[Arquivado] Iexplore.exe a 100%

[allan_aguia 0]

OLA PESSOAL,, SEMPRE QUE ENTRO NA NET E MUDO DE UMA PAGINA PRA OUTRA O IEXPLORE.EXE FICA EM 100% E SEMPRE QUE RETORNO A UMA PAGINA DIZ QUE O PROGRAMA NAO ESTA RESPONDENDO E TEM QUE SER FINALIZA. JA PASSEI O AVIRA, SPY DOCTOR, COMBOFIX. BANKERFIX,ADWARE-SE, SPYBOOT S/D E MALWAREBYTS.

 

Logfile of HijackThis v1.99.1

Scan saved at 12:56, on 07-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVPersonal\AVGNT.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\livecall.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB1.dll

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyB1.dll

O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

 

 

 

ComboFix 09-04-04.01 - Louise 2009-04-05 12:59:23.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1046.18.479.180 [GMT -3:00]

Executando de: c:\documents and settings\Louise\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-05 to 2009-04-05 ))))))))))))))))))))))))))))

.

 

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-03-27 14:37 . 2009-03-27 14:37 <DIR> d-------- c:\arquivos de programas\Windows Live Safety Center

2009-03-22 13:45 . 2009-03-22 15:21 519 --a------ C:\hpfr3420.xml

2009-03-21 19:11 . 2009-03-21 19:11 <DIR> d-------- c:\windows\Sun

2009-03-19 20:32 . 2009-03-19 20:55 <DIR> d-------- c:\documents and settings\Louise\.receitanet

2009-03-18 14:04 . 2009-03-18 14:04 <DIR> d-------- c:\documents and settings\Louise\Dados de aplicativos\IObit

2009-03-18 14:03 . 2009-03-18 14:03 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-18 14:02 . 2001-08-18 06:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll

2009-03-18 14:02 . 2001-08-18 06:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll

2009-03-18 14:02 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll

2009-03-18 14:02 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll

2009-03-18 14:02 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll

2009-03-18 14:02 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

2009-03-14 16:18 . 2009-03-19 20:57 <DIR> d-------- C:\Recnet

2009-03-14 16:18 . 2008-12-29 09:16 128,000 --a------ c:\windows\DesinstWRecnet.EXE

2009-03-14 16:18 . 2008-12-29 09:16 122,880 --a------ c:\windows\DesinstRecnet.exe

2009-03-14 16:18 . 2008-12-29 09:16 5,361 --a------ c:\windows\DesinstWRecnet.ini

2009-03-14 16:18 . 2009-03-14 16:18 129 --a------ c:\windows\REC-NET.INI

2009-03-14 16:12 . 2009-03-14 16:12 <DIR> d-------- C:\Arquivos de Programas RFB

2009-03-14 15:46 . 2009-03-14 15:46 <DIR> d-------- c:\arquivos de programas\Java

2009-03-14 15:46 . 2009-03-14 15:46 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-14 15:28 . 2009-03-14 15:46 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-05 15:12 196 ----a-w c:\windows\system32\drivers\ALCICH.DAT

2009-04-04 22:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg7

2009-04-03 21:24 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-03 15:59 --------- d-----w c:\arquivos de programas\Spyware Doctor

2009-04-03 11:30 --------- d-----w c:\arquivos de programas\AVPersonal

2009-03-28 14:57 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-03-28 14:00 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-03-27 19:07 --------- d-----w c:\arquivos de programas\Steam

2009-03-26 15:20 --------- d-----w c:\arquivos de programas\Counter-Strike

2009-03-01 05:33 --------- d-----w c:\arquivos de programas\Anti Trojan Elite

2009-02-28 03:05 --------- d-----w c:\documents and settings\Louise\Dados de aplicativos\Malwarebytes

2009-02-28 03:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-28 03:04 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-16 00:32 --------- d-----w c:\arquivos de programas\Google

2009-02-15 00:09 65,912 ----a-w C:\nerodigital.bin

2009-02-13 11:41 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DriverCure

2009-02-13 11:38 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ParetoLogic

2009-02-13 01:35 --------- d-----w c:\documents and settings\Louise\Dados de aplicativos\Flap Pure

2009-02-12 15:47 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Atom Idle Dash Bend

2009-02-12 15:43 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 15:43 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-11 13:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 13:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-10 22:37 --------- d-----w c:\arquivos de programas\myBabylon_English

2009-01-27 16:07 11,955,079 ------w C:\AVG7QT.DAT

2009-01-20 18:25 22 ----a-w c:\documents and settings\Louise\xrt_collect.zip

2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr

2008-09-05 15:00 0 --sh--w c:\arquivos de programas\megatron.ini

2008-04-16 19:47 488 ---ha-w c:\documents and settings\Louise\hpothb07.dat

2005-10-25 02:45 81 ----a-w c:\documents and settings\Louise\delsmltr.bat

2005-04-12 14:14 0 ---ha-w c:\documents and settings\Louise\Dados de aplicativos\hpothb07.dat

2002-12-04 17:45 751,232 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISGRV.DLL

2002-12-02 19:39 831,488 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISGL.DLL

2002-12-02 18:33 250,368 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISGRP.SYS

2002-11-13 21:17 6,598 ----a-w c:\windows\inf\DRIVERS\VIDEO\INSTFUNC.DLL

2002-11-13 18:26 172,032 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISINST.DLL

2002-11-13 18:11 221,184 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISPARSE.DLL

2002-11-13 18:09 98,304 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISAPCOM.DLL

2002-11-07 16:38 370,560 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3GNB.DLL

2002-11-07 16:38 159,104 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3GNBM.SYS

2002-11-05 09:02 335,872 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3DISPLY.DLL

2002-10-23 03:58 299,008 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3GAMMA2.DLL

2002-10-01 08:08 188,416 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3INFO2.DLL

2002-08-09 13:12 770,048 ----a-w c:\windows\inf\DRIVERS\VIDEO\NBICDNT.DLL

2002-07-11 02:39 32,256 ----a-w c:\windows\inf\DRIVERS\LAN\SISNIC.SYS

2002-05-29 04:06 315,392 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3OVRLAY.DLL

2002-04-26 21:27 49,152 ----a-w c:\windows\inf\DRIVERS\VIDEO\SIS740.BIN

2002-04-26 21:27 49,152 ----a-w c:\windows\inf\DRIVERS\VIDEO\SIS650.BIN

2002-03-12 06:52 69,690 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3UNINST.EXE

2002-02-13 14:27 166,419 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSFHWBS2.SYS

2002-02-13 14:26 1,171,584 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSF_DP.SYS

2002-02-13 14:20 594,032 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSF_CNXT.SYS

2002-02-08 00:00 266,240 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HXFSETUP.EXE

2001-12-25 13:23 12,074 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSFINST.DLL

2001-10-22 17:46 9,855 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\MDMXSDK.SYS

2001-10-22 17:37 57,344 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\MDMXSDK.DLL

2001-09-19 07:21 285,533 ----a-w c:\windows\inf\DRIVERS\SOM\ALCXWDM.SYS

2001-08-07 13:53 37,376 ----a-w c:\windows\inf\DRIVERS\LAN\UNINST.EXE

2001-05-29 09:02 124,416 ----a-w c:\windows\inf\DRIVERS\SOM\SOUNDMAN.EXE

2001-02-15 08:28 28,160 ----a-w c:\windows\inf\DRIVERS\SOM\ALDAEMON.EXE

1999-02-17 05:35 60,416 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUP.EXE

1998-01-28 08:15 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0007\_SETUP.DLL

1998-01-28 08:07 8,704 ----a-w c:\windows\inf\DRIVERS\VIDEO\_ISDEL.EXE

1998-01-28 06:20 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\001D\_SETUP.DLL

1998-01-24 08:40 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0009\_SETUP.DLL

1998-01-24 08:32 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0804\_SETUP.DLL

1998-01-24 08:32 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0404\_SETUP.DLL

1998-01-24 08:30 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\001E\_SETUP.DLL

1998-01-24 08:26 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0019\_SETUP.DLL

1998-01-24 08:26 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0012\_SETUP.DLL

1998-01-24 06:49 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0011\_SETUP.DLL

1998-01-23 13:08 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\000A\_SETUP.DLL

1998-01-23 13:07 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0010\_SETUP.DLL

1998-01-23 13:07 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0416\_SETUP.DLL

1998-01-23 13:07 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0014\_SETUP.DLL

1998-01-23 13:06 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\040C\_SETUP.DLL

1998-01-23 13:06 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0013\_SETUP.DLL

1998-01-23 13:06 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\000B\_SETUP.DLL

1998-01-23 13:05 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0006\_SETUP.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-03-24 22:21 1883672 --a------ c:\arquivos de programas\myBabylon_English\tbmyB1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\arquivos de programas\myBabylon_English\tbmyB1.dll" [2009-03-24 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\arquivos de programas\myBabylon_English\tbmyB1.dll" [2009-03-24 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVGCtrl"="c:\arquivos de programas\AVPersonal\AVGNT.EXE" [2004-11-08 127016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-11 13312]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^avg.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

backup=c:\windows\pss\avg.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^JVM0.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\JVM0.exe

backup=c:\windows\pss\JVM0.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

backup=c:\windows\pss\Windows32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winexec32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\winexec32.exe

backup=c:\windows\pss\winexec32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Louise^Menu Iniciar^Programas^Inicializar^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\Louise\Menu Iniciar\Programas\Inicializar\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVSCHED32]

--a------ 2004-11-19 12:04 110632 c:\arquivos de programas\AVPersonal\AVSCHED32.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2008-12-18 16:32 3961064 c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2002-09-11 09:00 13312 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dash bend meta balm]

--a------ 2008-09-12 13:50 1668096 c:\documents and settings\All Users\Dados de aplicativos\Atom Idle Dash Bend\INTERNET LITE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllhost]

--a------ 2008-09-05 12:00 1171968 c:\windows\system32\wscntfx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2004-07-16 09:50 1409136 c:\arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2008-08-25 11:36 1168264 c:\arquivos de programas\Spyware Doctor\pctsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

--a------ 2006-11-03 11:01 319488 c:\windows\PixArt\Pac207\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2002-04-11 06:36 1458448 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

--a------ 2004-08-13 16:41 86016 c:\arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 11:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2004-07-26 19:14 1867776 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS Assistant]

--a------ 2004-09-30 16:39 249856 c:\arquivos de programas\Photoshop Interface Assistant\Photoshop Interface Assistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-06-14 18:28 26992424 c:\arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2009-01-26 15:31 2144088 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

--a------ 2005-10-27 15:41 3402240 c:\arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2009-03-27 16:08 1410296 c:\arquivos de programas\Steam\steam 2\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-03-14 15:46 148888 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-06-24 11:20 171448 c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\explorer.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"28579:TCP"= 28579:TCP:port

"15438:TCP"= 15438:TCP:port

 

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2005-10-30 78336]

R2 AVWUpSrv;AntiVir Update;c:\arquivos de programas\AVPersonal\AVWUPSRV.EXE [2008-05-01 36864]

R3 avgntdd;avgntdd;c:\arquivos de programas\AVPersonal\AVGNTDD.SYS [2004-12-10 32560]

R3 LNIC;LG LNIC-10/100S Series Ethernet Adapter;c:\windows\system32\drivers\LNIC.sys [2004-03-19 38656]

S0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys --> c:\windows\System32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys --> c:\windows\System32\drivers\TfSysMon.sys [?]

S1 PLUG;Driver do GB; [x]

S3 ATE_PROCMON;ATE_PROCMON;\??\c:\arquivos de programas\Anti Trojan Elite\ATEPMon.sys --> c:\arquivos de programas\Anti Trojan Elite\ATEPMon.sys [?]

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sXe Injected\ddsxei.sys --> c:\arquivos de programas\sXe Injected\ddsxei.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\System32\GameMon.des -service --> c:\windows\System32\GameMon.des -service [?]

S3 PAC207;Dlink DSB-C120;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [2009-01-20 356920]

S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2006-04-09 227200]

S3 TfNetMon;TfNetMon;\??\c:\windows\System32\drivers\TfNetMon.sys --> c:\windows\System32\drivers\TfNetMon.sys [?]

S4 Integrated Windows Authentication;Integrated Windows Authentication;"c:\arquivos de programas\Arquivos comuns\System\MSIWA32.exe" --> c:\arquivos de programas\Arquivos comuns\System\MSIWA32.exe [?]

S4 ThreatFire;ThreatFire;c:\arquivos de programas\ThreatFire\TFService.exe service --> c:\arquivos de programas\ThreatFire\TFService.exe service [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6ed591f-37e6-11d9-91ce-806d6172696f}]

\shell\play\command - "c:\arquivos de programas\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe" %1

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-05 c:\windows\Tasks\A765273691E2A3A2.job

- c:\docume~1\louise\dadosd~1\flappu~1\Barb software free.exe [2009-02-12 12:49]

 

2005-02-19 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100704202.job

- c:\arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

 

2009-04-04 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\arquivos de programas\Arquivos comuns\ParetoLogic\UUS2\Pareto_Update.exe []

 

2009-03-23 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

 

2009-03-23 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\ [2009-03-18 14:04]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

mWindow Title = Microsoft Internet Explorer

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

TCP: {54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF} = 172.16.4.22

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-05 13:06:56

Windows 5.1.2600 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\System32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(448)

c:\windows\System32\ODBC32.dll

 

- - - - - - - > 'lsass.exe'(504)

c:\windows\System32\dssenh.dll

.

Tempo para conclusão: 2009-04-05 13:13:34

ComboFix-quarantined-files.txt 2009-04-05 16:12:19

ComboFix2.txt 2009-03-26 14:40:21

ComboFix3.txt 2009-03-10 15:49:25

ComboFix4.txt 2009-03-01 18:30:18

ComboFix5.txt 2009-04-05 15:58:29

 

Pré-execução: 7.030.693.888 bytes disponíveis

Pós execução: 7,263,109,120 bytes disponíveis

 

282

[DigRam 144]

Boa Noite! allan_aguia

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[allan_aguia 0]

segue lop s&d

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 1

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.00GHz )

BIOS : )Phoenix - Award WorkstationBIOS v6.00PG

USER : Louise ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)

D:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 08-04-2009|10:03 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[21-08-2005|05:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ahead

[14-10-2007|02:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[08-04-2009|09:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avg7

[01-05-2008|10:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[31-01-2009|08:51] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Babylon

[13-02-2009|08:41] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DriverCure

[13-02-2008|03:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[20-09-2006|08:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\GbPlugin

[24-06-2008|11:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[28-01-2009|09:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Grisoft

[28-02-2009|12:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes

[15-09-2006|11:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[24-12-2007|11:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[17-11-2004|07:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\MSN6

[13-02-2008|04:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NCH Swift Sound

[13-02-2009|08:38] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ParetoLogic

[12-09-2008|10:44] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Tools

[24-06-2008|11:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[07-04-2009|02:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[06-04-2009|11:09] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[08-03-2007|05:09] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

 

[16-11-2004|03:07] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Identities

[16-11-2004|03:03] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[18-01-2007|04:13] C:\DOCUME~1\LOCALS~1\DADOSD~1\AVG7

[11-12-2006|08:56] C:\DOCUME~1\LOCALS~1\DADOSD~1\Help

[23-02-2007|06:09] C:\DOCUME~1\LOCALS~1\DADOSD~1\Macromedia

[08-04-2009|09:04] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

[30-10-2005|12:57] C:\DOCUME~1\LOCALS~1\DADOSD~1\Webroot

 

[16-11-2004|03:14] C:\DOCUME~1\Louise\DADOSD~1\Adobe

[21-08-2005|10:11] C:\DOCUME~1\Louise\DADOSD~1\Ahead

[05-08-2008|03:16] C:\DOCUME~1\Louise\DADOSD~1\ArcSoft

[28-01-2009|09:21] C:\DOCUME~1\Louise\DADOSD~1\AVG7

[31-12-2008|10:12] C:\DOCUME~1\Louise\DADOSD~1\Babylon

[24-06-2008|01:42] C:\DOCUME~1\Louise\DADOSD~1\Google

[21-12-2004|12:35] C:\DOCUME~1\Louise\DADOSD~1\Help

[17-11-2004|12:11] C:\DOCUME~1\Louise\DADOSD~1\Hewlett-Packard

[16-11-2004|03:07] C:\DOCUME~1\Louise\DADOSD~1\Identities

[16-11-2004|03:14] C:\DOCUME~1\Louise\DADOSD~1\InterTrust

[18-03-2009|02:04] C:\DOCUME~1\Louise\DADOSD~1\IObit

[18-11-2004|06:14] C:\DOCUME~1\Louise\DADOSD~1\Kazaa Lite

[24-12-2007|11:08] C:\DOCUME~1\Louise\DADOSD~1\Lavasoft

[15-01-2007|10:19] C:\DOCUME~1\Louise\DADOSD~1\Macromedia

[28-02-2009|12:05] C:\DOCUME~1\Louise\DADOSD~1\Malwarebytes

[22-11-2004|05:59] C:\DOCUME~1\Louise\DADOSD~1\MGI

[08-04-2009|09:04] C:\DOCUME~1\Louise\DADOSD~1\Microsoft

[23-10-2006|11:45] C:\DOCUME~1\Louise\DADOSD~1\MSN6

[20-01-2009|12:22] C:\DOCUME~1\Louise\DADOSD~1\PC Tools

[20-07-2006|12:33] C:\DOCUME~1\Louise\DADOSD~1\RapidGet

[14-11-2008|09:33] C:\DOCUME~1\Louise\DADOSD~1\Skype

[14-11-2008|09:28] C:\DOCUME~1\Louise\DADOSD~1\skypePM

[26-08-2006|09:35] C:\DOCUME~1\Louise\DADOSD~1\Sony Corporation

[14-03-2009|03:14] C:\DOCUME~1\Louise\DADOSD~1\Sun

[22-01-2009|09:29] C:\DOCUME~1\Louise\DADOSD~1\Uniblue

[30-10-2005|12:56] C:\DOCUME~1\Louise\DADOSD~1\Webroot

 

[04-04-2009|07:19] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[05-04-2009 10:49][--a------] C:\WINDOWS\tasks\SmartDefrag.job

[07-04-2009 12:33][--a------] C:\WINDOWS\tasks\ParetoLogic Update Version2.job

[12-04-2005 11:18][--ah-----] C:\WINDOWS\tasks\hpothb07.tif

[12-04-2005 11:18][--ah-----] C:\WINDOWS\tasks\hpothb07.dat

[19-02-2005 01:13][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100704202.job

[08-04-2009 09:00][--ah-----] C:\WINDOWS\tasks\SA.DAT

[11-09-2002 09:00][---h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[13-05-2006|12:25] C:\Arquivos de programas\7-Zip

[16-11-2004|03:14] C:\Arquivos de programas\Adobe

[21-08-2005|05:14] C:\Arquivos de programas\Ahead

[01-03-2009|02:33] C:\Arquivos de programas\Anti Trojan Elite

[08-04-2008|11:38] C:\Arquivos de programas\ArcSoft

[05-04-2009|01:01] C:\Arquivos de programas\Arquivos comuns

[20-04-2007|06:27] C:\Arquivos de programas\AskPBar

[07-04-2009|12:39] C:\Arquivos de programas\AVPersonal

[13-02-2008|04:32] C:\Arquivos de programas\AVSMedia

[30-12-2008|06:40] C:\Arquivos de programas\Babylon

[13-02-2008|04:06] C:\Arquivos de programas\BurnRight! CD & DVD

[07-04-2009|02:17] C:\Arquivos de programas\CCleaner

[30-12-2008|06:40] C:\Arquivos de programas\Conduit

[26-03-2009|12:20] C:\Arquivos de programas\Counter-Strike

[26-10-2007|05:22] C:\Arquivos de programas\DAP

[20-04-2005|09:55] C:\Arquivos de programas\Digital

[20-04-2005|09:58] C:\Arquivos de programas\directx

[08-04-2008|11:33] C:\Arquivos de programas\Dlink DSB-C120

[28-03-2009|10:43] C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

[15-02-2009|09:32] C:\Arquivos de programas\Google

[27-01-2009|01:01] C:\Arquivos de programas\Grisoft

[13-06-2008|06:30] C:\Arquivos de programas\Half-life

[19-05-2006|10:31] C:\Arquivos de programas\hardcore

[17-11-2004|12:06] C:\Arquivos de programas\Hewlett-Packard

[08-04-2009|09:22] C:\Arquivos de programas\InstallShield Installation Information

[16-11-2004|03:07] C:\Arquivos de programas\Internet Explorer

[18-03-2009|02:03] C:\Arquivos de programas\IObit

[24-10-2007|09:42] C:\Arquivos de programas\iRiver

[14-03-2009|03:46] C:\Arquivos de programas\Java

[24-12-2007|11:08] C:\Arquivos de programas\Lavasoft

[28-02-2009|12:04] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[26-05-2006|10:09] C:\Arquivos de programas\Messenger

[12-02-2009|12:43] C:\Arquivos de programas\Messenger Plus! Live

[17-11-2004|09:46] C:\Arquivos de programas\MGI

[16-11-2004|03:07] C:\Arquivos de programas\microsoft frontpage

[26-10-2007|06:09] C:\Arquivos de programas\Microsoft Office

[28-03-2009|10:43] C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

[16-07-2007|03:02] C:\Arquivos de programas\Motorola

[01-05-2006|11:21] C:\Arquivos de programas\Movie Maker

[26-10-2007|09:31] C:\Arquivos de programas\MSECache

[30-01-2005|11:59] C:\Arquivos de programas\MSN

[16-01-2005|12:53] C:\Arquivos de programas\MSN Apps

[16-11-2004|02:58] C:\Arquivos de programas\MSN Gaming Zone

[12-02-2009|12:43] C:\Arquivos de programas\MSN Messenger

[16-11-2004|03:01] C:\Arquivos de programas\NetMeeting

[08-04-2009|09:13] C:\Arquivos de programas\NewTech Infosystems

[16-11-2004|03:01] C:\Arquivos de programas\Outlook Express

[20-08-2007|09:56] C:\Arquivos de programas\Phoenxsoftware

[17-11-2004|12:45] C:\Arquivos de programas\Photoshop Interface Assistant

[31-10-2008|09:10] C:\Arquivos de programas\plugin

[26-10-2007|08:35] C:\Arquivos de programas\PowerPoint Viewer

[02-12-2004|05:09] C:\Arquivos de programas\PresenterSoft MediaEasy

[13-10-2007|05:58] C:\Arquivos de programas\QuickTime

[28-03-2009|10:43] C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy)

[16-11-2004|03:01] C:\Arquivos de programas\Serviços on-line

[24-06-2008|11:17] C:\Arquivos de programas\Skype

[26-08-2006|09:31] C:\Arquivos de programas\Sony

[06-08-2008|08:20] C:\Arquivos de programas\Specialty Sensor Technologies

[28-03-2009|11:00] C:\Arquivos de programas\Spybot - Search & Destroy

[03-04-2009|12:59] C:\Arquivos de programas\Spyware Doctor

[27-03-2009|04:07] C:\Arquivos de programas\Steam

[07-05-2008|08:23] C:\Arquivos de programas\Tales Of Pirates Online

[28-03-2009|10:43] C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy)

[17-11-2004|12:27] C:\Arquivos de programas\Trend Micro

[16-11-2004|03:19] C:\Arquivos de programas\Uninstall Information

[08-06-2008|12:26] C:\Arquivos de programas\Unity

[23-01-2007|06:50] C:\Arquivos de programas\WarRock

[30-10-2005|12:56] C:\Arquivos de programas\Webroot

[15-11-2008|09:17] C:\Arquivos de programas\Webzen

[22-03-2008|04:38] C:\Arquivos de programas\Windows Live

[27-03-2009|02:37] C:\Arquivos de programas\Windows Live Safety Center

[26-05-2006|10:09] C:\Arquivos de programas\Windows Media Player

[16-11-2004|02:58] C:\Arquivos de programas\Windows NT

[28-12-2004|07:58] C:\Arquivos de programas\WindowsUpdate

[07-10-2007|06:53] C:\Arquivos de programas\WinRAR

[16-11-2004|03:07] C:\Arquivos de programas\xerox

[13-10-2007|05:58] C:\Arquivos de programas\Xilisoft

[02-12-2004|11:35] C:\Arquivos de programas\Yahoo!

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[16-11-2004|07:17] C:\Arquivos de programas\Arquivos comuns\Adobe

[21-08-2005|05:06] C:\Arquivos de programas\Arquivos comuns\Ahead

[08-04-2008|11:41] C:\Arquivos de programas\Arquivos comuns\ArcSoft

[13-02-2008|04:32] C:\Arquivos de programas\Arquivos comuns\AVSMedia

[17-11-2004|12:04] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[26-08-2006|09:31] C:\Arquivos de programas\Arquivos comuns\InstallShield

[22-11-2004|05:59] C:\Arquivos de programas\Arquivos comuns\MGI Shared

[26-10-2007|05:58] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[16-11-2004|03:00] C:\Arquivos de programas\Arquivos comuns\MSSoap

[16-11-2004|03:52] C:\Arquivos de programas\Arquivos comuns\ODBC

[08-04-2008|11:33] C:\Arquivos de programas\Arquivos comuns\PAC207

[08-04-2008|11:33] C:\Arquivos de programas\Arquivos comuns\PXIINST207

[08-04-2008|11:33] C:\Arquivos de programas\Arquivos comuns\PXIINST64207

[01-05-2006|11:22] C:\Arquivos de programas\Arquivos comuns\Serviços

[24-06-2008|11:17] C:\Arquivos de programas\Arquivos comuns\Skype

[09-04-2006|01:03] C:\Arquivos de programas\Arquivos comuns\snpp106

[16-11-2004|03:52] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[07-07-2008|05:03] C:\Arquivos de programas\Arquivos comuns\System

 

--------------------\\ Process

 

( 26 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-08 10:05:36

Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 427

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:153][D:4]-> C:\DOCUME~1\Louise\CONFIG~1\Temp

[F:84][D:0]-> C:\DOCUME~1\Louise\Cookies

[F:3331][D:6]-> C:\DOCUME~1\Louise\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 08-04-2009|10:09 - Option : [2]

 

--------------------\\ Verificação completa em 10:09:54

 

 

hijack

 

Logfile of HijackThis v1.99.1

Scan saved at 10:16, on 08-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVPersonal\AVGNT.EXE

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\livecall.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\ARQUIV~1\DAP\DAP.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

O4 - HKLM\..\Run: [AVGCtrl] C:\Arquivos de programas\AVPersonal\AVGNT.EXE /min

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Arquivos de programas\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Arquivos de programas\AVPersonal\AVWUPSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

[DigRam 144]

Boa Tarde! allan_aguia

 

<!> Abra o HijackThis --> Clique em “View the list of backup“

<!> Selecione tudo o que encontrar --> Clique em RESTORE.

<!> Reinicie o computador!

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Baixe,novamente,ComboFix.exe. --> Execute-o! --> Poste: ComboFix.txt + HJT,atualizado.

 

Abraços!

[allan_aguia 0]

Boa Tarde! allan_aguia

 

<!> Abra o HijackThis --> Clique em “View the list of backup“

<!> Selecione tudo o que encontrar --> Clique em RESTORE.

<!> Reinicie o computador!

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Baixe,novamente,ComboFix.exe. --> Execute-o! --> Poste: ComboFix.txt + HJT,atualizado.

 

Abraços!

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 05:09, on 09-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\PC Seguro\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\PC Seguro\Common\FSMA32.EXE

C:\Arquivos de programas\PC Seguro\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\PC Seguro\Common\FSLAUNCH.EXE

C:\Arquivos de programas\PC Seguro\Anti-Virus\fssm32.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\PC Seguro\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\PC Seguro\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\pc seguro\fsps\program\fslsp.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Arquivos de programas\PC Seguro\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Arquivos de programas\PC Seguro\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\PC Seguro\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\PC Seguro\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\PC Seguro\ORSP Client\fsorsp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

 

 

 

ComboFix 09-04-04.01 - Louise 2009-04-09 16:57:21.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1252.55.1046.18.479.178 [GMT -3:00]

Executando de: c:\documents and settings\Louise\Meus documentos\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-09 to 2009-04-09 ))))))))))))))))))))))))))))

.

 

2009-04-09 16:18 . 2009-04-09 16:18 <DIR> d-------- c:\documents and settings\Louise\Dados de aplicativos\F-Secure

2009-04-09 16:11 . 2008-12-04 10:57 79,872 --a------ c:\windows\system32\drivers\fsdfw.sys

2009-04-09 16:11 . 2009-04-09 16:11 30,816 --a------ c:\windows\system32\drivers\fsbts.sys

2009-04-09 16:09 . 2009-04-09 16:12 <DIR> d-------- c:\arquivos de programas\PC Seguro

2009-04-09 16:08 . 2009-04-09 16:08 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\fssg

2009-04-09 16:05 . 2009-04-09 16:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\f-secure

2009-04-08 10:02 . 2009-04-08 10:09 <DIR> d-------- C:\Lop SD

2009-04-07 14:16 . 2009-04-07 14:17 <DIR> d-------- c:\arquivos de programas\CCleaner

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-03-28 10:43 . 2009-03-28 10:43 <DIR> d-------- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-03-27 14:37 . 2009-03-27 14:37 <DIR> d-------- c:\arquivos de programas\Windows Live Safety Center

2009-03-22 13:45 . 2009-04-08 00:06 519 --a------ C:\hpfr3420.xml

2009-03-21 19:11 . 2009-03-21 19:11 <DIR> d-------- c:\windows\Sun

2009-03-19 20:32 . 2009-03-19 20:55 <DIR> d-------- c:\documents and settings\Louise\.receitanet

2009-03-18 14:04 . 2009-03-18 14:04 <DIR> d-------- c:\documents and settings\Louise\Dados de aplicativos\IObit

2009-03-18 14:03 . 2009-03-18 14:03 <DIR> d-------- c:\arquivos de programas\IObit

2009-03-18 14:02 . 2001-08-18 06:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll

2009-03-18 14:02 . 2001-08-18 06:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll

2009-03-18 14:02 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll

2009-03-18 14:02 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll

2009-03-18 14:02 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll

2009-03-18 14:02 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll

2009-03-14 16:18 . 2009-03-19 20:57 <DIR> d-------- C:\Recnet

2009-03-14 16:18 . 2008-12-29 09:16 128,000 --a------ c:\windows\DesinstWRecnet.EXE

2009-03-14 16:18 . 2008-12-29 09:16 122,880 --a------ c:\windows\DesinstRecnet.exe

2009-03-14 16:18 . 2008-12-29 09:16 5,361 --a------ c:\windows\DesinstWRecnet.ini

2009-03-14 16:18 . 2009-03-14 16:18 129 --a------ c:\windows\REC-NET.INI

2009-03-14 16:12 . 2009-03-14 16:12 <DIR> d-------- C:\Arquivos de Programas RFB

2009-03-14 15:46 . 2009-03-14 15:46 <DIR> d-------- c:\arquivos de programas\Java

2009-03-14 15:46 . 2009-03-14 15:46 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-14 15:28 . 2009-03-14 15:46 410,984 --a------ c:\windows\system32\deploytk.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-09 19:13 196 ----a-w c:\windows\system32\drivers\ALCICH.DAT

2009-04-08 14:13 --------- d-----w c:\arquivos de programas\Counter-Strike

2009-04-08 12:22 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-08 12:13 --------- d-----w c:\arquivos de programas\NewTech Infosystems

2009-04-08 12:03 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avg7

2009-04-07 17:26 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-04-07 02:09 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-04-03 15:59 --------- d-----w c:\arquivos de programas\Spyware Doctor

2009-03-28 14:00 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-03-27 19:07 --------- d-----w c:\arquivos de programas\Steam

2009-03-01 05:33 --------- d-----w c:\arquivos de programas\Anti Trojan Elite

2009-02-28 03:05 --------- d-----w c:\documents and settings\Louise\Dados de aplicativos\Malwarebytes

2009-02-28 03:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-02-28 03:04 --------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-16 00:32 --------- d-----w c:\arquivos de programas\Google

2009-02-15 00:09 65,912 ----a-w C:\nerodigital.bin

2009-02-13 11:41 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\DriverCure

2009-02-13 11:38 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ParetoLogic

2009-02-12 15:43 --------- d-----w c:\arquivos de programas\MSN Messenger

2009-02-12 15:43 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-11 13:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 13:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-27 16:07 11,955,079 ------w C:\AVG7QT.DAT

2009-01-20 18:25 22 ----a-w c:\documents and settings\Louise\xrt_collect.zip

2008-09-05 15:00 0 --sh--w c:\arquivos de programas\megatron.ini

2008-04-16 19:47 488 ---ha-w c:\documents and settings\Louise\hpothb07.dat

2005-10-25 02:45 81 ----a-w c:\documents and settings\Louise\delsmltr.bat

2005-04-12 14:14 0 ---ha-w c:\documents and settings\Louise\Dados de aplicativos\hpothb07.dat

2002-12-04 17:45 751,232 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISGRV.DLL

2002-12-02 19:39 831,488 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISGL.DLL

2002-12-02 18:33 250,368 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISGRP.SYS

2002-11-13 21:17 6,598 ----a-w c:\windows\inf\DRIVERS\VIDEO\INSTFUNC.DLL

2002-11-13 18:26 172,032 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISINST.DLL

2002-11-13 18:11 221,184 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISPARSE.DLL

2002-11-13 18:09 98,304 ----a-w c:\windows\inf\DRIVERS\VIDEO\SISAPCOM.DLL

2002-11-07 16:38 370,560 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3GNB.DLL

2002-11-07 16:38 159,104 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3GNBM.SYS

2002-11-05 09:02 335,872 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3DISPLY.DLL

2002-10-23 03:58 299,008 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3GAMMA2.DLL

2002-10-01 08:08 188,416 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3INFO2.DLL

2002-08-09 13:12 770,048 ----a-w c:\windows\inf\DRIVERS\VIDEO\NBICDNT.DLL

2002-07-11 02:39 32,256 ----a-w c:\windows\inf\DRIVERS\LAN\SISNIC.SYS

2002-05-29 04:06 315,392 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3OVRLAY.DLL

2002-04-26 21:27 49,152 ----a-w c:\windows\inf\DRIVERS\VIDEO\SIS740.BIN

2002-04-26 21:27 49,152 ----a-w c:\windows\inf\DRIVERS\VIDEO\SIS650.BIN

2002-03-12 06:52 69,690 ----a-w c:\windows\inf\DRIVERS\VIDEO\S3UNINST.EXE

2002-02-13 14:27 166,419 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSFHWBS2.SYS

2002-02-13 14:26 1,171,584 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSF_DP.SYS

2002-02-13 14:20 594,032 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSF_CNXT.SYS

2002-02-08 00:00 266,240 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HXFSETUP.EXE

2001-12-25 13:23 12,074 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\HSFINST.DLL

2001-10-22 17:46 9,855 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\MDMXSDK.SYS

2001-10-22 17:37 57,344 ----a-w c:\windows\inf\DRIVERS\MODEM\MSP3885U\MDMXSDK.DLL

2001-09-19 07:21 285,533 ----a-w c:\windows\inf\DRIVERS\SOM\ALCXWDM.SYS

2001-08-07 13:53 37,376 ----a-w c:\windows\inf\DRIVERS\LAN\UNINST.EXE

2001-05-29 09:02 124,416 ----a-w c:\windows\inf\DRIVERS\SOM\SOUNDMAN.EXE

2001-02-15 08:28 28,160 ----a-w c:\windows\inf\DRIVERS\SOM\ALDAEMON.EXE

1999-02-17 05:35 60,416 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUP.EXE

1998-01-28 08:15 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0007\_SETUP.DLL

1998-01-28 08:07 8,704 ----a-w c:\windows\inf\DRIVERS\VIDEO\_ISDEL.EXE

1998-01-28 06:20 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\001D\_SETUP.DLL

1998-01-24 08:40 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0009\_SETUP.DLL

1998-01-24 08:32 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0804\_SETUP.DLL

1998-01-24 08:32 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0404\_SETUP.DLL

1998-01-24 08:30 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\001E\_SETUP.DLL

1998-01-24 08:26 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0019\_SETUP.DLL

1998-01-24 08:26 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0012\_SETUP.DLL

1998-01-24 06:49 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0011\_SETUP.DLL

1998-01-23 13:08 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\000A\_SETUP.DLL

1998-01-23 13:07 11,776 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0010\_SETUP.DLL

1998-01-23 13:07 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0416\_SETUP.DLL

1998-01-23 13:07 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0014\_SETUP.DLL

1998-01-23 13:06 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\040C\_SETUP.DLL

1998-01-23 13:06 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0013\_SETUP.DLL

1998-01-23 13:06 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\000B\_SETUP.DLL

1998-01-23 13:05 11,264 ----a-w c:\windows\inf\DRIVERS\VIDEO\SETUPDIR\0006\_SETUP.DLL

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\arquivos de programas\PC Seguro\Common\FSM32.EXE" [2008-12-04 182936]

"F-Secure TNB"="c:\arquivos de programas\PC Seguro\FSGUI\TNBUtil.exe" [2008-12-04 957024]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-11 13312]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^avg.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

backup=c:\windows\pss\avg.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^JVM0.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\JVM0.exe

backup=c:\windows\pss\JVM0.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

backup=c:\windows\pss\Windows32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winexec32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\winexec32.exe

backup=c:\windows\pss\winexec32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Louise^Menu Iniciar^Programas^Inicializar^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\Louise\Menu Iniciar\Programas\Inicializar\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

--a------ 2008-12-18 16:32 3961064 c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2002-09-11 09:00 13312 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dllhost]

--a------ 2008-09-05 12:00 1171968 c:\windows\system32\wscntfx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2004-07-16 09:50 1409136 c:\arquivos de programas\Ahead\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

--a------ 2008-08-25 11:36 1168264 c:\arquivos de programas\Spyware Doctor\pctsTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

--a------ 2006-11-03 11:01 319488 c:\windows\PixArt\Pac207\Monitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2002-04-11 06:36 1458448 c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

--a------ 2004-08-13 16:41 86016 c:\arquivos de programas\MSN Apps\Updater\01.02.3000.1001\pt-br\msnappau.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 11:54 5674352 c:\arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2004-07-26 19:14 1867776 c:\arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS Assistant]

--a------ 2004-09-30 16:39 249856 c:\arquivos de programas\Photoshop Interface Assistant\Photoshop Interface Assistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-06-14 18:28 26992424 c:\arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2009-01-26 15:31 2144088 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

--a------ 2005-10-27 15:41 3402240 c:\arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2009-03-27 16:08 1410296 c:\arquivos de programas\Steam\steam 2\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2009-03-14 15:46 148888 c:\arquivos de programas\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-06-24 11:20 171448 c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\explorer.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"28579:TCP"= 28579:TCP:port

"15438:TCP"= 15438:TCP:port

 

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-04-09 30816]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-04-09 79872]

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2005-10-30 78336]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\arquivos de programas\PC Seguro\HIPS\drivers\fshs.sys [2009-04-09 67808]

R2 F-Secure Filter;F-Secure File System Filter;c:\arquivos de programas\PC Seguro\Anti-Virus\win2k\fsfilter.sys [2009-04-09 39776]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\PC Seguro\Anti-Virus\win2k\fsgk.sys [2009-04-09 62176]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\arquivos de programas\PC Seguro\Anti-Virus\win2k\fsrec.sys [2009-04-09 25184]

R3 LNIC;LG LNIC-10/100S Series Ethernet Adapter;c:\windows\system32\drivers\LNIC.sys [2004-03-19 38656]

S0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys --> c:\windows\System32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys --> c:\windows\System32\drivers\TfSysMon.sys [?]

S1 PLUG;Driver do GB; [x]

S3 ATE_PROCMON;ATE_PROCMON;\??\c:\arquivos de programas\Anti Trojan Elite\ATEPMon.sys --> c:\arquivos de programas\Anti Trojan Elite\ATEPMon.sys [?]

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sXe Injected\ddsxei.sys --> c:\arquivos de programas\sXe Injected\ddsxei.sys [?]

S3 FSORSPClient;F-Secure ORSP Client;c:\arquivos de programas\PC Seguro\ORSP Client\fsorsp.exe [2009-04-09 55904]

S3 npggsvc;nProtect GameGuard Service;c:\windows\System32\GameMon.des -service --> c:\windows\System32\GameMon.des -service [?]

S3 PAC207;Dlink DSB-C120;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [2009-01-20 356920]

S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2006-04-09 227200]

S3 TfNetMon;TfNetMon;\??\c:\windows\System32\drivers\TfNetMon.sys --> c:\windows\System32\drivers\TfNetMon.sys [?]

S4 Integrated Windows Authentication;Integrated Windows Authentication;"c:\arquivos de programas\Arquivos comuns\System\MSIWA32.exe" --> c:\arquivos de programas\Arquivos comuns\System\MSIWA32.exe [?]

S4 ThreatFire;ThreatFire;c:\arquivos de programas\ThreatFire\TFService.exe service --> c:\arquivos de programas\ThreatFire\TFService.exe service [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6ed591f-37e6-11d9-91ce-806d6172696f}]

\shell\play\command - "c:\arquivos de programas\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe" %1

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2005-02-19 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100704202.job

- c:\arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

 

2009-04-09 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\arquivos de programas\Arquivos comuns\ParetoLogic\UUS2\Pareto_Update.exe []

 

2009-04-06 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

 

2009-04-06 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\ [2009-03-18 14:04]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\arquivos de programas\myBabylon_English\tbmyB1.dll

BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\arquivos de programas\myBabylon_English\tbmyB1.dll

Toolbar-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\arquivos de programas\myBabylon_English\tbmyB1.dll

HKCU-Run-QUAD Scheduler - c:\arquivos de programas\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe

HKCU-Run-NitroPC - c:\arquivos de programas\NitroPC\NitroPC.exe

HKCU-Run-proc meow - c:\docume~1\Louise\DADOSD~1\FLAPPU~1\debug proxy.exe

HKLM-Run-Anti Trojan Elite - c:\arquivos de programas\Anti Trojan Elite\TJEnder.exe

HKLM-Run-dash bend meta balm - c:\documents and settings\All Users\Dados de aplicativos\Atom Idle Dash Bend\Soap Site.exe

Notify-e075fc26517 - c:\windows\System32\dsound32.dll

MSConfigStartUp-AVSCHED32 - c:\arquivos de programas\AVPersonal\AVSCHED32.EXE

MSConfigStartUp-dash bend meta balm - c:\documents and settings\All Users\Dados de aplicativos\Atom Idle Dash Bend\INTERNET LITE.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = www.google.com.br/

uLocal Page =

mWindow Title = Microsoft Internet Explorer

mLocal Page =

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

LSP: c:\arquivos de programas\PC Seguro\FSPS\program\FSLSP.DLL

TCP: {54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF} = 172.16.4.22

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-09 17:03:31

Windows 5.1.2600 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]

"ImagePath"="c:\windows\System32\GameMon.des -service"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(452)

c:\windows\System32\ODBC32.dll

 

- - - - - - - > 'lsass.exe'(532)

c:\arquivos de programas\PC Seguro\FSPS\program\FSLSP.DLL

c:\windows\System32\dssenh.dll

.

Tempo para conclusão: 2009-04-09 17:08:24

ComboFix-quarantined-files.txt 2009-04-09 20:07:43

ComboFix2.txt 2009-03-26 14:40:21

ComboFix3.txt 2009-03-10 15:49:25

ComboFix4.txt 2009-03-01 18:30:18

ComboFix5.txt 2009-04-05 15:58:29

 

Pré-execução: 7.392.587.776 bytes disponíveis

Pós execução: 7,427,362,816 bytes disponíveis

 

296

[DigRam 144]

Boa Noite! allan_aguia

 

<@> Baixe: < BankerFix 3.0 >

<@> Salve-o no Disco Local-C!

<@> Desabilite,temporariamente,o seu anti-vírus.

<@> Dê um duplo-clique sobre o bankerfix.exe.

<@> Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.

<@> A janela do BankerFix 3.0,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.0?" <-- Traduzido!

<@> Clique em Sim!

<@> Uma janela informando que o BankerFix 3.0 será baixado,via internet,abrir-se-á.

<@> Clique OK. <-- Aguarde!

<@> Na próxima janela,clique em OK.

<@> O BankerFix 3.0 será iniciado!

<@> Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde!

<@> Terminado o scan,leia a mensagem na tela e aperte Enter.

<@> Habilite o seu anti-vírus.

<@> Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[allan_aguia 0]

Logfile of HijackThis v1.99.1

Scan saved at 04:27, on 12-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Arquivos de programas\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

 

 

BankerFix 3.0 VALKYRIE - Banker Trojan Remover

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Date: 2009-04-12 - 16:22

-------------------------------------------------------

Version: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

Infected file detected: C:\MSDOS.INF

Infected file successfully removed.

 

Infected file detected: C:\pagefile.log

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\control.ctr

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\eguis.cmd

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\eguis.EXE

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\winexec32.txt

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\DirectX\Dinput\desktop.inf

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\DirectX\Dinput\Driver\1\desktop.inf

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\DirectX\Dinput\msf1f.dll

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\DirectX\Dinput\Driver\1

Infected file successfully removed.

 

Infected file detected: C:\WINDOWS\system32\DirectX\Dinput\Driver\2

Infected file successfully removed.

 

 

 

Removing .tif files in Media

-----------------------------------

 

Killing '*'

 

 

 

 

----- End -------------------------

 

reparei que i.explorer fica em 100% quando estou na net e retorno de uma pag. p/ outra e tambem quando arrolo o mouse ele vai subindo ate 100% e quando paro de arrolar o mouse ele volta a 0%.

grato pela paciencia.

abraço.....

[DigRam 144]

Boa Noite! allan_aguia

 

<@> Baixe: < avz4en.zip > ou < avz_antiviral_toolkit >

<@> Salve-o em Arquivos de programas,e descompacte-o aí mesmo!

<@> Abra a pasta avz4 e execute o aplicativo,com um duplo-clique. <-- Ícone escudo e espada!

<@> Conecte-se à Internet,e atualize o Toolkit. --> "File" --> "Database Update".

<@> Terminando,não faça ainda nenhuma verificação.

<@> Na aba "Search range",marque todas as caixinhas.

<@> Em "File types",marque o botão "All files".

<@> Em "Actions",marque: "Perform healing"

<@> Nos campos,abaixo de "Perform healing",escolha "Report only",para todos os ítens.

<@> Abaixo de "RiskWare",marque a caixa "Copy suspicious files to Quarantine". <-- Somente esta caixa!

<@> No menu "Search parameters",maximize o ajuste "Heuristic analyses".

<@> Marque a caixa "Extended analysis". <-- Somente esta caixa!

<@> Por default,não desmarque as que estão assinaladas!

<@> Feche os programas que estejam abertos,e rode a ferramenta! <-- Clique em Start.

<@> Terminando o scan,clique no ícone "Save log",para dispormos do relatório. ( avz_log )

<@> Clique,também,no ícone dos "óculos".

<@> Clique em "Save as CSV".

<@> Salve,este relatório,no desktop! <-- Formato de texto. ( *.txt )

<@> Nomeie-o como: view_log

<@> Copie e poste: avz_log.txt + view_log.txt,na sua resposta.

 

Abraços!

[allan_aguia 0]

AVZ Antiviral Toolkit log; AVZ version is 4.30

Scanning started at 14-04-2009 23:39:33

Database loaded: signatures - 218768, NN profile(s) - 2, microprograms of healing - 56, signature database released 14.04.2009 22:47

Heuristic microprograms loaded: 372

SPV microprograms loaded: 9

Digital signatures of system files loaded: 107422

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 1 ; AVZ is launched with administrator rights

System Restore: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07AE40)

Kernel ntoskrnl.exe found in memory at address 804D4000

SDT = 8054EE40

KiST = 804DECC8 (284)

Function NtCreateKey (29) intercepted (805624A0->F7B6CA46), hook not defined

Function NtCreateProcess (2F) intercepted (805AD919->F744C366), hook C:\WINDOWS\System32\Drivers\SSI.SYS

Function NtCreateProcessEx (30) intercepted (8057FB01->F744C506), hook C:\WINDOWS\System32\Drivers\SSI.SYS

Function NtCreateThread (35) intercepted (80567D58->F7B6CA3C), hook not defined

Function NtDeleteKey (3F) intercepted (805875C2->F7B6CA4B), hook not defined

Function NtDeleteValueKey (41) intercepted (8057E639->F7B6CA55), hook not defined

Function NtLoadKey (62) intercepted (805A7838->F7B6CA5A), hook not defined

Function NtOpenProcess (7A) intercepted (80565A8D->F7B6CA28), hook not defined

Function NtOpenThread (80) intercepted (805847EB->F7B6CA2D), hook not defined

Function NtRenameKey (C0) intercepted (80637942->F744AFA2), hook C:\WINDOWS\System32\Drivers\SSI.SYS

Function NtReplaceKey (C1) intercepted (80637D53->F7B6CA64), hook not defined

Function NtRestoreKey (CC) intercepted (80636B0D->F7B6CA5F), hook not defined

Function NtSetInformationKey (E2) intercepted (80637107->F744B172), hook C:\WINDOWS\System32\Drivers\SSI.SYS

Function NtSetValueKey (F7) intercepted (805784F6->F7B6CA50), hook not defined

Function NtTerminateProcess (101) intercepted (80580FFD->F7B6CA37), hook not defined

Functions checked: 284, intercepted: 15, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: extended monitoring driver (AVZPM) is not installed

Driver loaded successfully

1.5 Checking of IRP handlers

\driver\tcpip[iRP_MJ_CREATE] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_CREATE_NAMED_PIPE] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_CLOSE] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_READ] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_WRITE] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_QUERY_INFORMATION] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SET_INFORMATION] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_QUERY_EA] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SET_EA] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_FLUSH_BUFFERS] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_QUERY_VOLUME_INFORMATION] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SET_VOLUME_INFORMATION] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_DIRECTORY_CONTROL] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_FILE_SYSTEM_CONTROL] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_DEVICE_CONTROL] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_INTERNAL_DEVICE_CONTROL] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SHUTDOWN] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_LOCK_CONTROL] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_CLEANUP] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_CREATE_MAILSLOT] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_QUERY_SECURITY] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SET_SECURITY] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_POWER] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SYSTEM_CONTROL] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_DEVICE_CHANGE] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_QUERY_QUOTA] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_SET_QUOTA] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

\driver\tcpip[iRP_MJ_PNP] = F74501F8 -> C:\WINDOWS\System32\Drivers\SSI.SYS

Checking - complete

2. Scanning memory

Number of processes found: 21

Number of modules loaded: 324

Scanning memory - complete

3. Scanning disks

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

Direct reading C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\LocalService\Cookies\index.dat

Direct reading C:\Documents and Settings\LocalService\NTUSER.DAT

Direct reading C:\Documents and Settings\Louise\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\Louise\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\Documents and Settings\Louise\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\Documents and Settings\Louise\Cookies\index.dat

C:\Documents and Settings\Louise\Meus documentos\installer-8365-813-Xilisoft-3GP-Video-Converter-3-1-8-0720b-Portuguese.exe >>> suspicion for AdvWare.Win32.FakeInstaller.hl ( 0987F0F8 0B26E312 0023538B 0022A88D 706008)

File quarantined succesfully (C:\Documents and Settings\Louise\Meus documentos\installer-8365-813-Xilisoft-3GP-Video-Converter-3-1-8-0720b-Portuguese.exe)

Direct reading C:\Documents and Settings\Louise\NTUSER.DAT

Direct reading C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat

Direct reading C:\Documents and Settings\NetworkService\NTUSER.DAT

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP459\A0489226.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP459\A0489226.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP459\A0492294.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP459\A0492294.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493469.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493469.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493513.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493513.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493659.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493659.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493706.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493706.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP461\A0502917.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP461\A0502917.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP461\A0508067.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP461\A0508067.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP469\A0518503.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP469\A0518503.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP471\A0518685.exe >>> suspicion for AdvWare.Win32.FakeInstaller.gw ( 0990C722 0B3639CC 00234960 002265AD 691160)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP471\A0518685.exe)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP476\A0527836.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP476\A0527836.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP477\A0527906.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP477\A0527906.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP481\A0532096.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP481\A0532096.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP482\A0532167.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP482\A0532167.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP484\A0532380.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP484\A0532380.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP491\A0537437.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP491\A0537437.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP492\A0537523.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP492\A0537523.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP492\A0537579.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP492\A0537579.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP493\A0537653.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP493\A0537653.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP493\A0537655.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP493\A0537655.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554005.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554005.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554007.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554007.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554062.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554062.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554064.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554064.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP508\A0554138.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP508\A0554138.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP508\A0554140.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP508\A0554140.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP518\A0557596.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP518\A0557596.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP518\A0557598.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP518\A0557598.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP519\A0557668.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP519\A0557668.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP519\A0557670.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP519\A0557670.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0563315.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0563315.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0563317.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0563317.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0569308.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0569308.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0569310.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0569310.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP527\A0569385.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP527\A0569385.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP527\A0569387.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP527\A0569387.com)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP529\A0574645.cmd - PE file with non-standard extension;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 40%)

File quarantined succesfully (C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP529\A0574645.cmd)

Direct reading C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP531\change.log

Direct reading C:\WINDOWS\SchedLgU.Txt

Direct reading C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Direct reading C:\WINDOWS\system32\config\AppEvent.Evt

Direct reading C:\WINDOWS\system32\config\default

Direct reading C:\WINDOWS\system32\config\SAM

Direct reading C:\WINDOWS\system32\config\SecEvent.Evt

Direct reading C:\WINDOWS\system32\config\SECURITY

Direct reading C:\WINDOWS\system32\config\software

Direct reading C:\WINDOWS\system32\config\SysEvent.Evt

Direct reading C:\WINDOWS\system32\config\system

Direct reading C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

Direct reading C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

Direct reading C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR

Direct reading C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA

Direct reading C:\WINDOWS\temp\Perflib_Perfdata_5b8.dat

Direct reading C:\WINDOWS\WindowsUpdate.log

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

>>> C:\Arquivos de programas\DAP\DAPBHO.dll HSC: suspicion for Adware.SpeedBit

File quarantined succesfully (C:\Arquivos de programas\DAP\DAPBHO.dll)

>>> C:\ARQUIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit

File quarantined succesfully (C:\ARQUIV~1\DAP\dapie.dll)

>>> C:\ARQUIV~1\DAP\dapie.dll HSC: suspicion for Adware.SpeedBit

Checking - complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed: TermService (Serviços de terminal)

>> Services: potentially dangerous service allowed: SSDPSRV (Serviço de descoberta SSDP)

>> Services: potentially dangerous service allowed: Alerter (Alerta)

>> Services: potentially dangerous service allowed: Schedule (Agendador de tarefas)

>> Services: potentially dangerous service allowed: mnmsrvc (Compartilhamento remoto da área de trabalho do NetMeeting

)

>> Services: potentially dangerous service allowed: RDSessMgr (Gerenciador de sessão de ajuda de área de trabalho remota)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: terminal connections to the PC are allowed

Checking - complete

9. Troubleshooting wizard

>> HDD autorun are allowed

>> Autorun from network drives are allowed

>> Removable media autorun are allowed

Checking - complete

Files scanned: 219769, extracted from archives: 124685, malicious software found 0, suspicions - 2

Scanning finished at 15-04-2009 0:44:59

Time of scanning: 01:05:28

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

 

view_log.csv

 

C:\WINDOWS\System32\Drivers\SSI.SYS;4;Kernel-mode hook

C:\Documents and Settings\Louise\Meus documentos\installer-8365-813-Xilisoft-3GP-Video-Converter-3-1-8-0720b-Portuguese.exe;2;Suspicion for AdvWare.Win32.FakeInstaller.hl ( 0987F0F8 0B26E312 0023538B 0022A88D 706008)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP459\A0489226.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP459\A0492294.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493469.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493513.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493659.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP460\A0493706.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP461\A0502917.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP461\A0508067.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP469\A0518503.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP471\A0518685.exe;2;Suspicion for AdvWare.Win32.FakeInstaller.gw ( 0990C722 0B3639CC 00234960 002265AD 691160)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP476\A0527836.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP477\A0527906.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP481\A0532096.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP482\A0532167.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP484\A0532380.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP491\A0537437.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP492\A0537523.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP492\A0537579.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP493\A0537653.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP493\A0537655.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554005.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554007.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554062.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP507\A0554064.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP508\A0554138.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP508\A0554140.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP518\A0557596.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP518\A0557598.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP519\A0557668.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP519\A0557670.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0563315.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0563317.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0569308.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP526\A0569310.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP527\A0569385.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP527\A0569387.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)

C:\System Volume Information\_restore{E20918FF-C881-44F1-A37E-F756E242EF39}\RP529\A0574645.cmd;3;PE file with non-standard extension;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 40%)

C:\Arquivos de programas\DAP\DAPBHO.dll;3; HSC: suspicion for Adware.SpeedBit

C:\ARQUIV~1\DAP\dapie.dll;3; HSC: suspicion for Adware.SpeedBit

 

ai esta abraçosssssssss,..,.,.......................................... valeu ......................................................

[DigRam 144]

Bom Dia! allan_aguia

 

<!> Desinstale: SpySweeper <--

<><><><><><><><><><><>

<@> Abra o avz4 e delete os arquivos,que estão quarantinados.

<@> Clique em File --> 'Quarantine Folder Viewer.

<@> Marque todas as caixinhas,e clique em Delete --> Yes!

<@> Clique,também,em Delete folder --> Yes --> OK.

<><><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em dds.scr.

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

[allan_aguia 0]

nao consigo tirar esse spysweeper nao aparece no painel de contrele... obrigado... abraço....

 

 

DDS (Ver_09-03-16.01) - NTFSx86

Run by Louise at 23:17:07,46 on 21-04-2009

Internet Explorer: 6.0.2800.1106

Microsoft Windows XP Home Edition 5.1.2600.1.1252.55.1046.18.479.265 [GMT -3:00]

 

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k rpcss

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Louise\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com.br/

mWindow Title = Microsoft Internet Explorer

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll

TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\arquivos de programas\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\pt-br\msntb.dll

TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\arquivos de programas\askpbar\bar\1.bin\ASKPBAR.DLL

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\googletoolbar1.dll

EB: Faixa de mídia: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF} = 172.16.4.22

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\dap\dapie.dll

 

============= SERVICES / DRIVERS ===============

 

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-4-11 22360]

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2005-10-30 78336]

R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-1-18 3968]

R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-4-11 45416]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-4-11 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-4-11 185089]

R3 LNIC;LG LNIC-10/100S Series Ethernet Adapter;c:\windows\system32\drivers\LNIC.sys [2004-3-19 38656]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S1 PLUG;Driver do GB; [x]

S3 ATE_PROCMON;ATE_PROCMON;\??\c:\arquivos de programas\anti trojan elite\atepmon.sys --> c:\arquivos de programas\anti trojan elite\ATEPMon.sys [?]

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sxe injected\ddsxei.sys --> c:\arquivos de programas\sxe injected\ddsxei.sys [?]

S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-20 40840]

S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-20 66952]

S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-20 81288]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PAC207;Dlink DSB-C120;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\spyware doctor\pctsAuxs.exe [2009-1-20 356920]

S3 sdCoreService;PC Tools Security Service;c:\arquivos de programas\spyware doctor\pctsSvc.exe [2009-1-20 1079176]

S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2006-4-9 227200]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-11-16 228400]

S4 Integrated Windows Authentication;Integrated Windows Authentication;"c:\arquivos de programas\arquivos comuns\system\msiwa32.exe" --> c:\arquivos de programas\arquivos comuns\system\MSIWA32.exe [?]

S4 ThreatFire;ThreatFire;c:\arquivos de programas\threatfire\tfservice.exe service --> c:\arquivos de programas\threatfire\TFService.exe service [?]

 

=============== Created Last 30 ================

 

2009-04-14 23:23 4,626,422 a------- c:\arquivos de programas\avz4en.zip

2009-04-12 16:22 <DIR> --d----- C:\LinhaDefensiva

2009-04-11 14:45 <DIR> --d----- c:\arquivos de programas\Avira

2009-04-11 13:44 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll

2009-04-11 13:44 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll

2009-04-11 13:44 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll

2009-04-11 13:44 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll

2009-04-11 13:44 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll

2009-04-11 13:44 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll

2009-04-09 16:18 <DIR> --d----- c:\docume~1\louise\dadosd~1\F-Secure

2009-04-09 16:09 <DIR> --d----- c:\arquivos de programas\PC Seguro

2009-04-09 16:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\fssg

2009-04-09 16:05 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\f-secure

2009-04-08 10:02 <DIR> --d----- C:\Lop SD

2009-04-07 14:16 <DIR> --d----- c:\arquivos de programas\CCleaner

2009-03-28 10:43 <DIR> --d----- c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-03-28 10:43 <DIR> --d----- c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-03-28 10:43 <DIR> --d----- c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-03-28 10:43 <DIR> --d----- c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

 

==================== Find3M ====================

 

2009-04-10 15:32 346,014 a------- c:\windows\system32\perfh016.dat

2009-04-10 15:32 49,502 a------- c:\windows\system32\perfc016.dat

2009-04-09 16:13 196 a------- c:\windows\system32\drivers\ALCICH.DAT

2009-03-14 15:46 410,984 a------- c:\windows\system32\deploytk.dll

2009-02-14 21:09 65,912 a------- C:\nerodigital.bin

2009-01-27 13:07 11,955,079 -------- C:\AVG7QT.DAT

2009-01-20 15:25 22 a------- c:\documents and settings\louise\xrt_collect.zip

2008-09-05 12:00 0 ---sh--- c:\arquivos de programas\megatron.ini

2008-04-16 16:47 488 a---h--- c:\documents and settings\louise\hpothb07.dat

2005-10-24 23:45 81 a------- c:\documents and settings\louise\delsmltr.bat

2005-04-12 11:16 197,277 a---h--- c:\windows\inf\hpothb07.dat

2005-04-12 11:14 0 a---h--- c:\docume~1\louise\dadosd~1\hpothb07.dat

2002-12-04 14:45 751,232 a------- c:\windows\inf\drivers\video\SISGRV.DLL

2002-12-02 16:39 831,488 a------- c:\windows\inf\drivers\video\SISGL.DLL

2002-12-02 15:33 250,368 a------- c:\windows\inf\drivers\video\SISGRP.SYS

2002-11-13 18:17 6,598 a------- c:\windows\inf\drivers\video\INSTFUNC.DLL

2002-11-13 15:26 172,032 a------- c:\windows\inf\drivers\video\SISINST.DLL

2002-11-13 15:11 221,184 a------- c:\windows\inf\drivers\video\SISPARSE.DLL

2002-11-13 15:09 98,304 a------- c:\windows\inf\drivers\video\SISAPCOM.DLL

2002-11-07 13:38 159,104 a------- c:\windows\inf\drivers\video\S3GNBM.SYS

2002-11-07 13:38 370,560 a------- c:\windows\inf\drivers\video\S3GNB.DLL

2002-11-07 13:18 5,586 a------- c:\windows\inf\drivers\video\S3SETUP.DAT

2002-11-05 06:02 335,872 a------- c:\windows\inf\drivers\video\S3DISPLY.DLL

2002-10-23 00:58 299,008 a------- c:\windows\inf\drivers\video\S3GAMMA2.DLL

2002-10-01 05:08 188,416 a------- c:\windows\inf\drivers\video\S3INFO2.DLL

2002-08-09 10:12 770,048 a------- c:\windows\inf\drivers\video\NBICDNT.DLL

2002-07-10 23:39 32,256 a------- c:\windows\inf\drivers\lan\SISNIC.SYS

2002-05-29 01:06 315,392 a------- c:\windows\inf\drivers\video\S3OVRLAY.DLL

2002-04-26 18:27 49,152 a------- c:\windows\inf\drivers\video\SIS740.BIN

2002-04-26 18:27 49,152 a------- c:\windows\inf\drivers\video\SIS650.BIN

2002-03-12 03:52 69,690 a------- c:\windows\inf\drivers\video\S3UNINST.EXE

2002-02-13 11:27 166,419 a------- c:\windows\inf\drivers\modem\msp3885u\HSFHWBS2.SYS

2002-02-13 11:26 1,171,584 a------- c:\windows\inf\drivers\modem\msp3885u\HSF_DP.SYS

2002-02-13 11:20 594,032 a------- c:\windows\inf\drivers\modem\msp3885u\HSF_CNXT.SYS

2002-02-07 21:00 266,240 a------- c:\windows\inf\drivers\modem\msp3885u\HXFSETUP.EXE

2001-12-25 10:23 12,074 a------- c:\windows\inf\drivers\modem\msp3885u\HSFINST.DLL

2001-10-22 14:46 9,855 a------- c:\windows\inf\drivers\modem\msp3885u\MDMXSDK.SYS

2001-10-22 14:37 57,344 a------- c:\windows\inf\drivers\modem\msp3885u\MDMXSDK.DLL

2001-09-19 04:21 285,533 a------- c:\windows\inf\drivers\som\ALCXWDM.SYS

2001-08-07 10:53 37,376 a------- c:\windows\inf\drivers\lan\UNINST.EXE

2001-05-29 06:02 124,416 a------- c:\windows\inf\drivers\som\SOUNDMAN.EXE

2001-02-15 05:28 28,160 a------- c:\windows\inf\drivers\som\ALDAEMON.EXE

1999-02-17 02:35 60,416 a------- c:\windows\inf\drivers\video\SETUP.EXE

1998-01-28 05:15 11,264 a------- c:\windows\inf\drivers\video\setupdir\0007\_SETUP.DLL

1998-01-28 05:07 8,704 a------- c:\windows\inf\drivers\video\_ISDEL.EXE

1998-01-28 03:20 11,264 a------- c:\windows\inf\drivers\video\setupdir\001d\_SETUP.DLL

1998-01-24 05:40 11,264 a------- c:\windows\inf\drivers\video\setupdir\0009\_SETUP.DLL

1998-01-24 05:32 11,264 a------- c:\windows\inf\drivers\video\setupdir\0804\_SETUP.DLL

1998-01-24 05:32 11,264 a------- c:\windows\inf\drivers\video\setupdir\0404\_SETUP.DLL

1998-01-24 05:30 11,776 a------- c:\windows\inf\drivers\video\setupdir\001e\_SETUP.DLL

1998-01-24 05:26 11,776 a------- c:\windows\inf\drivers\video\setupdir\0019\_SETUP.DLL

1998-01-24 05:26 11,776 a------- c:\windows\inf\drivers\video\setupdir\0012\_SETUP.DLL

1998-01-24 03:49 11,776 a------- c:\windows\inf\drivers\video\setupdir\0011\_SETUP.DLL

1998-01-23 10:08 11,776 a------- c:\windows\inf\drivers\video\setupdir\000a\_SETUP.DLL

1998-01-23 10:07 11,264 a------- c:\windows\inf\drivers\video\setupdir\0416\_SETUP.DLL

1998-01-23 10:07 11,264 a------- c:\windows\inf\drivers\video\setupdir\0014\_SETUP.DLL

1998-01-23 10:07 11,776 a------- c:\windows\inf\drivers\video\setupdir\0010\_SETUP.DLL

1998-01-23 10:06 11,264 a------- c:\windows\inf\drivers\video\setupdir\040c\_SETUP.DLL

1998-01-23 10:06 11,264 a------- c:\windows\inf\drivers\video\setupdir\000b\_SETUP.DLL

1998-01-23 10:06 11,264 a------- c:\windows\inf\drivers\video\setupdir\0013\_SETUP.DLL

1998-01-23 10:05 11,264 a------- c:\windows\inf\drivers\video\setupdir\0006\_SETUP.DLL

1997-10-21 01:20 4,525 a------- c:\windows\inf\drivers\video\LANG.DAT

 

============= FINISH: 23:17:54,76 ===============

 

 

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-03-16.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 16-11-2004 14:11:47

System Uptime: 21-04-2009 20:36:32 (3 hours ago)

Processor: Intel® Celeron® CPU 2.00GHz | Socket 478 | 1999/100mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 6,07 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP459: 20-01-2009 0:41:59 - Ponto de verificação do sistema

RP460: 22-01-2009 10:43:54 - Uniblue RegistryBooster 2009

RP461: 27-01-2009 14:11:58 - Installed AVG 7.5

RP462: 06-02-2009 15:25:27 - Ponto de verificação do sistema

RP463: 07-02-2009 17:43:24 - Ponto de verificação do sistema

RP464: 08-02-2009 17:45:23 - Ponto de verificação do sistema

RP465: 09-02-2009 19:42:58 - Ponto de verificação do sistema

RP466: 10-02-2009 20:59:06 - Ponto de verificação do sistema

RP467: 11-02-2009 22:06:10 - Ponto de verificação do sistema

RP468: 12-02-2009 22:20:52 - Ponto de verificação do sistema

RP469: 13-02-2009 11:08:32 - ComboFix created restore point

RP470: 14-02-2009 13:30:40 - Ponto de verificação do sistema

RP471: 15-02-2009 12:38:19 - Ponto de verificação do sistema

RP472: 16-02-2009 13:29:59 - Ponto de verificação do sistema

RP473: 17-02-2009 14:00:14 - Ponto de verificação do sistema

RP474: 18-02-2009 14:42:43 - Ponto de verificação do sistema

RP475: 19-02-2009 15:04:56 - Ponto de verificação do sistema

RP476: 20-02-2009 19:54:50 - Ponto de verificação do sistema

RP477: 21-02-2009 19:53:22 - ComboFix created restore point

RP478: 22-02-2009 21:48:52 - Ponto de verificação do sistema

RP479: 23-02-2009 21:56:00 - Ponto de verificação do sistema

RP480: 24-02-2009 22:36:57 - Ponto de verificação do sistema

RP481: 26-02-2009 14:52:16 - Ponto de verificação do sistema

RP482: 27-02-2009 12:02:00 - ComboFix created restore point

RP483: 28-02-2009 22:57:18 - Ponto de verificação do sistema

RP484: 01-03-2009 15:20:49 - ComboFix created restore point

RP485: 02-03-2009 15:40:13 - Ponto de verificação do sistema

RP486: 03-03-2009 16:04:50 - Ponto de verificação do sistema

RP487: 04-03-2009 16:41:00 - Ponto de verificação do sistema

RP488: 05-03-2009 17:45:38 - Ponto de verificação do sistema

RP489: 06-03-2009 19:04:03 - Ponto de verificação do sistema

RP490: 07-03-2009 20:02:15 - Ponto de verificação do sistema

RP491: 08-03-2009 18:08:17 - ComboFix created restore point

RP492: 10-03-2009 12:13:21 - Ponto de verificação do sistema

RP493: 10-03-2009 12:40:04 - ComboFix created restore point

RP494: 11-03-2009 12:47:28 - Ponto de verificação do sistema

RP495: 12-03-2009 14:25:13 - Ponto de verificação do sistema

RP496: 14-03-2009 15:27:25 - Installed Java 6 Update 12

RP497: 14-03-2009 15:45:16 - Removed Java 6 Update 12

RP498: 14-03-2009 15:46:19 - Installed Java 6 Update 12

RP499: 15-03-2009 18:51:06 - Ponto de verificação do sistema

RP500: 16-03-2009 19:06:19 - Ponto de verificação do sistema

RP501: 17-03-2009 20:15:42 - Ponto de verificação do sistema

RP502: 19-03-2009 12:18:48 - Ponto de verificação do sistema

RP503: 20-03-2009 13:13:31 - Ponto de verificação do sistema

RP504: 21-03-2009 20:39:52 - Ponto de verificação do sistema

RP505: 23-03-2009 13:24:04 - Ponto de verificação do sistema

RP506: 24-03-2009 14:07:55 - Ponto de verificação do sistema

RP507: 25-03-2009 14:35:32 - Ponto de verificação do sistema

RP508: 26-03-2009 11:27:54 - ComboFix created restore point

RP509: 27-03-2009 12:41:26 - Ponto de verificação do sistema

RP510: 27-03-2009 16:07:11 - Installed Steam

RP511: 28-03-2009 20:28:58 - Ponto de verificação do sistema

RP512: 30-03-2009 12:45:26 - Ponto de verificação do sistema

RP513: 31-03-2009 12:55:46 - Ponto de verificação do sistema

RP514: 01-04-2009 13:27:22 - Ponto de verificação do sistema

RP515: 02-04-2009 14:12:38 - Ponto de verificação do sistema

RP516: 03-04-2009 14:33:51 - Ponto de verificação do sistema

RP517: 03-04-2009 22:48:55 - Instalado WebCam Companion

RP518: 05-04-2009 12:27:41 - Ponto de verificação do sistema

RP519: 05-04-2009 12:58:45 - ComboFix created restore point

RP520: 06-04-2009 13:16:08 - Ponto de verificação do sistema

RP521: 07-04-2009 13:51:16 - Ponto de verificação do sistema

RP522: 08-04-2009 9:13:06 - Configurado NTI CD-Maker

RP523: 08-04-2009 9:16:13 - Configured Miami Vice

RP524: 08-04-2009 9:21:38 - Configured Miami Vice

RP525: 09-04-2009 12:34:15 - Ponto de verificação do sistema

RP526: 09-04-2009 16:09:20 - psc 8.01 build 129 Installation

RP527: 09-04-2009 16:55:51 - ComboFix created restore point

RP528: 11-04-2009 14:01:40 - Ponto de verificação do sistema

RP529: 11-04-2009 14:45:19 - Avira AntiVir Personal - 11-04-2009 14:45

RP530: 12-04-2009 18:53:35 - Ponto de verificação do sistema

RP531: 14-04-2009 12:11:42 - Ponto de verificação do sistema

RP532: 15-04-2009 13:07:23 - Ponto de verificação do sistema

RP533: 17-04-2009 10:34:26 - Ponto de verificação do sistema

RP534: 18-04-2009 18:12:32 - Ponto de verificação do sistema

 

==== Installed Programs ======================

 

 

7-Zip 4.32

Ad-Aware SE Personal

Adobe Acrobat 5.0

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

ArcSoft PhotoImpression

ArcSoft PhotoImpression 3.0

ArcSoft WebCam Companion

Arquivo do WinRAR

Ask Toolbar

Atualização para Windows XP (KB898461)

AVG Anti-Rootkit Free

Avira AntiVir Personal - Free Antivirus

Avira AntiVir Personal – Free Antivirus

AVS Disc Creator version 2.1

Babylon

Barra de Ferramentas MSN

CCleaner (remove only)

Central de Jogos

Counter-Strike

Digital Camera

Digital Camera Driver

Discador iBest

Disco de recordações HP

Dlink DSB-C120

Download Accelerator Plus Beta

Google Toolbar for Internet Explorer

Grand Chase Season 2

HijackThis 1.99.1

HP Foto e Imagem 2.0 - All-in-One

HP Foto e Imagem 2.0 - All-in-One Drivers

HP Foto e Imagem 2.0 - hp psc 1200 series

hp psc 1200 series

InCD

InCD Reader

InterActual Player

iRiver Manager

IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

Java 6 Update 12

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

Messenger Plus! Live

MGI PhotoSuite 4 (Somente Remover)

MGI Photovista 2.02(Remove only)

Microsoft Visual C Runtime

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

mIRC

Motorola Handset USB Driver

MU

Nero Media Player

Nero OEM

NeroVision Express 2

Patricinha Script 0.9

PC Camera (6029 CIF)

Picasa 3

PresenterSoft MediaEasy 2.2.3

Receitanet 2009

SiS 900 PCI Fast Ethernet Adapter Driver

Skype™ Beta 4.0

Smart Defrag 1.11

Sony Picture Utility

Sony USB Driver

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

Spyware Doctor 6.0

SST INC. PORTABLE CARD READER

SST INC. TA Reader v.3.0

Steam

Unity Web Player

Visualizador do Microsoft Office PowerPoint 2003

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Live Messenger

Windows Live Sign-in Assistant

Windows XP Hotfix - KB823980

Windows XP Hotfix - KB833987

Windows XP Hotfix - KB842773

Windows XP Hotfix - KB887811

Windows XP Hotfix - KB887822

Xilisoft 3GP Video Converter

Yahoo! Companion

 

==== End Of File ===========================

[DigRam 144]

Boa Tarde! allan_aguia

 

<!> Desinstale:

 

<!> Spyware Doctor 6.0

 

<!> Ask Toolbar

 

<><><><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[allan_aguia 0]

nao consegui desinstalar Ask Toolbar esta aparecendo erro ao carregar c:\arquiv~1\askpbar\bar\1.bin\askpbar.dll

nao foi possivel encontrar o modolu especifico.

 

 

ComboFix 09-04-27.02 - Louise 28-04-2009 0:00.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.1.1252.55.1046.18.479.222 [GMT -3:00]

Executando de: c:\documents and settings\Louise\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-4-28 ))))))))))))))))))))))))))))

.

 

2009-04-25 16:30 . 2001-08-17 23:12 23070 -c--a-w c:\windows\system32\dllcache\rtl8139.sys

2009-04-25 16:30 . 2001-08-17 23:12 23070 ----a-w c:\windows\system32\drivers\RTL8139.sys

2009-04-15 02:23 . 2009-04-15 02:28 4626422 ----a-w c:\arquivos de programas\avz4en.zip

2009-04-12 19:22 . 2009-04-25 02:29 -------- d-----w C:\LinhaDefensiva

2009-04-11 17:45 . 2009-04-11 17:45 -------- d-----w c:\arquivos de programas\Avira

2009-04-11 16:44 . 2001-08-18 09:36 8192 -c--a-w c:\windows\system32\dllcache\kbdkor.dll

2009-04-11 16:44 . 2001-08-18 09:36 8704 -c--a-w c:\windows\system32\dllcache\kbdjpn.dll

2009-04-11 16:44 . 2001-08-18 01:55 6144 -c--a-w c:\windows\system32\dllcache\kbd106.dll

2009-04-11 16:44 . 2001-08-18 01:55 5632 -c--a-w c:\windows\system32\dllcache\kbd103.dll

2009-04-11 16:44 . 2001-08-18 01:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101c.dll

2009-04-11 16:44 . 2001-08-18 01:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll

2009-04-09 19:18 . 2009-04-09 19:18 -------- d-----w c:\documents and settings\Louise\Dados de aplicativos\F-Secure

2009-04-09 19:11 . 2009-04-09 19:11 -------- d-----w c:\documents and settings\NetworkService\Configurações locais\Dados de aplicativos\F-Secure

2009-04-09 19:09 . 2009-04-10 18:41 -------- d-----w c:\arquivos de programas\PC Seguro

2009-04-09 19:08 . 2009-04-09 19:08 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\fssg

2009-04-09 19:05 . 2009-04-10 18:34 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\f-secure

2009-04-08 13:02 . 2009-04-08 13:09 -------- d-----w C:\Lop SD

2009-04-07 17:16 . 2009-04-07 17:17 -------- d-----w c:\arquivos de programas\CCleaner

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-25 02:25 . 2007-03-26 16:21 -------- d-----w c:\arquivos de programas\Counter-Strike

2009-04-25 02:05 . 2004-11-16 17:59 -------- d-----w c:\arquivos de programas\Serviços on-line

2009-04-11 19:19 . 2006-04-12 12:25 -------- d-----w c:\arquivos de programas\DAP

2009-04-10 18:32 . 2002-09-11 12:00 49502 ----a-w c:\windows\system32\perfc016.dat

2009-04-10 18:32 . 2002-09-11 12:00 346014 ----a-w c:\windows\system32\perfh016.dat

2009-04-09 19:13 . 2008-05-26 14:37 196 ----a-w c:\windows\system32\drivers\ALCICH.DAT

2009-04-08 12:22 . 2004-11-17 15:34 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-04-08 12:13 . 2004-11-17 15:32 -------- d-----w c:\arquivos de programas\NewTech Infosystems

2009-03-28 14:00 . 2006-05-29 01:45 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-03-28 13:43 . 2009-03-28 13:43 -------- d-----w c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-03-28 13:43 . 2009-03-28 13:43 -------- d-----w c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-03-28 13:43 . 2009-03-28 13:43 -------- d-----w c:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-03-28 13:43 . 2009-03-28 13:43 -------- d-----w c:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-03-27 19:07 . 2006-12-31 15:43 -------- d-----w c:\arquivos de programas\Steam

2009-03-27 17:37 . 2009-03-27 17:37 -------- d-----w c:\arquivos de programas\Windows Live Safety Center

2009-03-18 17:03 . 2009-03-18 17:03 -------- d-----w c:\arquivos de programas\IObit

2009-03-14 19:12 . 2009-03-14 19:12 -------- d-----w C:\Arquivos de Programas RFB

2009-03-14 18:46 . 2009-03-14 18:28 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-14 18:46 . 2009-03-14 18:46 -------- d-----w c:\arquivos de programas\Java

2009-03-01 05:33 . 2009-03-01 03:49 -------- d-----w c:\arquivos de programas\Anti Trojan Elite

2009-02-28 03:04 . 2009-02-28 03:04 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-15 00:09 . 2009-02-15 00:09 65912 ----a-w C:\nerodigital.bin

2009-02-11 13:19 . 2009-02-28 03:04 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 13:19 . 2009-02-28 03:04 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-09-05 15:00 . 2008-09-05 15:00 0 --sh--w c:\arquivos de programas\megatron.ini

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-11 13312]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^avg.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\avg.exe

backup=c:\windows\pss\avg.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hp psc 1000 series.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hp psc 1000 series.lnk

backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^JVM0.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\JVM0.exe

backup=c:\windows\pss\JVM0.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Windows32.exe

backup=c:\windows\pss\Windows32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winexec32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\winexec32.exe

backup=c:\windows\pss\winexec32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Louise^Menu Iniciar^Programas^Inicializar^MyWebSearch Email Plugin.lnk]

path=c:\documents and settings\Louise\Menu Iniciar\Programas\Inicializar\MyWebSearch Email Plugin.lnk

backup=c:\windows\pss\MyWebSearch Email Plugin.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WZCSVC"=2 (0x2)

"Themes"=2 (0x2)

"SENS"=2 (0x2)

"Schedule"=2 (0x2)

"Pctspk"=2 (0x2)

"svcWRSSSDK"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\explorer.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"28579:TCP"= 28579:TCP:port

"15438:TCP"= 15438:TCP:port

 

R0 TfFsMon;TfFsMon; [x]

R0 TfSysMon;TfSysMon; [x]

R1 PLUG;Driver do GB; [x]

R3 ATE_PROCMON;ATE_PROCMON; [x]

R3 ddsxeiservice;ddsxeiservice2; [x]

R3 LNIC;LG LNIC-10/100S Series Ethernet Adapter;c:\windows\system32\DRIVERS\LNIC.sys [2004-03-18 38656]

R3 npggsvc;nProtect GameGuard Service;c:\windows\System32\GameMon.des [2009-02-12 2777850]

R3 PAC207;Dlink DSB-C120;c:\windows\system32\DRIVERS\PFC027.SYS [2006-11-20 506112]

R3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\DRIVERS\snpp106.sys [2003-04-09 227200]

R3 TfNetMon;TfNetMon; [x]

R4 Integrated Windows Authentication;Integrated Windows Authentication; [x]

S0 avgntmgr;avgntmgr;c:\windows\SYSTEM32\DRIVERS\avgntmgr.sys [2009-02-13 22360]

S0 SSI;SSI;c:\windows\system32\Drivers\SSI.SYS [2005-10-27 78336]

S1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2009-02-13 45416]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6ed591f-37e6-11d9-91ce-806d6172696f}]

\shell\play\command - "c:\arquivos de programas\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe" %1

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2005-02-19 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8100704202.job

- c:\arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 02:52]

 

2009-04-06 c:\windows\Tasks\SmartDefrag.job

- c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-03-18 21:15]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mWindow Title = Microsoft Internet Explorer

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: {54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF} = 172.16.4.22

TCP: {FB9E65B0-8206-44C3-9FC1-B2672C9D3A3F} = 172.16.4.22

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-28 00:05

Windows 5.1.2600 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(528)

c:\windows\System32\ODBC32.dll

 

- - - - - - - > 'lsass.exe'(584)

c:\windows\System32\dssenh.dll

 

- - - - - - - > 'explorer.exe'(3068)

c:\docume~1\Louise\CONFIG~1\Temp\catchme.dll

.

Tempo para conclusão: 2009-04-28 0:08

ComboFix-quarantined-files.txt 2009-04-28 03:07

ComboFix2.txt 2009-04-09 20:08

 

Pré-execução: 6.175.576.064 bytes disponíveis

Pós execução: 6.405.828.608 bytes disponíveis

 

168

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 12:26, on 28-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\PC Seguro\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\PC Seguro\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB9E65B0-8206-44C3-9FC1-B2672C9D3A3F}: NameServer = 172.16.4.22

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

[DigRam 144]

Bom Dia! allan_aguia

 

<@> Abra o avz4 e delete os arquivos,que estão quarantinados.

<@> Clique em File --> 'Quarantine Folder Viewer.

<@> Marque todas as caixinhas,e clique em Delete --> Yes!

<@> Clique,também,em Delete folder --> Yes --> OK.

<><><><><><><><><><>

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[allan_aguia 0]

Logfile of HijackThis v1.99.1

Scan saved at 12:09, on 28-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\PC Seguro\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\PC Seguro\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB9E65B0-8206-44C3-9FC1-B2672C9D3A3F}: NameServer = 172.16.4.22

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

 

 

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 1

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.00GHz )

BIOS : )Phoenix - Award WorkstationBIOS v6.00PG

USER : Louise ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:5 Go)

D:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 28-04-2009|11:53 )

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Arquivos de programas\AskPBar\bar

Deletado! - C:\Arquivos de programas\AskPBar\SrchAstt

Deletado! - C:\Arquivos de programas\AskPBar

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com.br/"

"Local Page"="C:\\WINDOWS\\SYSTEM32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Local Page"="C:\\WINDOWS\\SYSTEM32\\blank.htm"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 28-04-2009|11:57 - Option : [2]

 

-----------\\ Verificação completa em 11:57:30,14

 

 

 

abraço... valeuuuuuuu.....

[DigRam 144]

Boa Tarde! allan_aguia

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<><><><><><><><><><><>

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

 

O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)

 

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

 

O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)

 

<@> Marque,àcima,estas entradas!

<@> Clique em Fix checked --> Sim!

<><><><><><><><><><><>

<@> Vá a este link,e baixe: < Malwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[allan_aguia 0]

ola irmao, gostaria de lhe perguntar se esse R1/R3 e 016 que aparecem no post do hijack, poderia ser virus.?

pois de outras vezes, o pc ficou lento e tinha aparecido esse R1 no cpu, ai eu marquei e deletei, e achei q melhorou.

desculpe minha leiguice... auhsuashuashuahs grato!!! abraço;.;.;.;.

 

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2058

Windows 5.1.2600 Service Pack 1

 

29-04-2009 11:54:28

mbam-log-2009-04-29 (11-54-28).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 163187

Tempo decorrido: 1 hour(s), 2 minute(s), 36 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:57, on 29-04-2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Louise\Meus documentos\instaladores\hijackthis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{54A72A25-B7B5-4B60-ABE7-1B0E7108A7CF}: NameServer = 172.16.4.22

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB9E65B0-8206-44C3-9FC1-B2672C9D3A3F}: NameServer = 172.16.4.22

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\System32\GameMon.des.exe (file missing)

 

nao estou conseguindo utilizar o genial gift, ja desinstalei e instalei, mas ele fica sendo dectado pelo avira.

ja instalei com o avira desativado mas quando vou abrir aparece Eaccessviolation.

abraço.

[DigRam 144]

Boa Noite! allan_aguia

 

ola irmao, gostaria de lhe perguntar se esse R1/R3 e 016 que aparecem no post do hijack, poderia ser virus.?

pois de outras vezes, o pc ficou lento e tinha aparecido esse R1 no cpu, ai eu marquei e deletei, e achei q melhorou.

desculpe minha leiguice... auhsuashuashuahs grato!!! abraço;.;.;.;.

<!> As entradas são legítimas.

 

nao estou conseguindo utilizar o genial gift, ja desinstalei e instalei, mas ele fica sendo dectado pelo avira.

ja instalei com o avira desativado mas quando vou abrir aparece Eaccessviolation.

<!> Já tentou baixar outro compartilhador?

<><><><><><><><><><><>

<!> O log está limpo!

 

Abraços!

[allan_aguia 0]

ja baixei o ares e o kaaza mas so fica conectando.... sera que foi pq troquei a placa de rede? ou sera q desconfigureou alguma coisa?

obrigada pela paciencia.... abraço...

[DigRam 144]

ja baixei o ares e o kaaza mas so fica conectando.... sera que foi pq troquei a placa de rede? ou sera q desconfigureou alguma coisa?

obrigada pela paciencia.... abraço...

<><><><><><><><><>

Opa! allan_aguia

 

<!> Tente otimizar suas conecções,com o TuneUp Utilities.

<><><><><><><><><>

<@> Faça o download do TuneUp Utilities 2009.

<@> Para baixar,digite o seu E-Mail e clique em Start download.

<@> Salve o executável,TU2009TrialEN.exe,em Arquivos de Programas.

<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.

<@> Procure desfragmentar o Disco e Registro.

<@> Vá em Star Page,e otimize sua conecção.

<@> Posteriormente,voçê descobrirá que este utilitário realiza muitas funções,que são úteis ao computador.

 

Abraços!