Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Davi Vasconcellos

[Arquivado] Não consigo executar nenhum antivirus ou antispyware.

Recommended Posts

Acho que o link do kaspersky está quebrado...

 

 

 

 

 

 

 

 

 

 

Editado:

Sempre que tentava baixar, até por outros sites, aparecia A página não pode ser exibida. Só deu certo quando baixei o do 4Shared

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz o passo 1.

 

Fiz o passo 2 com um Kaspersky (31,936 kb = 32 mb) que baixei no 4Shared . Reiniciei em Modo de Segurança (agora deu certo! Não sei pq.). Cliquei pra instalar o Kasper. mas pediu um password lá e não deu executá-lo!

Aí eu fiz assim: repeti o passo 2 do seu post do dia 24-03-09 01:39.

 

Seguem os logs:

 

ComboFix 09-03-19.02 - Marília 2009-03-25 22:18:42.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.138 [GMT -3:00]

Executando de: c:\documents and settings\Marília\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))

.

 

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-03-24 04:30 <DIR> d-------- C:\Hijackthis

2009-03-11 22:56 . 2009-03-23 07:23 <DIR> d-------- c:\arquivos de programas\Bywifi

2009-03-11 22:28 . 2009-03-11 22:28 <DIR> d-------- c:\arquivos de programas\AskSearch

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-03-01 18:30 . 2009-03-01 18:30 921,624 --a------ C:\snp2sxp-001.raw

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-03-02 06:13 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-02-03 20:22 5,030,912 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-02-01 04:06 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Media Player Classic

2009-01-31 14:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-01-31 14:32 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Yahoo!

2009-01-31 14:32 --------- d-----w c:\arquivos de programas\Yahoo!

2009-01-30 14:15 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-01-30 14:15 --------- d-----w c:\arquivos de programas\NOS

2009-01-30 00:16 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-21_10.08.11.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-26 01:21:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_af0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

 

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-03-26 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-25 22:20:57

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-03-25 22:23:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-03-26 01:23:07

ComboFix2.txt 2009-03-24 07:06:28

ComboFix3.txt 2009-03-23 10:29:50

ComboFix4.txt 2009-03-21 13:09:37

 

Pré-execução: 11 pasta(s) 137.263.284.224 bytes disponíveis

Pós execução: 11 pasta(s) 137,126,334,464 bytes disponíveis

 

218 --- E O F --- 2009-03-21 08:31:15

 

 

 

 

 

-----------------------------------------------------------------------------------------------------------------

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:16:03, on 26/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 7220 bytes

 

 

 

 

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Brute Force Uninstaller:

 

Extraia o arquivo para uma pasta própria, preferencialmente C:\BFU.

 

Dê um clique duplo no BFU.exe para executar o Brute Force Uninstaller..

 

Clique no seguinte ícone:

bfu.jpg

 

 

Na caixa que aparecer, coloque o seguinte:

 

http://www.ciromota.net/ld/renato/festa.bfu

 

Clique em OK e depois clique em Execute.

 

No meio do procedimento aparecerá a seguinte imagem:

festasgy0.jpg

 

Clique em Sim.

 

Espere até aparecer a mensagem que confirma que a execução do script terminou.

 

Clique em OK e depois em Exit.

 

Reinicie e poste um novo log do Hijackthis.

 

Créditos:ciro-mota

 

 

PS: Nunca repita procedimentos que já foram feitos sem que eu lhe peça.

 

Aguardo o retorno

 

PS: Link editado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz os procedimentos, mas não apareceu a imagem ("compartilhamento") que você falou que iria aparecer. Apareceu "Completed scripts execution" cliquei em OK e depois em EXIT.

 

Reiniciei e segue o Log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:51:23, on 29/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 7317 bytes

 

 

 

Obs.: Desculpe pela demora em responder.

 

Abraço e aguardo retorno!

Compartilhar este post


Link para o post
Compartilhar em outros sites

1º Passo Baixe o bankerfix.exe.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Gere um novo log do hijackthis, e poste juntamente com o relatório.txt do Bankerfix.

 

2º Passo

Após efetuar o primeiro passo baixe o Avira 9.0

e tente instala-lo, caso consiga atualize e faça um scan.

 

 

Aguardo o Retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

No meio do processo apareceu a msg: A edição de registro foi desativada pelo administrador

 

outra obs.: Não tenho nenhum antivirus instalado para poder desativá-lo.

 

Seguem os logs:

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-03-30 - 17:33

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

 

 

----- Fim -------------------------

 

 

------------------------------------------------------------------------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:36:45, on 30/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 7220 bytes

 

 

Estou no aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Silas, está do mesmo jeito: Não consigo executar... quando clico pra instalar nao aparece nada e quando clico no Gerenciador de tarefas para ver se algo está executando, aparece uma msg: O Gerenciador de tarefas foi desativado pelo administrador !

 

Aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites

1º Passo

Vá em Iniciar > Executar e digite (ou copie e cole): ComboFix /u

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.

Apague as pastas C:\ComboFix e C:\Qoobox, caso existam. Apague também os logs anteriores que estão em C:\, caso ainda existam.

 

2º Passo

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Leia atentamente o texto contido nesta janela e clique sobre “SIM” para continuar.

 

PS.: Caso não concorde com os termos clique sobre “NÃO” para sair do software, cabendo lembrar que o processo de desinfecção não será possível sem a continuidade do ComboFix.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console ante de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADA COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log ficará alocado em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

8) Preciso que você cole o conteúdo do ComboFix.txt e do novo log Hijackthis em sua próxima resposta.

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os logs:

 

ComboFix 09-03-31.01 - Marília 2009-04-01 2:59:39.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.195 [GMT -3:00]

Executando de: C:\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-01 to 2009-04-01 ))))))))))))))))))))))))))))

.

 

2009-04-01 02:54 . 2009-04-01 02:54 2,938,310 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-30 17:25 . 2009-03-30 17:33 <DIR> d-------- C:\LinhaDefensiva

2009-03-30 17:25 . 2009-03-30 17:25 252,325 --a------ C:\bankerfix.exe

2009-03-29 14:45 . 2009-03-29 14:47 7,597 --a------ C:\festa.bfu

2009-03-29 14:43 . 2008-02-19 17:10 151,552 --a------ C:\BFU.exe

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-03-30 17:37 <DIR> d-------- C:\Hijackthis

2009-03-11 22:56 . 2009-03-23 07:23 <DIR> d-------- c:\arquivos de programas\Bywifi

2009-03-11 22:28 . 2009-03-11 22:28 <DIR> d-------- c:\arquivos de programas\AskSearch

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

2009-03-01 18:30 . 2009-03-01 18:30 921,624 --a------ C:\snp2sxp-001.raw

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-30 14:35 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-02-03 20:22 5,030,912 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-02-01 04:06 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Media Player Classic

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

 

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 03:02:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-01 3:03:46 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-01 06:03:43

 

Pré-execução: 13 pasta(s) 152.947.515.392 bytes disponíveis

Pós execução: 12 pasta(s) 153,164,251,136 bytes disponíveis

 

219 --- E O F --- 2009-03-21 08:31:15

 

 

 

 

------------------------------------------------------------------------------------------------------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:14:35, on 1/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8346 bytes

 

Obs.:

Tentei reinstalar meu antivirus e agora deu certo, mas foi com outro 'Setup', do Avira Premiun. No meio da instalação apareceu uma msg A edição de registro foi desativada pelo administrador. Creio que seja o virus quem manda essas msgs... ¬¬

 

Depois de ter reinstalado executei o Hijackthis e o log esta aí em cima ^

 

Também apareceu um alerta do Avira dizendo que o BFU, o qual havia baixado quando você pediu, era um trojan. Dentre as opções eu escolhi a 'Excluir'. Creio que não precise do BFU posteriormente.

 

 

E agora? Tento executar o Scan do Avira pra ver se dá certo ou espero você pedir?

 

Vixe Silas, agora eu estou com medo desse tal de Conficker que passou no Jornal, que rouba senhas e etc... :unsure: dizem que é o pior virus da atualidade...

 

E aí meu PC tá limpo?

 

Abraço e muito obrigado pela paciência

Compartilhar este post


Link para o post
Compartilhar em outros sites

1º Passo

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

c:\arquivos de programas\Bywifi

C:\bankerfix.exe

C:\festa.bfu

C:\BFU.exe

Folder::

C:\LinhaDefensiva

c:\arquivos de programas\AskSearch

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

cfscript.gif

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

 

 

 

2º Passo

# Execute a ferramenta HiJackThis;

 

# Selecione o(s) item(s) abaixo indicado(s):

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

 

# Clique no botão "Fix checked";

 

Reinicie em modo normal gere um novo log do Hijackthis e poste na sua próxima resposta.

3º Passo

 

Faça o download e execute o task-fix.reg.

Link para download:

http://www.linhadefensiva.org/files/reg/task-fix.reg

 

4º Passo

Faça um Scan com o Avira para verificar o sistema.

 

E fique tranquilo você não esta com o Conficker

 

Aguardo Retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

Silas, não foi preciso fazer a etapa 2, pois quando executei o HiJackThis não tinha o item que você especificou O7 - HKCU\.......

 

 

Seguem os logs:

 

 

ComboFix 09-03-31.01 - Marília 2009-04-03 4:51:22.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.239 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\arquivos de programas\Bywifi

C:\bankerfix.exe

C:\BFU.exe

C:\festa.bfu

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\AskSearch

c:\arquivos de programas\AskSearch\bin\DefaultSearch.dll

C:\bankerfix.exe

C:\festa.bfu

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-appdata

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\2009-03-30.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-03 to 2009-04-03 ))))))))))))))))))))))))))))

.

 

2009-04-01 03:10 . 2009-04-01 03:10 <DIR> d-------- c:\arquivos de programas\Avira

2009-04-01 02:54 . 2009-04-01 02:54 3,012,038 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-04-03 04:44 <DIR> d-------- C:\Hijackthis

2009-03-11 22:56 . 2009-03-23 07:23 <DIR> d-------- c:\arquivos de programas\Bywifi

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 06:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-30 14:35 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-02-03 20:22 5,030,912 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_ 3.02.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-12 15:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-01-21 21:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-03 07:53:50 16,384 ----atw c:\windows\temp\Perflib_Perfdata_bc.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 262401]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

 

S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-01 164097]

S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-01 254209]

S2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-01 41217]

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-03 04:53:56

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Tempo para conclusão: 2009-04-03 4:55:55 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-03 07:55:52

ComboFix2.txt 2009-04-01 06:03:47

 

Pré-execução: 13 pasta(s) 152.298.192.896 bytes disponíveis

Pós execução: 11 pasta(s) 152,583,573,504 bytes disponíveis

 

295 --- E O F --- 2009-03-21 08:31:15

 

 

 

----------------------------------------------------------------------------------------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:58:09, on 3/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8187 bytes

 

 

 

Irei fazer as proximas etapas agora.

 

Creio que estejamos perto do fim!! :clap:

 

Abraço

 

 

 

Editado:

Acabei de baixar o Task-fix.reg. , mas quando executei apareceu : A edição de registro foi desativada pelo administrador

 

Agora vou executar o Scan do Avira pra ver se dá certo.

 

 

 

Editado:

 

Má notícia: Cliquei no ícone do Avira e nada acontece... ¬¬

Compartilhar este post


Link para o post
Compartilhar em outros sites

1ºPasso

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

Folder::

c:\arquivos de programas\Bywifi

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

cfscript.gif

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

2ºPasso

 

Baixe o Norman Malware Cleaner aqui:http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removiveis do seu pc ( ex: Ec: F: e outras) só então clique em StartScan.

Apos isso poste o log do Norman

 

3º Passo

*Baixe o USBFix e salve-o no desktop

 

*Desative temporariamente seu antivírus

*Instale o programa (Suivant > Aceite o contrato > Suivant > Suivant > Démarrer > Quitter)

*Duplo clique no ícone criado no desktop

*O PC será reiniciado. Mantenha o Pendrive no local. Não remova!!

*Ao reiniciar o PC a ferramenta será executada automaticamente. Clique "Continue" e aguarde...

*Ao receber a mensagem "Nettoyage effectue!", tecle ENTER

*Cole o resultado criado em C:\UsbFix.txt e novo log do hijack

Aguardo retorno

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue :

 

ComboFix 09-03-31.01 - Marília 2009-04-04 4:41:56.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.234 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Bywifi

c:\windows\IE4 Error Log.txt

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_DAC970NT

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))

.

 

2009-04-03 05:07 . 2009-04-03 05:07 592 --a------ C:\task-fix.reg

2009-04-01 03:10 . 2009-04-01 03:10 <DIR> d-------- c:\arquivos de programas\Avira

2009-04-01 02:54 . 2009-04-01 02:54 3,012,038 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-04-03 04:59 <DIR> d-------- C:\Hijackthis

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 06:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-30 14:35 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_ 3.02.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-12 15:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-01-21 21:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-04 07:44:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_b14.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 262401]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

 

S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-01 164097]

S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-01 254209]

S2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-01 41217]

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-04 04:44:21

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(888)

c:\windows\system32\avsda.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-04 4:46:25 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-04 07:46:22

ComboFix2.txt 2009-04-03 07:55:57

ComboFix3.txt 2009-04-01 06:03:47

 

Pré-execução: 12 pasta(s) 151.223.582.720 bytes disponíveis

Pós execução: 11 pasta(s) 151,224,274,944 bytes disponíveis

 

240 --- E O F --- 2009-03-21 08:31:15

 

 

 

 

Obs O passo 2 não foi concluído por causa daquele mesmo problema (clico e nao executa).

 

 

 

Vou executar o 3º passo e depois posto os logs do Usbfix e do HiJackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

-------------- UsbFix V2.395 ---------------

 

* User : Marília - 2CA9664AA32B478

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 14:05:26 le sáb 04/04/2009

* Windows Xp - Internet Explorer 6.0.2900.5512

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\DOCUME~1\MARLIA~1\CONFIG~1\Temp\1.tmp\b2e.exe

C:\WINDOWS\system32\netsh.exe

C:\WINDOWS\system32\netsh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco fixo

 

E: - Unidade de disco remov¡vel

 

 

+- Contenu de l'autorun : E:\autorun.inf

 

[AutoRun]

;UsMaoLLbRafBxtdcbBigetaU uFBx jHAftcgOa

;JKHjqqJylf

SHelL\Open\DefaUlt=1

;OoVeSDslhDAOwgrBgywGyc

OpEN =vvmk.exe

;QpSK

shell\oPeN\command =vvmk.exe

ShEll\EXPLore\Command= vvmk.exe

;slKD spohkEUycw VvJiINhwec

sHELl\Autoplay\cOmmand=vvmk.exe

 

--------------- [ Registre / Startup ] ----------------

 

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

NeroFilterCheck REG_SZ C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

igfxtray REG_SZ C:\WINDOWS\system32\igfxtray.exe

igfxhkcmd REG_SZ C:\WINDOWS\system32\hkcmd.exe

igfxpers REG_SZ C:\WINDOWS\system32\igfxpers.exe

HP Software Update REG_SZ C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

FixCamera REG_SZ C:\WINDOWS\FixCamera.exe

tsnp2std REG_SZ C:\WINDOWS\tsnp2std.exe

snp2std REG_SZ C:\WINDOWS\vsnp2std.exe

Adobe Reader Speed Launcher REG_SZ "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

RTHDCPL REG_SZ RTHDCPL.EXE

avgnt REG_SZ "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

swg REG_SZ C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

ares REG_SZ "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

Advanced SystemCare 3 REG_SZ "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

 

-> Recherche négative.

 

--------------- [ Nettoyage des disques ] ----------------

 

Supprimé ! - E:\autorun.inf

 

--------------- ! Fin du rapport ! ----------------

 

 

 

--------------------------------------------------------------------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:14:24, on 4/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8318 bytes

 

 

Aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as instruções abaixo:

 

 

CFScript

 

Copie,todo conteúdo citado abaixo e cole no Bloco de Notas.

Salve o arquivo na área de trabalho com o nome de: CFScript.txt

File::

C:\WINDOWS\System32\symboot.exe

Rootkit::

C:\WINDOWS\system32\drivers\jehmgn.sys

RegNull::

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DAC970NT]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"FirewallOverride"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"UacDisableNotify"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Driver::

"dac970nt"

 

Arraste o CFScript.txt até o ícone do Combofix, conforme ilustração abaixo:

cfscript.gif

 

Atenda à solicitação,que deverá surgir,para rodar o ComboFix

OBS: Arraste o CFScript até para o ícone até que apareça a janela(pequena) do combofix

Ao final poste o ComboFix.txt juntamente com o novo log do hijackthis

 

Obs.: Execute a ação com o seu pendrive conectado ao PC.

 

 

 

 

Aguardo Retorno

Agradecimentos a DigRam

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-03-31.01 - Marília 2009-04-06 3:55:03.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.503.259 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marília\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\System32\symboot.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_dac970nt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))

.

 

2009-04-04 13:11 . 2009-04-04 14:05 <DIR> d-------- c:\arquivos de programas\UsbFix

2009-04-04 05:27 . 2009-04-04 05:27 36,944,440 --a------ C:\Norman_Malware_Cleaner.exe

2009-04-03 05:07 . 2009-04-03 05:07 592 --a------ C:\task-fix.reg

2009-04-01 03:10 . 2009-04-01 03:10 <DIR> d-------- c:\arquivos de programas\Avira

2009-04-01 02:54 . 2009-04-01 02:54 3,012,038 -ra------ C:\ComboFix.exe

2009-03-31 14:41 . 2009-03-31 14:41 <DIR> d-------- C:\avira_antivir_personal_en

2009-03-30 19:27 . 2009-03-30 19:27 32,618,396 --a------ C:\avira_antivir_personal_en.zip

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\documents and settings\Marília\Dados de aplicativos\IObit

2009-03-24 12:20 . 2009-03-24 12:20 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-21 08:58 . 2009-03-21 08:58 <DIR> d-------- c:\arquivos de programas\XP Codec Pack

2009-03-21 08:58 . 2008-07-09 06:05 421,888 --a------ c:\windows\system32\ac3filter.acm

2009-03-21 08:33 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys

2009-03-21 08:33 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys

2009-03-21 08:33 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe

2009-03-21 08:33 . 2008-06-24 14:46 104,992 --a------ c:\windows\RtkAudioService.exe

2009-03-21 08:33 . 2009-02-03 16:35 35,840 --a------ c:\windows\system32\RtkCoInstXP.dll

2009-03-21 05:20 . 2009-03-21 05:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2009-03-21 03:39 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-03-21 03:39 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-03-21 03:26 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-21 03:26 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-21 03:19 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-03-21 03:00 . 2009-03-21 05:26 <DIR> d--h----- c:\windows\$hf_mig$

2009-03-21 03:00 . 2006-05-25 10:29 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-19 13:11 . 2009-03-19 13:11 <DIR> d--h----- c:\windows\PIF

2009-03-19 12:56 . 2009-03-19 12:56 <DIR> d-------- c:\arquivos de programas\Lavalys

2009-03-18 23:49 . 2009-04-04 14:14 <DIR> d-------- C:\Hijackthis

2009-03-11 22:28 . 2002-01-05 14:37 344,064 --a------ c:\windows\system32\msvcr70.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-05 07:52 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\Image Zone Express

2009-04-01 06:10 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-21 11:33 --------- d-----w c:\arquivos de programas\Realtek

2009-03-12 01:33 --------- d-----w c:\arquivos de programas\Google

2009-02-14 16:40 --------- d-----w c:\arquivos de programas\Unity

2009-02-14 09:05 46,129 ----a-w c:\windows\Fonts\angelina.zip

2009-02-14 09:05 34,131 ----a-w c:\windows\Fonts\blazed.zip

2009-02-14 09:05 141,855 ----a-w c:\windows\Fonts\amaze.zip

2009-02-14 09:04 40,104 ----a-w c:\windows\Fonts\banana_split.zip

2009-02-14 09:04 33,383 ----a-w c:\windows\Fonts\loki_cola.zip

2009-02-14 09:03 74,634 ----a-w c:\windows\Fonts\base_02.zip

2009-02-14 09:03 56,008 ----a-w c:\windows\Fonts\dark_crystal.zip

2009-02-14 09:03 29,847 ----a-w c:\windows\Fonts\adine_kirnberg.zip

2009-02-14 09:03 29,082 ----a-w c:\windows\Fonts\walt_disney.zip

2009-02-14 09:02 25,184 ----a-w c:\windows\Fonts\french_grotesque.zip

2009-02-14 09:02 10,869 ----a-w c:\windows\Fonts\freshman.zip

2009-02-14 09:00 8,655 ----a-w c:\windows\Fonts\grado_gradoo.zip

2009-02-14 09:00 28,674 ----a-w c:\windows\Fonts\graffiti.zip

2009-02-14 09:00 10,431 ----a-w c:\windows\Fonts\grand_stylus.zip

2009-02-14 08:59 26,230 ----a-w c:\windows\Fonts\gravicon_display.zip

2009-02-14 08:58 48,877 ----a-w c:\windows\Fonts\lelf_noir_du_mal.zip

2009-02-14 08:58 21,611 ----a-w c:\windows\Fonts\gregs_other_hand.zip

2009-02-14 08:58 16,680 ----a-w c:\windows\Fonts\gregs_hand.zip

2009-02-12 02:30 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 00:09 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-09 14:06 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 21:04 --------- d-----w c:\documents and settings\Marília\Dados de aplicativos\SlipStream

2009-02-03 20:32 18,085,888 ----a-w c:\windows\RTHDCPL.EXE

2009-01-21 18:54 1,206,816 ----a-w c:\windows\RtlUpd.exe

.

 

------- Sigcheck -------

 

2008-10-16 13:09 129048 43d5a34f45998483e541235d71b47992 c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51224 e654b78d2f1d791b30d0ed9a8195ec22 c:\windows\system32\dllcache\wuauclt.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_ 3.02.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-16 22:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

- 2009-01-06 19:14:08 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:25:34 202,168 ----a-w c:\windows\system32\Adobe\Director\swdir.dll

+ 2009-01-16 22:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2009-01-16 21:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2009-01-16 22:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

- 2008-12-06 00:25:10 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2009-01-16 21:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

- 2008-12-06 00:25:10 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2009-01-16 21:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2009-01-16 22:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2009-01-16 22:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2009-01-16 22:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe

+ 2009-01-16 22:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2009-01-16 22:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

- 2008-12-06 00:25:10 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 2009-01-16 21:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

- 1999-06-25 12:55:30 223,232 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 1999-06-25 13:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 2008-03-12 15:29:14 94,465 ----a-w c:\windows\system32\avsda.dll

+ 2008-01-21 21:12:56 41,792 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 21:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-03-04 16:28:53 79,424 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-03-01 13:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-06 06:57:31 16,384 ----atw c:\windows\temp\Perflib_Perfdata_afc.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 146680]

"ares"="c:\documents and settings\Marília\Meus documentos\Ares\Ares.exe" [2009-01-27 983040]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 226864]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 180224]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 188416]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 122880]

"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]

"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 348160]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 413696]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 262401]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-10 191488]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 284248]

Ralink Wireless Utility.lnk - c:\arquivos de programas\RALINK\Common\RaUI.exe [2009-01-10 671744]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWuSchd2.exe"=

"c:\\WINDOWS\\ALCMTR.EXE"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Calibration\\Adobe Gamma Loader.exe"=

"c:\\WINDOWS\\system32\\igfxpers.exe"=

"c:\\WINDOWS\\system32\\userinit.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\WINDOWS\\RTHDCPL.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"c:\\Arquivos de programas\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"c:\\WINDOWS\\tsnp2std.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"c:\\WINDOWS\\vsnp2std.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\usnsvc.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe"=

"c:\\Arquivos de programas\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

"c:\\WINDOWS\\system32\\WISPTIS.EXE"=

"c:\\Documents and Settings\\Marília\\Meus documentos\\Ares\\Ares.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=

"c:\\Hijackthis\\HiJackThis.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\wuauclt.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\WINDOWS\\system32\\igfxsrvc.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Companion\\Installs\\cpn\\ytbb.exe"=

"c:\\WINDOWS\\system32\\cmd.exe"=

 

S2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-04-01 164097]

S2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-04-01 254209]

S2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-04-01 41217]

S2 gupdate1c9947de6b77398;Google Update Service (gupdate1c9947de6b77398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-03-21 1684736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-21 20:41]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: avsda.dll

TCP: {255D53F9-DA11-4382-A77C-C183289A2512} = 192.168.1.1

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 03:57:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-963894560-1177238915-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(868)

c:\windows\system32\avsda.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-06 3:59:23 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-06 06:59:20

ComboFix2.txt 2009-04-04 07:46:27

ComboFix3.txt 2009-04-03 07:55:57

ComboFix4.txt 2009-04-01 06:03:47

 

Pré-execução: 12 pasta(s) 149.487.816.704 bytes disponíveis

Pós execução: 11 pasta(s) 149,690,773,504 bytes disponíveis

 

248 --- E O F --- 2009-03-21 08:31:15

 

 

 

================================================================================

==

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:02:07, on 6/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\tsnp2std.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Hijackthis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Arquivos de programas\HP\Smart Web Printing\SmartWebPrinting.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Marília\Meus documentos\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{255D53F9-DA11-4382-A77C-C183289A2512}: NameServer = 192.168.1.1

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: Google Update Service (gupdate1c9947de6b77398) (gupdate1c9947de6b77398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 8185 bytes

 

 

Estou no aguardo

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.