF4-8772-83B13C9EB978}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-07-28 03:17]

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-20 15:31]

R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 16:16]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 23:21]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 10:45]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 10:22]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bdx REG_MULTI_SZ scan

.

Conte£do da pasta 'Tarefas Agendadas'

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 19:01:49

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\Windows\Explorer.exe

-> C:\Program Files\Unlocker\UnlockerHook.dll

-> ?:\Windows\system32\authui.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\BCMWLTRY.EXE

C:\Windows\System32\wlanext.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\igfxsrvc.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\hidfind.exe

C:\Program Files\DellTPad\ApntEx.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

 

.

Tempo para conclusÆo: 2008-08-01 19:05:41 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-01 22:05:33

 

Pre-Run: 52,665,319,424 bytes disponíveis

Post-Run: 52,444,200,960 bytes dispon¡veis

 

305 --- E O F --- 2008-07-28 03:49:19

 

-----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:19:42, on 30/07/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 10028 bytes

[PedroN 1]

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

* Abra o programa e clique em Executar Limpeza;

* Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

[REDENTOR 0]

muito obrigada!!!

 

você quer que eu abra um novo tópico pra analise do log da outra partição, ou você acha melhor analisar aqui mesmo e aproveitar as informações já postadas?

[PedroN 1]

muito obrigada!!!

 

você quer que eu abra um novo tópico pra analise do log da outra partição, ou você acha melhor analisar aqui mesmo e aproveitar as informações já postadas?

 

Aqui mesmo nesse tópico

 

:thumbsup:

[REDENTOR 0]

ok, então segue o log do hijackthis, valeu.

obs: não dá pra rodar o combofix, ele começa a tela azul, fala que modificou as definições do relogio, e logo em seguida, aparece rapidamente aquelas telas azuis de erro e o micro reinicia...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:00:47, on 3/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\ARQUIV~1\GbPlugin\GbpSv.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\hkcmd.exe

D:\WINDOWS\system32\igfxpers.exe

D:\WINDOWS\OEM02Mon.exe

D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe

D:\Arquivos de programas\DellTPad\Apoint.exe

D:\WINDOWS\system32\igfxsrvc.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\DellTPad\ApMsgFwd.exe

D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe

D:\Arquivos de programas\DellTPad\Apntex.exe

D:\Arquivos de programas\DellTPad\HidFind.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

D:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

D:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

D:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

D:\WINDOWS\System32\alg.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

D:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

D:\WINDOWS\system32\wuauclt.exe

d:\arquiv~1\arquiv~1\instal~1\updateservice\isuspm.exe

D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\agent.exe

D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {ad8088d4-219c-40db-b16a-5e53261bed3d} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] D:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe /s

O4 - HKLM\..\Run: [Apoint] D:\Arquivos de programas\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSPM Startup] D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced WindowsCare 3] "D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - Winlogon Notify: GbPluginCef - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\Arquivos de programas\a-squared Free\a2service.exe (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

 

--

End of file - 9653 bytes

[PedroN 1]

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

 

Em modo seguro, rode o hijackthis.

 

1 - Clique em Do a System Scan Only.

2 - Marque a caixinha referente à entrada relacionada abaixo na caixa cinza.

 

O4 - HKLM\..\Run: [OEM02Mon.exe] D:\WINDOWS\OEM02Mon.exe

 

3 - clique em Fix Checked

4 - Reinicie em modo normal.

5 - Copie o(s) log(s) do Hijack (atualizado) e cole-o(s) na sequência.

 

:)

[REDENTOR 0]

Fiz o que você pediu:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:38:58, on 3/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Safe mode

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {ad8088d4-219c-40db-b16a-5e53261bed3d} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [igfxTray] D:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] D:\Arquivos de programas\Dell\Dell Webcam Manager\DellWMgr.exe /s

O4 - HKLM\..\Run: [Apoint] D:\Arquivos de programas\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "D:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Arquivos de programas\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Arquivos de programas\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedhlp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iSUSPM Startup] D:\ARQUIV~1\ARQUIV~1\INSTAL~1\UpdateService\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "D:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\RunOnce: [ GbPluginCef] RunDll32.exe D:\ARQUIV~1\GbPlugin\gbiehcef.dll,Gbieh

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced WindowsCare 3] "D:\Arquivos de programas\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - D:\Arquivos de programas\Trend Micro\TrendProtect\MSIE\wrs.dll

O20 - Winlogon Notify: GbPluginCef - D:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: a-squared Free Service (a2free) - Unknown owner - D:\Arquivos de programas\a-squared Free\a2service.exe (file missing)

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Arquivos de programas\Arquivos comuns\Acronis\Schedule2\schedul2.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - D:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - D:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: Gbp Service (GbpSv) - Unknown owner - D:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Arquivos de programas\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - D:\Arquivos de programas\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - D:\Arquivos de programas\Arquivos comuns\Acronis\Fomatik\TrueImageTryStartService.exe

 

--

End of file - 7418 bytes

[PedroN 1]

Ok, o log estar limpo :)

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

* Abra o programa e clique em Executar Limpeza;

* Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.