[Arquivado] Não consigo executar nenhum antivirus ou antispyware.

Davi Vasconcellos · Março 19, 2009

Há dois meses formatei o PC e agora ele não deixa eu usar o Gerenciador de Tarefas ("o 'Gerenciador de tarefas' foi desativado pelo administrador"), não consigo executar Antivírus, aparecem erros de script quando inicio o XP, Não reinicia em Modo Seguro, etc. Uma vez cliquei no ícone do Avira (ou foi do Avast) e o PC reiniciou.

Ficarei muito agradecido se me ajudarem. Sei que vai ser uma batalha, mas temos que ter determinação!

Salvei o Hijackthis no disco C:\ . Cliquei e apareceu 'Editor Desconhecido' mesmo assim cliquei Executar, segui os procedimentos e aqui segue o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:24:48, on 19/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--

End of file - 7887 bytes

Silas Martins · Março 19, 2009

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

Clique sobre “SIM” para continuar a varredura.

5) O ComboFix iniciará o AUTOSCAN (aguarde).

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

Ao término do processo a máquina será reiniciada para a emissão do relatório.

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt e do novo log Hijackthis em sua próxima resposta.

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Davi Vasconcellos · Março 21, 2009

ComboFix 09-03-19.02 - Marília 2009-03-21 10:04:59.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.213 [GMT -3:00]

Executando de: c:\documents and settings\Marília\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\IE4 Error Log.txt

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_DAC970NT

-------\Service_dac970nt

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-21 to 2009-03-21 ))))))))))))))))))))))))))))

.

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-03-19 01:24 <DIR> d-------- C:\Hijackthis

2009-03-11 22:56 . 2009-03-20 22:40 <DIR> d-------- C:\BywifiShare

2009-03-11 22:56 . 2009-03-11 22:56 <DIR> d-------- C:\BywifiSave

2009-03-11 22:56 . 2009-03-20 22:40 <DIR> d-------- c:\arquivos de programas\Bywifi

2009-03-11 22:28 . 2009-03-11 22:28 <DIR> d-------- c:\arquivos de programas\AskSearch

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-03-01 18:30 . 2009-03-01 18:30 921,624 --a------ C:\snp2sxp-001.raw

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-03-02 06:13 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-02-03 20:22 5,030,912 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-02-01 04:06 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Media Player Classic

2009-01-31 14:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-01-31 14:32 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Yahoo!

2009-01-31 14:32 --------- d-----w c:\arquivos de programas\Yahoo!

2009-01-30 14:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-01-30 14:15 --------- d-----w c:\arquivos de programas\NOS

2009-01-30 00:16 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Arquivos de programas\\Bywifi\\bywifi.exe"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-03-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-21 10:07:19

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

c:\windows\explorer.exe [1444] 0x820183B8

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-21 10:09:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-21 13:09:33

Pré-execução: 13 pasta(s) 137.954.934.784 bytes disponíveis

Pós execução: 13 pasta(s) 138,638,065,664 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

218 --- E O F --- 2009-03-21 08:31:15

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:13:29, on 21/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896