[Arquivado] Analisem meu log

[EMERSON_1001 0]

internet lenta - páginas do internet explorer abrindo sozinha - mensagens estranhas na área de trabalho

 

Por favor me ajudem, preciso muito pois este é o PC em que eu trabalho!

 

Muito obrigado pela compreenção e aguardo resposta!

 

Até mais!

 

 

 

Segue Log do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37:29, on 28/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\msiconf.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.bin

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\hijackthis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: LPVideoPlugin - {17CFE7B9-52EE-4DD1-A074-0DE2241F4F1E} - C:\WINDOWS\system32\LPVideo.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [mstwain32] C:\WINDOWS\mstwain32.exe

O4 - HKCU\..\Run: [ProConnective] C:\Documents and Settings\Administrador\Desktop\PRORAT V 1.9\ProConnective.exe /tr:1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerU\AM32.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219866754078

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Arquivos de programas\OneStep\onestep.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

 

--

End of file - 15044 bytes

[DigRam 144]

Bom Dia! EMERSON_1001

 

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[EMERSON_1001 0]

Bom dia,

 

Segue o relatório do combofix:

 

ComboFix 08-10-29.04 - Administrador 2008-10-29 10:35:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2842 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\KomboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\LPVideoPlugin

C:\Arquivos de programas\OneStepSearch

C:\Arquivos de programas\OneStepSearch\OneStepSearch_deleted_\onestep.dll

C:\Arquivos de programas\OneStepSearch\OneStepSearch_deleted_\onestep.exe

C:\Arquivos de programas\RichVideoCodec

C:\Arquivos de programas\ShoppingReport

C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

C:\Arquivos de programas\ShoppingReport\Uninst.exe

C:\Arquivos de programas\Turkojan

C:\Arquivos de programas\Turkojan\readme.rtf

C:\Arquivos de programas\Turkojan\Thumbnail.dat

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Administrador\Dados de aplicativos\ShoppingReport\cs\res2\WhiteList.dbs

C:\WINDOWS\KB8888239.log

C:\WINDOWS\ktd32.atm

C:\WINDOWS\system32\LPVideo.dll

C:\WINDOWS\system32\msiconf.exe

C:\WINDOWS\system32\prsgrc.dll

C:\WINDOWS\system32\ssprs.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_GBPSV

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-28 to 2008-10-29 ))))))))))))))))))))))))))))

.

 

2008-10-28 20:36 . 2008-10-28 20:37 <DIR> d-------- C:\hijackthis

2008-10-28 19:04 . 2008-10-28 19:04 <DIR> d-------- C:\Arquivos de programas\WordListCreator

2008-10-28 14:23 . 2008-10-28 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-10-28 14:23 . 2008-10-28 14:23 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-10-28 13:21 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll

2008-10-28 12:54 . 2008-10-28 12:54 <DIR> d-------- C:\Arquivos de programas\Quick 3D Cover

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Enfocus Prefs Folder

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Enfocus Prefs Folder

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Enfocus Software

2008-10-24 06:15 . 2008-10-15 14:36 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-21 20:38 . 2008-10-21 20:38 268 --ah----- C:\sqmdata07.sqm

2008-10-21 20:38 . 2008-10-21 20:38 244 --ah----- C:\sqmnoopt07.sqm

2008-10-18 18:44 . 2008-10-18 18:44 0 --a------ C:\WINDOWS\°‘G

2008-10-18 17:20 . 2008-10-18 17:20 206 --a------ C:\WINDOWS\Pplugin4.dat

2008-10-18 17:19 . 2008-10-19 19:17 205 --a------ C:\WINDOWS\Pplugin9.dat

2008-10-18 17:13 . 2008-10-18 17:15 54 --a------ C:\WINDOWS\refresh.scf

2008-10-18 17:13 . 2008-10-18 17:13 0 --a------ C:\WINDOWS\system32\°‘G

2008-10-16 21:34 . 2008-10-21 18:27 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\FrostWire

2008-10-16 21:32 . 2008-10-16 21:34 <DIR> d-------- C:\Arquivos de programas\FrostWire

2008-10-16 21:32 . 2008-10-16 21:32 <DIR> d-------- C:\Arquivos de programas\AskSBar

2008-10-15 12:21 . 2008-09-08 08:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 12:18 . 2008-09-15 13:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 12:17 . 2008-08-14 11:24 2,193,408 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 12:17 . 2008-08-14 11:24 2,149,376 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 12:17 . 2008-08-14 11:24 2,070,272 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 12:17 . 2008-08-14 11:24 2,028,032 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-10 19:50 . 2008-10-10 19:50 1,192 --a------ C:\WINDOWS\mozver.dat

2008-10-10 17:28 . 2008-10-10 20:03 <DIR> d-------- C:\Arquivos de programas\Discador itelefonica

2008-10-10 16:17 . 2008-10-10 16:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\UOLInc

2008-10-10 16:11 . 2008-10-11 10:37 <DIR> d-------- C:\Arquivos de programas\UOL

2008-10-10 16:11 . 2001-11-07 18:51 280,576 --a------ C:\WINDOWS\system32\libeay32.dll

2008-10-10 16:11 . 2001-11-07 18:51 62,464 --a------ C:\WINDOWS\system32\ssleay32.dll

2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\Arquivos de programas\Joiner

2008-10-08 10:52 . 2008-10-08 10:52 49 --a------ C:\WINDOWS\file.vxd

2008-10-07 20:19 . 2008-10-08 13:16 <DIR> d-------- C:\Arquivos de programas\No-IP

2008-10-07 20:05 . 2003-12-12 17:06 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll

2008-10-07 20:05 . 2003-11-04 16:11 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll

2008-10-07 20:05 . 2003-11-04 16:10 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll

2008-10-06 18:44 . 2008-10-06 18:44 268 --ah----- C:\sqmdata06.sqm

2008-10-06 18:44 . 2008-10-06 18:44 244 --ah----- C:\sqmnoopt06.sqm

2008-10-05 11:56 . 2008-10-05 11:56 268 --ah----- C:\sqmdata05.sqm

2008-10-05 11:56 . 2008-10-05 11:56 244 --ah----- C:\sqmnoopt05.sqm

2008-10-02 15:55 . 2008-10-02 15:55 268 --ah----- C:\sqmdata04.sqm

2008-10-02 15:55 . 2008-10-02 15:55 244 --ah----- C:\sqmnoopt04.sqm

2008-10-01 23:36 . 2008-10-01 23:36 268 --ah----- C:\sqmdata03.sqm

2008-10-01 23:36 . 2008-10-01 23:36 244 --ah----- C:\sqmnoopt03.sqm

2008-10-01 13:04 . 2008-10-01 13:04 <DIR> d-------- C:\Arquivos de programas\ScannerU

2008-10-01 13:04 . 2008-10-01 13:04 268 --ah----- C:\sqmdata02.sqm

2008-10-01 13:04 . 2008-10-01 13:04 244 --ah----- C:\sqmnoopt02.sqm

2008-10-01 13:04 . 2008-10-01 13:04 218 --a------ C:\WINDOWS\SCNDRVU.INI

2008-10-01 09:23 . 2008-10-01 09:23 268 --ah----- C:\sqmdata01.sqm

2008-10-01 09:23 . 2008-10-01 09:23 244 --ah----- C:\sqmnoopt01.sqm

2008-10-01 09:20 . 1996-11-05 17:13 299,008 --a------ C:\WINDOWS\uninst.exe

2008-10-01 09:11 . 2008-04-14 00:18 6,144 --a------ C:\WINDOWS\system32\kbd106.dll

2008-10-01 09:11 . 2008-04-14 00:18 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd106.dll

2008-10-01 09:06 . 2008-10-01 09:06 <DIR> d--h-c--- C:\Documents and Settings\All Users\Dados de aplicativos\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}

2008-10-01 09:06 . 2008-10-01 09:06 <DIR> d-------- C:\Arquivos de programas\XPC Tools

2008-09-30 02:58 . 2008-09-30 02:58 268 --ah----- C:\sqmdata00.sqm

2008-09-30 02:58 . 2008-09-30 02:58 244 --ah----- C:\sqmnoopt00.sqm

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-29 12:23 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\OpenOffice.org3

2008-10-28 12:27 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-10-27 10:57 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-19 21:40 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-10-14 21:32 --------- d-----w C:\Arquivos de programas\Absolute Video Converter

2008-10-03 17:26 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2008-09-26 19:39 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-09-24 16:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VertusTech

2008-09-24 16:56 --------- d-----w C:\Arquivos de programas\Vertus Fluid Mask 3

2008-09-23 23:53 --------- d-----w C:\Arquivos de programas\Franzis

2008-09-23 12:21 --------- d-----w C:\Arquivos de programas\SnadBoy's Revelation v2

2008-09-22 17:48 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-09-22 12:31 --------- d-----w C:\Arquivos de programas\OneStep

2008-09-19 22:21 --------- d-----w C:\Arquivos de programas\UltraVNC

2008-09-19 20:05 --------- d-----w C:\Arquivos de programas\TryMeIn

2008-09-19 12:52 --------- d-----w C:\Arquivos de programas\myBabylon

2008-09-19 12:52 --------- d-----w C:\Arquivos de programas\Conduit

2008-09-19 02:54 --------- d-----w C:\Arquivos de programas\MSECache

2008-09-17 12:46 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-09-17 01:59 --------- d-----w C:\Arquivos de programas\AbiSuite2

2008-09-17 01:18 --------- d-----w C:\Arquivos de programas\TechSmith

2008-09-17 01:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\TechSmith Shared

2008-09-16 22:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Aston

2008-09-16 22:07 --------- d-----r C:\Arquivos de programas\Aston

2008-09-16 21:27 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-09-16 20:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-09-16 20:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-09-16 20:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-09-16 20:41 --------- d-----w C:\Arquivos de programas\Mario Forever

2008-09-16 20:30 --------- d-----w C:\Arquivos de programas\EPCTV

2008-09-16 20:29 --------- d-----w C:\Arquivos de programas\DAP Premium

2008-09-16 15:41 --------- d-----w C:\Arquivos de programas\Eurodigi

2008-09-15 16:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-09-15 16:26 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HPAppData

2008-09-15 16:26 --------- d-----w C:\Arquivos de programas\HP

2008-09-15 16:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-09-15 16:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-09-15 16:24 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-09-15 16:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-09-15 16:23 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-09-15 16:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-12 14:09 460,800 ----a-w C:\WINDOWS\system32\drivers\hardlock.sys

2008-09-12 14:09 291,328 ----a-w C:\WINDOWS\system32\hlvdd.dll

2008-09-12 14:09 --------- d-----w C:\Arquivos de programas\PANTECH

2008-09-11 01:24 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-09-11 00:40 --------- d-----w C:\Arquivos de programas\OpenOffice.org 3

2008-09-11 00:40 --------- d-----w C:\Arquivos de programas\OpenOffice.org

2008-09-11 00:40 --------- d-----w C:\Arquivos de programas\JRE

2008-09-11 00:39 --------- d-----w C:\Arquivos de programas\Java

2008-09-09 16:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-09-09 16:08 --------- d-----w C:\Arquivos de programas\Last.fm

2008-09-08 20:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-08 16:17 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-05 04:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-03 21:38 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ALM

2008-09-03 21:17 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Download Manager

2008-09-03 12:48 --------- d-----w C:\Arquivos de programas\QuickTime

2008-09-03 11:51 --------- d-----w C:\Arquivos de programas\Macromedia

2008-09-03 11:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-09-02 19:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Control Panels

2008-09-02 19:31 --------- d-----w C:\Arquivos de programas\Bonjour

2008-09-02 15:15 --------- d-----w C:\Arquivos de programas\Eset

2008-09-02 01:31 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-09-01 17:31 --------- d-----w C:\Arquivos de programas\NCH Swift Sound

2008-09-01 17:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software

2008-09-01 17:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-09-01 17:22 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\NCH Swift Sound

2008-08-30 01:54 --------- d-----w C:\Arquivos de programas\uTorrent

2008-08-30 01:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-08-29 20:39 --------- d-----w C:\Arquivos de programas\RelevantKnowledge

2008-08-29 17:10 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-08-29 17:10 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Grisoft

2008-08-29 17:04 --------- d-----w C:\Arquivos de programas\Windows Live

2008-08-29 16:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-08-29 16:22 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-08-29 16:11 --------- d-----w C:\Arquivos de programas\Nero

2008-08-29 16:11 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-08-28 13:19 --------- d-----w C:\Arquivos de programas\Sony

2008-08-28 01:33 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Sony

2008-08-28 01:33 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers

2008-08-28 01:33 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\NetMedia Providers

2008-08-28 00:46 --------- d-----w C:\Arquivos de programas\Google

2008-08-27 17:36 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\04FAAD7A68.sys

2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-08-25 08:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-08-14 13:24 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-16 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-10-16 21:32 66912 --a------ C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-13 68856]

"DriverUpdaterPro"="C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-09-19 2294308]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-27 141848]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-27 162328]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-27 137752]

"SysTrayApp"="C:\Arquivos de programas\IDT\WDM\sttray.exe" [2007-11-09 409600]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-09-16 185896]

"SMSERIAL"="sm56hlpr.exe" [2004-12-29 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-14 137216]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

OpenOffice.org 3.0.lnk - C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe [2008-06-24 384000]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Action Manager 32.lnk - C:\Arquivos de programas\ScannerU\AM32.exe [2008-10-01 69632]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.SP55"= SP5X_32.DLL

"VIDC.SP56"= SP5X_32.DLL

"VIDC.SP57"= SP5X_32.DLL

"VIDC.SP58"= SP5X_32.DLL

"VIDC.SP54"= SP5X_32.DLL

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=

"C:\\Arquivos de programas\\DAP Premium\\DAP.exe"=

"C:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 OneStepSearch Service;OneStepSearch Service;C:\Arquivos de programas\OneStep\onestep.exe C:\Arquivos de programas\OneStep\onestep.dll Service [ ]

R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 515803]

S3 mo_abus;Motorola USB Composite Device C357 driver (WDM);C:\WINDOWS\system32\DRIVERS\mo_abus.sys [2003-12-11 51040]

S3 mo_amdfl;Motorola C357 Modem Filter;C:\WINDOWS\system32\DRIVERS\mo_amdfl.sys [2003-12-11 6064]

S3 mo_amdm;Motorola C357 Modem Drivers;C:\WINDOWS\system32\DRIVERS\mo_amdm.sys [2003-12-11 82640]

S3 mo_aserd;Motorola C357 Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\mo_aserd.sys [2003-12-11 64128]

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10986]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f19f0e6f-857b-11dd-9c15-001e90d2890d}]

\Shell\AutoRun\command - F:\r813.bat

\Shell\explore\Command - F:\r813.bat

\Shell\open\Command - F:\r813.bat

 

*Newly Created Service* - HELPSVC

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{17CFE7B9-52EE-4DD1-A074-0DE2241F4F1E} - C:\WINDOWS\system32\LPVideo.dll

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

HKCU-Run-mstwain32 - C:\WINDOWS\mstwain32.exe

HKCU-Run-ProConnective - C:\Documents and Settings\Administrador\Desktop\PRORAT V 1.9\ProConnective.exe

HKCU-Run-CoolSMS - (no file)

HKCU-Run-msiexec.exe - msiconf.exe

HKLM-Run-VIPv3_Auto_Update - (no file)

HKLM-Run-VisualTooltip - (no file)

HKLM-Run-Vistadrv - (no file)

Notify-WgaLogon - (no file)

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5bpodhjd.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-29 10:38:28

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\Arquivos de programas\IDT\8272008175251\stacsv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.bin

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-29 10:46:39 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-29 12:46:13

 

Pré-execução: 14 pasta(s) 460.226.293.760 bytes disponíveis

Pós execução: 14 pasta(s) 467,335,745,536 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

347 --- E O F --- 2008-10-25 05:00:16

 

 

Agora do hijackthis atualizado:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:48:36, on 29/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.bin

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerU\AM32.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219866754078

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Arquivos de programas\OneStep\onestep.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

 

--

End of file - 13865 bytes

 

 

 

 

 

Muito Obrigado, aguardo resposta!

 

Abraço!

[DigRam 144]

Boa Noite! EMERSON_1001

 

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

 

Abraços!

[EMERSON_1001 0]

Bom dia, DigRam

 

Obrigado pela atenção que tem me dado e segue o log solicitado

 

 

-----------\\ ToolBar S&D 1.2.4 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E4600 @ 2.40GHz )

BIOS : Default System BIOS

USER : Administrador ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 081029-0] 4.8.1229 (Activated)

C:\ (Local Disk) - NTFS - Total:465 Go (Free:434 Go)

D:\ (CD or DVD)

F:\ (USB) - FAT - Total:497 Mo (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )

Option : [2] ( qui 30/10/2008|10:08 )

C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

 

-----------\\ REMOVIDOS

 

Falha ! - C:\Arquivos de programas\AskSBar\bar

Falha ! - C:\Arquivos de programas\AskSBar\SrchAstt

Deletado! - C:\DOCUME~1\ADMINI~1\Cookies\administrador@cs.shopperreports[1].txt

Deletado! - C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

Falha ! - C:\Arquivos de programas\AskSBar

 

-----------\\ SEGUNDO PASSO

 

Falha ! - C:\Arquivos de programas\AskSBar\bar

Falha ! - C:\Arquivos de programas\AskSBar\SrchAstt

Falha ! - C:\Arquivos de programas\AskSBar

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

C:\Arquivos de programas\AskSBar

C:\Arquivos de programas\AskSBar\bar

C:\Arquivos de programas\AskSBar\SrchAstt

 

-----------\\ Extensions

 

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com.br/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ADMINI~1\Dados de aplicativos\uTorrent\Adobe InDesign CS3 Keygen.exe.torrent

C:\DOCUME~1\ADMINI~1\Dados de aplicativos\uTorrent\Adobe Premiere Pro CS3 Crack.OK.rar.torrent

C:\DOCUME~1\ADMINI~1\Dados de aplicativos\uTorrent\Adobe PREMIERE Pro CS3 FULL (KEYMAKER + Activator + CRACK!).zip.torrent

C:\DOCUME~1\ADMINI~1\Dados de aplicativos\uTorrent\Adobe_Visual_Communicator_3_v.3.0.3132.2_Incl_Keygen.zip.1.torrent

C:\DOCUME~1\ADMINI~1\Dados de aplicativos\uTorrent\Adobe_Visual_Communicator_3_v.3.0.3132.2_Incl_Keygen.zip.torrent

C:\DOCUME~1\ADMINI~1\Dados de aplicativos\uTorrent\Premiere Pro CS3 keygen + activation.exe.torrent

C:\DOCUME~1\ADMINI~1\Favoritos\Adobe Photoshop CS3 + Keygen + Solucion a "License has expired" ® BloG iNForMaTIco.url

C:\DOCUME~1\ADMINI~1\Favoritos\DicasBR 3.0 - Limpo. Pr tico. E com muita bagagem. Crack Illustrator CS3 (pedido).url

C:\DOCUME~1\ADMINI~1\Favoritos\Download dos Keygen do CS3 - CCV F¢rum.url

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\CS3 Keygen Collection

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\CS3 Keygen Collection\After Effects CS3.exe

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Clube Do Parente.url

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Host Inside.jpg

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Host Inside.url

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\LEIA-ME.txt

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Serial + Ativador

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Serial + Ativador\Ativador.exe

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Serial + Ativador\MANUAL DE INSTALA€ÇO.txt

C:\DOCUME~1\ADMINI~1\Meus documentos\Jornal Gazeta Not¡cias\Documentos\Pacote CS3\Keygen After\Srl_Atv_After.Efects.CS3.Pro_www.clubedoparente.com\Serial + Ativador\SERIAL.txt

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 30/10/2008|10:11 - Option : [2]

 

-----------\\ Verificação completa em 10:11:10,82

[DigRam 144]

Opa! EMERSON_1001

 

<!> Ainda restam-lhe resquícios de uma toolbar maliciosa: AskSBar <--

------------------------

<@> Baixe: < BTFix.zip >

<@> Descompacte-o para o Desktop!

<@> Reinicie o computador em Modo de Segurança. <-- Importante!

<@> Execute o BTFix.exe,com um duplo-clique.

<@> Clique em Rechercher. <-- Função diagnóstico!

 

BTFix 1.075 (par bibi26) - 26/10/2008 10:23:02 - Analyse

Lancé depuis C:\BTFix\BTFix.exe

 

---> Fichiers/Dossiers trouvés

 

---> Analyse terminée

<@> Exemplo de relatório,em que nada foi encontrado.

<@> Terminando e,se algo for encontrado,execute novamente o BTFix.exe.

<@> Faça-o em Modo Seguro! <-- Importante!

 

BTFix 1.075 (par bibi26) - 26/10/2008 10:25:05 - Analyse

Lancé depuis C:\BTFix\BTFix.exe

 

---> Fichiers/Dossiers trouvés

 

-- C:\Programs Files\MSN Messenger\msimg32.dll <-- Infecção!

 

---> Analyse terminée

<@> Exemplo de relatório,em que uma infecção foi encontrada.

<@> Clique em Nettoyer. <-- Função Fix!

<@> Terminando,copie/poste os relatórios: ( C:\BTFix\BTFix.txt ) + HijackThis,atualizado.

 

Abraços!

[EMERSON_1001 0]

Segue os Relatorios solicitados, e muito obrigado pela ajuda!

 

 

BTFix 1.075 (par bibi26) - 01/11/2008 14:39:33 - Nettoyage - Mode sans échec

Lancé depuis C:\Documents and Settings\Administrador\Desktop\BTFix\BTFix.exe

 

---> Fichiers/dossiers supprimés (Première passe)

 

- Fichiers temporaires effacés

- C:\WINDOWS\system32\bitsprx4.dll

- C:\Arquivos de programas\AskSBar\bar\1.bin\

- C:\Arquivos de programas\AskSBar\bar\

- C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\

- C:\Arquivos de programas\AskSBar\SrchAstt\

- C:\Arquivos de programas\AskSBar\

 

---> Nettoyage terminé

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:43:02, on 1/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\hijackthis\HiJackThis.exe

 

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerU\AM32.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219866754078

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Arquivos de programas\OneStep\onestep.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

 

--

End of file - 10437 bytes

[DigRam 144]

Bom Dia! EMERSON_1001

 

<!> Voçê conhece este ficheiro? --> C:\Documents and Settings\All Users\Dados de aplicativos\04FAAD7A68.sys <--

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\sqmdata07.sqm

C:\sqmnoopt07.sqm

C:\sqmdata06.sqm

C:\sqmnoopt06.sqm

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\sqmdata04.sqm

C:\sqmnoopt04.sqm

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\sqmdata02.sqm

C:\sqmnoopt02.sqm

C:\sqmdata01.sqm

C:\sqmnoopt01.sqm

C:\sqmdata00.sqm

C:\sqmnoopt00.sqm

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f19f0e6f-857b-11dd-9c15-001e90d2890d}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

Folder::

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

C:\Arquivos de programas\GbPlugin

C:\Arquivos de programas\RelevantKnowledge

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. <-- Feito em Modo Normal!

 

Abraços!

[EMERSON_1001 0]

Boa Tarde DigRan, Segue os relórios solicitados

 

ComboFix 08-10-29.04 - Administrador 2008-11-04 14:50:34.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.3036 [GMT -2:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\KomboFix.exe

Comandos utilizados :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

 

FILE ::

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\GbPlugin

C:\Arquivos de programas\GbPlugin\bb.gpc

C:\Arquivos de programas\GbPlugin\gbieh.gmd

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\RelevantKnowledge

C:\Arquivos de programas\RelevantKnowledge\rlservice.exe

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\bin.stu

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gbieh.mtu

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gmd.stu

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin\Bb\gpc.stu

C:\sqmdata00.sqm

C:\sqmdata01.sqm

C:\sqmdata02.sqm

C:\sqmdata03.sqm

C:\sqmdata04.sqm

C:\sqmdata05.sqm

C:\sqmdata06.sqm

C:\sqmdata07.sqm

C:\sqmnoopt00.sqm

C:\sqmnoopt01.sqm

C:\sqmnoopt02.sqm

C:\sqmnoopt03.sqm

C:\sqmnoopt04.sqm

C:\sqmnoopt05.sqm

C:\sqmnoopt06.sqm

C:\sqmnoopt07.sqm

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))

.

 

2008-11-01 12:42 . 2008-04-14 00:20 334,848 --a------ C:\WINDOWS\system32\hnetwiz.dll

2008-11-01 12:42 . 2008-04-14 00:20 334,848 --a------ C:\WINDOWS\system32\dllcache\hnetwiz.dll

2008-10-30 19:37 . 2008-10-30 19:37 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SmartFTP

2008-10-30 19:36 . 2008-10-30 19:36 <DIR> d-------- C:\Arquivos de programas\SmartFTP Client 3.0 Setup Files

2008-10-30 19:36 . 2008-10-30 19:36 <DIR> d-------- C:\Arquivos de programas\SmartFTP Client

2008-10-30 10:08 . 2008-10-30 10:11 <DIR> d-------- C:\ToolBar SD

2008-10-30 10:06 . 2008-10-30 10:07 <DIR> d-------- C:\ToolBarSD

2008-10-29 12:15 . 2008-10-29 12:15 <DIR> d-------- C:\Arquivos de programas\PIXresizer

2008-10-29 12:15 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx

2008-10-29 12:15 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx

2008-10-29 12:15 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx

2008-10-29 12:15 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx

2008-10-29 12:15 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx

2008-10-29 12:15 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll

2008-10-29 12:15 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx

2008-10-28 20:36 . 2008-11-01 14:42 <DIR> d-------- C:\hijackthis

2008-10-28 19:04 . 2008-10-28 19:04 <DIR> d-------- C:\Arquivos de programas\WordListCreator

2008-10-28 13:21 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll

2008-10-28 12:54 . 2008-10-28 12:54 <DIR> d-------- C:\Arquivos de programas\Quick 3D Cover

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Enfocus Prefs Folder

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Enfocus Prefs Folder

2008-10-27 08:57 . 2008-10-27 08:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Enfocus Software

2008-10-24 06:15 . 2008-10-15 14:36 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-18 18:44 . 2008-10-18 18:44 0 --a------ C:\WINDOWS\°‘G

2008-10-18 17:20 . 2008-10-18 17:20 206 --a------ C:\WINDOWS\Pplugin4.dat

2008-10-18 17:19 . 2008-10-19 19:17 205 --a------ C:\WINDOWS\Pplugin9.dat

2008-10-18 17:13 . 2008-10-18 17:15 54 --a------ C:\WINDOWS\refresh.scf

2008-10-18 17:13 . 2008-10-18 17:13 0 --a------ C:\WINDOWS\system32\°‘G

2008-10-16 21:34 . 2008-10-30 22:13 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\FrostWire

2008-10-16 21:32 . 2008-10-16 21:34 <DIR> d-------- C:\Arquivos de programas\FrostWire

2008-10-15 12:21 . 2008-09-08 08:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-15 12:18 . 2008-09-15 13:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 12:17 . 2008-08-14 11:24 2,193,408 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 12:17 . 2008-08-14 11:24 2,149,376 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 12:17 . 2008-08-14 11:24 2,070,272 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 12:17 . 2008-08-14 11:24 2,028,032 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-10 19:50 . 2008-10-10 19:50 1,192 --a------ C:\WINDOWS\mozver.dat

2008-10-10 17:28 . 2008-11-03 15:45 <DIR> d-------- C:\Arquivos de programas\Discador itelefonica

2008-10-10 16:17 . 2008-10-10 16:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\UOLInc

2008-10-10 16:11 . 2008-10-11 10:37 <DIR> d-------- C:\Arquivos de programas\UOL

2008-10-10 16:11 . 2001-11-07 18:51 280,576 --a------ C:\WINDOWS\system32\libeay32.dll

2008-10-10 16:11 . 2001-11-07 18:51 62,464 --a------ C:\WINDOWS\system32\ssleay32.dll

2008-10-08 10:52 . 2008-10-08 10:52 <DIR> d-------- C:\Arquivos de programas\Joiner

2008-10-08 10:52 . 2008-10-08 10:52 49 --a------ C:\WINDOWS\file.vxd

2008-10-07 20:19 . 2008-10-08 13:16 <DIR> d-------- C:\Arquivos de programas\No-IP

2008-10-07 20:05 . 2003-12-12 17:06 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll

2008-10-07 20:05 . 2003-11-04 16:11 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll

2008-10-07 20:05 . 2003-11-04 16:10 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-04 11:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\OpenOffice.org3

2008-11-03 17:15 2,516 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2008-10-31 16:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-10-27 10:57 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-19 21:40 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-10-14 21:32 --------- d-----w C:\Arquivos de programas\Absolute Video Converter

2008-10-03 17:26 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2008-10-01 15:04 --------- d-----w C:\Arquivos de programas\ScannerU

2008-10-01 11:06 --------- dc-h--w C:\Documents and Settings\All Users\Dados de aplicativos\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}

2008-10-01 11:06 --------- d-----w C:\Arquivos de programas\XPC Tools

2008-09-24 16:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\VertusTech

2008-09-24 16:56 --------- d-----w C:\Arquivos de programas\Vertus Fluid Mask 3

2008-09-23 23:53 --------- d-----w C:\Arquivos de programas\Franzis

2008-09-23 12:21 --------- d-----w C:\Arquivos de programas\SnadBoy's Revelation v2

2008-09-22 17:48 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP

2008-09-22 12:31 --------- d-----w C:\Arquivos de programas\OneStep

2008-09-19 22:21 --------- d-----w C:\Arquivos de programas\UltraVNC

2008-09-19 20:05 --------- d-----w C:\Arquivos de programas\TryMeIn

2008-09-19 12:52 --------- d-----w C:\Arquivos de programas\myBabylon

2008-09-19 12:52 --------- d-----w C:\Arquivos de programas\Conduit

2008-09-19 02:54 --------- d-----w C:\Arquivos de programas\MSECache

2008-09-17 12:46 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-09-17 01:59 --------- d-----w C:\Arquivos de programas\AbiSuite2

2008-09-17 01:18 --------- d-----w C:\Arquivos de programas\TechSmith

2008-09-17 01:18 --------- d-----w C:\Arquivos de programas\Arquivos comuns\TechSmith Shared

2008-09-16 22:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Aston

2008-09-16 22:07 --------- d-----r C:\Arquivos de programas\Aston

2008-09-16 21:27 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-09-16 20:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Talkback

2008-09-16 20:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-09-16 20:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-09-16 20:41 --------- d-----w C:\Arquivos de programas\Mario Forever

2008-09-16 20:30 --------- d-----w C:\Arquivos de programas\EPCTV

2008-09-16 20:29 --------- d-----w C:\Arquivos de programas\DAP Premium

2008-09-16 15:41 --------- d-----w C:\Arquivos de programas\Eurodigi

2008-09-15 16:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-09-15 16:26 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HPAppData

2008-09-15 16:26 --------- d-----w C:\Arquivos de programas\HP

2008-09-15 16:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-09-15 16:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-09-15 16:24 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-09-15 16:24 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-09-15 16:23 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-09-15 16:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Office Genuine Advantage

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-12 14:09 460,800 ----a-w C:\WINDOWS\system32\drivers\hardlock.sys

2008-09-12 14:09 291,328 ----a-w C:\WINDOWS\system32\hlvdd.dll

2008-09-12 14:09 --------- d-----w C:\Arquivos de programas\PANTECH

2008-09-11 01:24 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-09-11 00:40 --------- d-----w C:\Arquivos de programas\OpenOffice.org 3

2008-09-11 00:40 --------- d-----w C:\Arquivos de programas\OpenOffice.org

2008-09-11 00:40 --------- d-----w C:\Arquivos de programas\JRE

2008-09-11 00:39 --------- d-----w C:\Arquivos de programas\Java

2008-09-09 16:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Last.fm

2008-09-09 16:08 --------- d-----w C:\Arquivos de programas\Last.fm

2008-09-08 20:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-09-08 16:17 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-05 04:05 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-27 17:36 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\04FAAD7A68.sys

2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-08-25 08:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-08-14 13:24 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-10-29_10.45.58.84 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-30 21:36:55 22,486 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SFTPBackup.exe

+ 2008-10-30 21:36:55 157,733 ----a-r C:\WINDOWS\Installer\{6F23C1A3-9F62-470C-BD12-B83F04E67865}\Icon_SmartFTP.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-13 68856]

"DriverUpdaterPro"="C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-09-19 2294308]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-27 141848]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-27 162328]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-27 137752]

"SysTrayApp"="C:\Arquivos de programas\IDT\WDM\sttray.exe" [2007-11-09 409600]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"!AVG Anti-Spyware"="C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-09-16 185896]

"SMSERIAL"="sm56hlpr.exe" [2004-12-29 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-14 137216]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

OpenOffice.org 3.0.lnk - C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe [2008-06-24 384000]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Action Manager 32.lnk - C:\Arquivos de programas\ScannerU\AM32.exe [2008-10-01 69632]

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"ForceStartMenuLogoff"= 0 (0x0)

"NoUserNameInStartMenu"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.SP55"= SP5X_32.DLL

"VIDC.SP56"= SP5X_32.DLL

"VIDC.SP57"= SP5X_32.DLL

"VIDC.SP58"= SP5X_32.DLL

"VIDC.SP54"= SP5X_32.DLL

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=

"C:\\Arquivos de programas\\DAP Premium\\DAP.exe"=

"C:\\Arquivos de programas\\UltraVNC\\winvnc.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

"C:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"86:TCP"= 86:TCP:BroadCam Web Server

"24654:UDP"= 24654:UDP:Enfocus Port

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 515803]

S2 OneStepSearch Service;OneStepSearch Service;C:\Arquivos de programas\OneStep\onestep.exe C:\Arquivos de programas\OneStep\onestep.dll Service [ ]

S2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

S3 mo_abus;Motorola USB Composite Device C357 driver (WDM);C:\WINDOWS\system32\DRIVERS\mo_abus.sys [2003-12-11 51040]

S3 mo_amdfl;Motorola C357 Modem Filter;C:\WINDOWS\system32\DRIVERS\mo_amdfl.sys [2003-12-11 6064]

S3 mo_amdm;Motorola C357 Modem Drivers;C:\WINDOWS\system32\DRIVERS\mo_amdm.sys [2003-12-11 82640]

S3 mo_aserd;Motorola C357 Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\mo_aserd.sys [2003-12-11 64128]

S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10986]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0904a6c6-7473-11dd-9bd3-001e90d2890d}]

\Shell\AutoRun\command - F:\qeutpt.exe

\Shell\explore\Command - F:\qeutpt.exe

\Shell\open\Command - F:\qeutpt.exe

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-04 14:53:19

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

C:\Documents and Settings\Administrador\Configurações locais\Temp\RGI1.tmp

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

 

**************************************************************************

.

Tempo para conclusão: 2008-11-04 14:58:39

ComboFix-quarantined-files.txt 2008-11-04 16:58:15

ComboFix2.txt 2008-10-29 12:46:40

 

Pré-execução: 16 pasta(s) 467.692.781.568 bytes disponíveis

Pós execução: 16 pasta(s) 467,709,239,296 bytes disponíveis

 

286 --- E O F --- 2008-10-25 05:00:16

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:06:35, on 4/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\WINDOWS\System32\svchost.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.exe

C:\Arquivos de programas\OpenOffice.org 3\program\soffice.bin

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\OneStep\onestep.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hijackthis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\config" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Npp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Connection Wizard" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_44] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_45] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_46] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_47] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Arquivos de programas\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Action Manager 32.lnk = C:\Arquivos de programas\ScannerU\AM32.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219866754078

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Arquivos de programas\OneStep\onestep.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\8272008175251\STacSV.exe

 

--

End of file - 12629 bytes

[DigRam 144]

Bom Dia! EMERSON_1001

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

F:\qeutpt.exe

Rootkit::

C:\Documents and Settings\Administrador\Configurações locais\Temp\RGI1.tmp

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0904a6c6-7473-11dd-9bd3-001e90d2890d}]

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste o relatório: C:\ComboFix.txt

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.