[Resolvido!] IE abre popup sozinho

[carols2tutu 0]

Bom dia a todos! Bom, meu problema deve ter começado qd fui conectar meu pen drive no meu pc e meu antivirus acusou a presença de 2 virus q foram devidamente excluidos por mim...porém, depois disso meu internet explorer abre sozinho popups de páginas ---ográficas, de jogos, viagens de cruzeiros e etc. que eu nunca visitei...gostaria de ajuda para resolver meu problema ... Segue o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:35:24, on 20/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\gread32.exe

E:\WINDOWS\RTHDCPL.EXE

E:\WINDOWS\system32\RUNDLL32.EXE

E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

E:\Arquivos de programas\D-Tools\daemon.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\HPZipm12.exe

E:\WINDOWS\System32\PAStiSvc.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Internet Explorer\iexplore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Documents and Settings\CarOol\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] E:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] E:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] E:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [AAWTray] E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Policies\Explorer\Run: [inside] E:\WINDOWS\system32\gread32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: STI Simulator - Unknown owner - E:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 8841 bytes

 

 

 

 

-----------------------------------------------

Desde já agradeço. :joia:

[Sam Spade 2]

Olá carols2tutu! Baixe: ComboFix > salve na área de trabalho

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  
• Dê um duplo-clique no combofix.exe e clique em Executar para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

 

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[carols2tutu 0]

Olá, desculpe a ignorancia, mas como faço para desativar o antivirus e antispywares? tenho o avast e o adware...

[carols2tutu 0]

Olá,

Segue o log do combofix:

 

 

 

ComboFix 09-04-21.A8 - CarOol 21/04/2009 13:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1919.1423 [GMT -3:00]

Executando de: e:\documents and settings\CarOol\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

e:\windows\system32\AutoRun.inf

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-21 to 2009-04-21 ))))))))))))))))))))))))))))

.

 

2009-04-21 14:37 . 2001-08-18 00:56 7552 -c--a-w e:\windows\system32\dllcache\sonypvu1.sys

2009-04-21 14:37 . 2001-08-18 00:56 7552 ----a-w e:\windows\system32\drivers\SONYPVU1.SYS

2009-04-21 13:52 . 2009-04-21 14:38 1374 ----a-w e:\windows\imsins.BAK

2009-04-20 14:46 . 2009-04-20 14:46 -------- d-----w E:\!KillBox

2009-04-16 18:34 . 2009-04-16 18:34 0 --sha-r E:\khq

2009-04-16 18:33 . 2009-04-16 18:34 647566 ----a-w e:\windows\system32\gread32.exe

2009-04-13 11:48 . 2009-04-13 11:48 268 ---ha-w E:\sqmdata00.sqm

2009-04-13 11:48 . 2009-04-13 11:48 244 ---ha-w E:\sqmnoopt00.sqm

2009-04-11 21:45 . 2009-04-11 21:45 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\vdownloader

2009-04-11 21:45 . 2009-04-11 21:45 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\vdownloader

2009-04-11 21:45 . 2009-04-12 17:02 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\Desktopicon

2009-04-05 20:47 . 2009-04-05 23:05 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\WMTools Downloaded Files

2009-04-05 20:47 . 2009-04-05 23:05 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\WMTools Downloaded Files

2009-04-03 01:33 . 2009-04-03 10:44 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Google

2009-04-03 01:33 . 2009-04-03 10:44 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Google

2009-04-03 00:45 . 2009-04-03 01:29 -------- d-----w e:\windows\system32\Adobe

2009-04-01 01:23 . 2009-04-01 01:23 107888 ----a-w e:\windows\system32\CmdLineExt.dll

2009-04-01 00:43 . 2004-08-18 08:34 442368 ----a-r e:\windows\system32\vp6vfw.dll

2009-04-01 00:26 . 2009-04-18 17:45 69 ----a-w e:\windows\NeroDigital.ini

2009-03-31 20:31 . 2009-04-12 00:24 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-03-29 16:59 . 2004-08-22 19:31 5248 ----a-w e:\windows\system32\drivers\d347prt.sys

2009-03-29 16:59 . 2004-08-22 19:31 155136 ----a-w e:\windows\system32\drivers\d347bus.sys

2009-03-29 16:59 . 2009-03-29 16:59 -------- d-----w e:\windows\Downloaded Installations

2009-03-29 00:23 . 2008-06-14 17:59 272384 -c----w e:\windows\system32\dllcache\bthport.sys

2009-03-29 00:23 . 2008-06-14 17:59 272384 ------w e:\windows\system32\drivers\bthport.sys

2009-03-28 21:22 . 2009-03-28 21:22 -------- d-----w e:\windows\PixArt

2009-03-28 21:21 . 2009-03-28 21:21 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\HP

2009-03-28 21:05 . 2009-04-21 14:38 -------- d-----w e:\windows\system32\pt-br

2009-03-28 20:44 . 2009-02-20 17:11 52224 -c----w e:\windows\system32\dllcache\msfeedsbs.dll

2009-03-28 20:44 . 2009-02-20 17:11 459264 -c----w e:\windows\system32\dllcache\msfeeds.dll

2009-03-28 20:44 . 2009-02-20 17:11 268288 -c----w e:\windows\system32\dllcache\iertutil.dll

2009-03-28 20:44 . 2008-07-09 14:31 1024000 -c----w e:\windows\system32\dllcache\ieframe.dll.mui

2009-03-28 20:44 . 2009-02-20 17:11 383488 -c----w e:\windows\system32\dllcache\ieapfltr.dll

2009-03-28 20:44 . 2009-02-20 10:20 13824 -c----w e:\windows\system32\dllcache\ieudinit.exe

2009-03-28 20:44 . 2008-07-09 14:25 2455488 -c----w e:\windows\system32\dllcache\ieapfltr.dat

2009-03-28 20:44 . 2009-02-20 17:11 63488 -c----w e:\windows\system32\dllcache\icardie.dll

2009-03-28 20:44 . 2009-02-20 17:11 6066176 -c----w e:\windows\system32\dllcache\ieframe.dll

2009-03-28 20:39 . 2009-03-28 20:39 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\AdobeUM

2009-03-28 20:38 . 2009-03-28 20:39 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Adobe

2009-03-28 20:38 . 2009-03-28 20:39 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Adobe

2009-03-28 20:08 . 2009-03-28 20:08 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-03-28 19:49 . 2009-03-28 20:07 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\NOS

2009-03-28 19:49 . 2009-03-28 20:07 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\NOS

2009-03-28 19:36 . 2009-04-08 11:17 -------- d-----w e:\documents and settings\CarOol\Contacts

2009-03-28 19:29 . 2009-04-20 22:35 -------- d-----w e:\windows\system32\LogFiles

2009-03-28 19:29 . 2009-03-28 19:30 -------- d-----w e:\windows\system32\drivers\UMDF

2009-03-28 18:49 . 2009-03-28 18:52 -------- d-----w e:\windows\system32\CatRoot_bak

2009-03-28 18:12 . 2009-02-09 11:50 2061952 -c----w e:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-28 18:12 . 2009-02-09 11:50 2184704 -c----w e:\windows\system32\dllcache\ntoskrnl.exe

2009-03-28 18:12 . 2009-02-09 11:50 2140160 -c----w e:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-28 18:12 . 2009-02-09 11:50 2019840 -c----w e:\windows\system32\dllcache\ntkrpamp.exe

2009-03-28 18:00 . 2008-10-24 11:10 453632 -c----w e:\windows\system32\dllcache\mrxsmb.sys

2009-03-28 17:38 . 2009-04-21 14:37 -------- d--h--w e:\windows\$hf_mig$

2009-03-28 17:34 . 2009-03-28 17:34 -------- d-sh--w e:\documents and settings\CarOol\UserData

2009-03-28 17:24 . 2009-03-28 17:24 68480 ----a-w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-28 17:24 . 2009-03-28 17:24 68480 ----a-w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-28 17:24 . 2009-04-01 00:49 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\Ahead

2009-03-28 17:23 . 2009-03-28 17:24 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Ahead

2009-03-28 17:23 . 2009-03-28 17:24 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Ahead

2009-03-28 17:23 . 2009-03-28 17:23 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-03-28 17:21 . 2009-03-28 17:21 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Nero

2009-03-28 17:15 . 2006-10-26 22:56 32592 ----a-w e:\windows\system32\msonpmon.dll

2009-03-28 17:12 . 2009-03-28 17:14 -------- d-----w e:\windows\SHELLNEW

2009-03-28 17:12 . 2009-03-28 17:12 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Microsoft Help

2009-03-28 17:12 . 2009-03-28 17:12 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Microsoft Help

2009-03-28 17:12 . 2009-03-28 17:15 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-28 17:12 . 2009-03-28 17:12 -------- d--h--r E:\MSOCache

2009-03-28 16:58 . 2003-03-18 20:20 1060864 ----a-w e:\windows\system32\MFC71.dll

2009-03-28 16:58 . 2003-03-18 19:14 499712 ----a-w e:\windows\system32\MSVCP71.dll

2009-03-28 16:58 . 2003-02-21 03:42 348160 ----a-w e:\windows\system32\MSVCR71.dll

2009-03-28 16:57 . 2009-03-28 16:57 940794 ----a-w e:\windows\system32\LoopyMusic.wav

2009-03-28 16:57 . 2009-03-28 16:57 146650 ----a-w e:\windows\system32\BuzzingBee.wav

2009-03-28 16:57 . 2009-03-28 16:57 -------- d-----w e:\windows\system32\Lang

2009-03-28 16:54 . 2009-04-21 16:31 188791 ----a-w e:\windows\system32\nvapps.xml

2009-03-28 16:53 . 2009-03-28 16:53 -------- d-----w e:\windows\nview

2009-03-28 16:53 . 2008-08-01 06:48 453152 ----a-w e:\windows\system32\nvudisp.exe

2009-03-28 16:53 . 2008-08-01 06:48 18335 ----a-w e:\windows\system32\nvdisp.nvu

2009-03-28 16:51 . 2007-11-14 07:18 553 ------r e:\windows\USetup.iss

2009-03-28 16:50 . 2008-10-28 09:18 17331200 ----a-w e:\windows\RTHDCPL.EXE

2009-03-28 16:50 . 2006-01-04 07:41 1389056 ----a-w e:\windows\system32\drivers\Monfilt.sys

2009-03-28 16:50 . 2008-09-30 08:38 2168320 ----a-w e:\windows\MicCal.exe

2009-03-28 16:50 . 2008-06-19 08:20 57344 ----a-w e:\windows\ALCMTR.EXE

2009-03-28 16:50 . 2008-08-05 12:10 1684736 ----a-w e:\windows\system32\drivers\Ambfilt.sys

2009-03-28 16:50 . 2008-06-19 08:42 2808832 ----a-w e:\windows\ALCWZRD.EXE

2009-03-28 16:50 . 2008-06-19 08:24 278528 ----a-w e:\windows\system32\ALSNDMGR.CPL

2009-03-28 16:50 . 2008-08-25 08:17 528384 ------r e:\windows\RtlExUpd.dll

2009-03-28 16:49 . 2007-04-16 19:46 33792 ----a-w e:\windows\system32\drivers\AmdPPM.sys

2009-03-28 16:49 . 2009-03-28 16:49 -------- dc----w e:\windows\system32\DRVSTORE

2009-03-28 16:48 . 2009-03-28 16:48 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\InstallShield

2009-03-28 16:48 . 2004-08-14 02:56 5810 ----a-r e:\windows\system32\drivers\ASACPI.sys

2009-03-28 16:47 . 2009-03-28 16:48 26653 ----a-w e:\windows\Ascd_tmp.ini

2009-03-28 16:47 . 2007-12-29 23:22 10296 ----a-w e:\windows\system32\drivers\ASUSHWIO.SYS

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 16:35 . 2001-10-28 15:07 48628 ----a-w e:\windows\system32\perfc016.dat

2009-04-21 16:35 . 2001-10-28 15:07 344380 ----a-w e:\windows\system32\perfh016.dat

2009-04-20 02:18 . 2009-03-28 19:33 -------- d-----w e:\arquivos de programas\eMule

2009-04-18 17:56 . 2009-04-18 17:56 -------- d-----w e:\arquivos de programas\Lavalys

2009-04-12 16:58 . 2009-03-29 17:22 -------- d-----w e:\arquivos de programas\EA GAMES

2009-04-03 01:42 . 2009-04-03 01:30 -------- d-----w e:\arquivos de programas\Google

2009-03-30 02:37 . 2009-03-28 21:12 -------- d-----w e:\arquivos de programas\HP

2009-03-29 16:59 . 2009-03-29 16:59 -------- d-----w e:\arquivos de programas\D-Tools

2009-03-29 01:31 . 2009-03-29 01:31 -------- d-----w e:\arquivos de programas\MSXML 4.0

2009-03-28 21:23 . 2009-03-28 16:49 -------- d--h--w e:\arquivos de programas\InstallShield Installation Information

2009-03-28 21:22 . 2009-03-28 21:22 -------- d-----w e:\arquivos de programas\Arquivos comuns\PCCamera

2009-03-28 21:22 . 2009-03-28 21:22 -------- d-----w e:\arquivos de programas\PC Camera

2009-03-28 21:22 . 2009-03-28 16:50 -------- d-----w e:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-28 21:20 . 2009-03-28 21:11 119088 ----a-w e:\windows\hpoins11.dat

2009-03-28 21:19 . 2009-03-28 21:19 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\HP

2009-03-28 21:16 . 2009-03-28 21:16 -------- d-----w e:\arquivos de programas\Arquivos comuns\HP

2009-03-28 21:14 . 2009-03-28 21:14 -------- d-----w e:\arquivos de programas\Hewlett-Packard

2009-03-28 21:14 . 2009-03-28 21:14 -------- d-----w e:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-03-28 20:08 . 2009-03-28 20:08 -------- d-----w e:\arquivos de programas\Lavasoft

2009-03-28 20:07 . 2009-03-28 20:07 -------- d-----w e:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-03-28 20:07 . 2009-03-28 20:07 -------- d-----w e:\arquivos de programas\Arquivos comuns\Adobe

2009-03-28 20:00 . 2009-03-28 20:00 -------- d-----w e:\arquivos de programas\Windows Live

2009-03-28 20:00 . 2009-03-28 20:00 -------- d-----w e:\arquivos de programas\Messenger Plus! Live

2009-03-28 20:00 . 2009-03-28 19:35 -------- d-----w e:\arquivos de programas\MSN Messenger

2009-03-28 19:52 . 2009-03-28 19:52 -------- d-----w e:\arquivos de programas\CCleaner

2009-03-28 19:30 . 2009-03-28 19:30 -------- d-----w e:\arquivos de programas\Windows Media Connect 2

2009-03-28 17:22 . 2009-03-28 17:21 -------- d-----w e:\arquivos de programas\Arquivos comuns\Ahead

2009-03-28 17:21 . 2009-03-28 17:21 -------- d-----w e:\arquivos de programas\Nero

2009-03-28 17:14 . 2009-03-28 17:14 -------- d-----w e:\arquivos de programas\Microsoft Works

2009-03-28 17:14 . 2009-03-28 17:14 -------- d-----w e:\arquivos de programas\MSBuild

2009-03-28 16:58 . 2009-03-28 16:58 -------- d-----w e:\arquivos de programas\Alwil Software

2009-03-28 16:54 . 2009-03-28 16:54 -------- d-----w e:\arquivos de programas\NVIDIA Corporation

2009-03-28 16:50 . 2009-03-28 16:50 -------- d-----w e:\arquivos de programas\Realtek

2009-03-28 16:49 . 2009-03-28 16:49 -------- d-----w e:\arquivos de programas\AMD

2009-03-28 16:43 . 2009-03-28 15:07 86327 ----a-w e:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-28 15:08 . 2009-03-28 15:08 -------- d-----w e:\arquivos de programas\microsoft frontpage

2009-03-28 15:07 . 2009-03-28 15:07 -------- d-----w e:\arquivos de programas\Serviços on-line

2009-03-28 15:06 . 2009-03-28 15:06 -------- d-----w e:\arquivos de programas\Arquivos comuns\Serviços

2009-03-28 15:05 . 2009-03-28 15:05 21844 ----a-w e:\windows\system32\emptyregdb.dat

2009-03-06 14:46 . 2004-08-04 03:45 285696 ----a-w e:\windows\system32\pdh.dll

2009-03-03 00:06 . 2004-08-04 03:45 826368 ----a-w e:\windows\system32\wininet.dll

2009-02-20 17:11 . 2004-08-04 03:45 78336 ----a-w e:\windows\system32\ieencode.dll

2009-02-09 14:17 . 2004-08-04 03:38 1846400 ----a-w e:\windows\system32\win32k.sys

2009-02-09 11:50 . 2004-08-04 00:40 2019840 ----a-w e:\windows\system32\ntkrnlpa.exe

2009-02-09 11:50 . 2004-08-04 03:40 2140160 ----a-w e:\windows\system32\ntoskrnl.exe

2009-02-09 10:19 . 2004-08-04 03:45 399360 ----a-w e:\windows\system32\rpcss.dll

2009-02-09 10:19 . 2004-08-04 03:45 726016 ----a-w e:\windows\system32\lsasrv.dll

2009-02-09 10:19 . 2004-08-04 03:45 683008 ----a-w e:\windows\system32\advapi32.dll

2009-02-09 10:19 . 2004-08-04 03:45 730624 ----a-w e:\windows\system32\ntdll.dll

2009-02-09 10:08 . 2004-08-04 03:45 111104 ----a-w e:\windows\system32\services.exe

2009-02-06 16:54 . 2001-10-28 15:07 35328 ----a-w e:\windows\system32\sc.exe

2009-02-03 20:10 . 2004-08-04 03:45 55808 ----a-w e:\windows\system32\secur32.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-08-31 23:33 322368 ----a-w e:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2009-04-03 01:38 251504 ----a-w e:\arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2009-04-18 17:37 668656 ----a-w e:\arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

2009-04-03 01:38 522224 ----a-w e:\arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="e:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-08-01 86016]

"avast!"="e:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"GrooveMonitor"="e:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NeroFilterCheck"="e:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="e:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]

"InCD"="e:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

"AAWTray"="e:\arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]

"HP Software Update"="e:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"DAEMON Tools-1033"="e:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.EXE [2008-10-28 17331200]

"nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2008-08-01 1630208]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Inside"="e:\windows\system32\gread32.exe" [2009-04-16 647566]

 

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - e:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - e:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - e:\windows\system32\webcheck.dll [2009-02-20 233472]

"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll [2006-10-19 133632]

"UPnPMonitor"= {e57ce738-33e8-4c51-8354-bb4de9d215d1} - e:\windows\system32\upnpui.dll [2004-08-04 239616]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"e:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"e:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"e:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Arquivos de programas\\eMule\\emule.exe"=

"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;e:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S3 PAC207;SoC PC-Camera Beta3;e:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]

 

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

SSODL-PostBootReminder-{7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

 

 

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\arquivos de programas\Messenger\msmsgs.exe

IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\arquiv~1\MICROS~2\Office12\REFIEBAR.DLL

LSP: %SYSTEMROOT%\system32\nvLsp.dll

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - e:\windows\system32\urlmon.dll

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - e:\windows\system32\urlmon.dll

Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - e:\windows\system32\urlmon.dll

Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} -

Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - e:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\arquiv~1\MICROS~2\Office12\GR99D3~1.DLL

Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - e:\windows\system32\itss.dll

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - e:\arquiv~1\MSNMES~1\MSGRAP~1.DLL

Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - e:\windows\system32\urlmon.dll

Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - e:\windows\system32\itss.dll

Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - e:\arquiv~1\ARQUIV~1\System\OLEDB~1\MSDAIPP.DLL

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - e:\arquiv~1\MSNMES~1\MSGRAP~1.DLL

Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} -

Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - e:\windows\system32\msvidctl.dll

Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - e:\windows\system32\itss.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 13:45

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(796)

e:\windows\system32\nvLsp.dll

.

Tempo para conclusão: 2009-04-21 13:46

ComboFix-quarantined-files.txt 2009-04-21 16:46

 

Pré-execução: 11 pasta(s) 23.408.549.888 bytes disponíveis

Pós execução: 10 pasta(s) 23.485.075.456 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

286 --- E O F --- 2009-04-21 14:38

[Sam Spade 2]

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

E:\khq

e:\windows\system32\gread32.exe

 

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Inside"=-

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Siga as intruções desta página e peça ajuda em Remoção de Malware

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Poste um novo log do HijackThis. Anexe o novo log do ComboFix.

[carols2tutu 0]

Segue o log do hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:16:35, on 21/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

E:\WINDOWS\RTHDCPL.EXE

E:\WINDOWS\system32\RUNDLL32.EXE

E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

E:\Arquivos de programas\D-Tools\daemon.exe

E:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

E:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\HPZipm12.exe

E:\WINDOWS\System32\PAStiSvc.exe

E:\WINDOWS\system32\svchost.exe

E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

E:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

E:\WINDOWS\System32\svchost.exe

E:\Arquivos de programas\Internet Explorer\iexplore.exe

E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Documents and Settings\CarOol\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - E:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "E:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] E:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] E:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [AAWTray] E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avgnt] "E:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] E:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\nvlsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - E:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - E:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

O23 - Service: STI Simulator - Unknown owner - E:\WINDOWS\System32\PAStiSvc.exe

 

--

End of file - 8195 bytes

 

 

----------------------------------------------------------------------------------------------------------------

 

Log do COmbofix:

 

ComboFix 09-04-22.02 - CarOol 21/04/2009 23:08.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1919.1450 [GMT -3:00]

Executando de: e:\documents and settings\CarOol\Desktop\ComboFix.exe

Comandos utilizados :: e:\documents and settings\CarOol\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

E:\khq

e:\windows\system32\gread32.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

E:\khq

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))

.

 

2009-04-21 18:29 . 2009-02-13 14:31 55640 ----a-w e:\windows\system32\drivers\avgntflt.sys

2009-04-21 18:29 . 2009-04-21 18:29 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Avira

2009-04-21 14:37 . 2001-08-18 00:56 7552 -c--a-w e:\windows\system32\dllcache\sonypvu1.sys

2009-04-21 14:37 . 2001-08-18 00:56 7552 ----a-w e:\windows\system32\drivers\SONYPVU1.SYS

2009-04-20 14:46 . 2009-04-20 14:46 -------- d-----w E:\!KillBox

2009-04-13 11:48 . 2009-04-13 11:48 268 ---ha-w E:\sqmdata00.sqm

2009-04-13 11:48 . 2009-04-13 11:48 244 ---ha-w E:\sqmnoopt00.sqm

2009-04-11 21:45 . 2009-04-11 21:45 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\vdownloader

2009-04-11 21:45 . 2009-04-11 21:45 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\vdownloader

2009-04-11 21:45 . 2009-04-12 17:02 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\Desktopicon

2009-04-05 20:47 . 2009-04-05 23:05 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\WMTools Downloaded Files

2009-04-05 20:47 . 2009-04-05 23:05 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\WMTools Downloaded Files

2009-04-03 01:33 . 2009-04-03 10:44 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Google

2009-04-03 01:33 . 2009-04-03 10:44 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Google

2009-04-03 00:45 . 2009-04-03 01:29 -------- d-----w e:\windows\system32\Adobe

2009-04-01 01:23 . 2009-04-01 01:23 107888 ----a-w e:\windows\system32\CmdLineExt.dll

2009-04-01 00:43 . 2004-08-18 08:34 442368 ----a-r e:\windows\system32\vp6vfw.dll

2009-04-01 00:26 . 2009-04-18 17:45 69 ----a-w e:\windows\NeroDigital.ini

2009-03-31 20:31 . 2009-04-12 00:24 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-03-29 16:59 . 2004-08-22 19:31 5248 ----a-w e:\windows\system32\drivers\d347prt.sys

2009-03-29 16:59 . 2004-08-22 19:31 155136 ----a-w e:\windows\system32\drivers\d347bus.sys

2009-03-29 16:59 . 2009-03-29 16:59 -------- d-----w e:\windows\Downloaded Installations

2009-03-29 00:23 . 2008-06-14 17:59 272384 -c----w e:\windows\system32\dllcache\bthport.sys

2009-03-29 00:23 . 2008-06-14 17:59 272384 ------w e:\windows\system32\drivers\bthport.sys

2009-03-28 21:22 . 2009-03-28 21:22 -------- d-----w e:\windows\PixArt

2009-03-28 21:21 . 2009-03-28 21:21 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\HP

2009-03-28 21:05 . 2009-04-21 14:38 -------- d-----w e:\windows\system32\pt-br

2009-03-28 20:44 . 2009-02-20 17:11 52224 -c----w e:\windows\system32\dllcache\msfeedsbs.dll

2009-03-28 20:44 . 2009-02-20 17:11 459264 -c----w e:\windows\system32\dllcache\msfeeds.dll

2009-03-28 20:44 . 2009-02-20 17:11 268288 -c----w e:\windows\system32\dllcache\iertutil.dll

2009-03-28 20:44 . 2008-07-09 14:31 1024000 -c----w e:\windows\system32\dllcache\ieframe.dll.mui

2009-03-28 20:44 . 2009-02-20 17:11 383488 -c----w e:\windows\system32\dllcache\ieapfltr.dll

2009-03-28 20:44 . 2009-02-20 10:20 13824 -c----w e:\windows\system32\dllcache\ieudinit.exe

2009-03-28 20:44 . 2008-07-09 14:25 2455488 -c----w e:\windows\system32\dllcache\ieapfltr.dat

2009-03-28 20:44 . 2009-02-20 17:11 63488 -c----w e:\windows\system32\dllcache\icardie.dll

2009-03-28 20:44 . 2009-02-20 17:11 6066176 -c----w e:\windows\system32\dllcache\ieframe.dll

2009-03-28 20:39 . 2009-03-28 20:39 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\AdobeUM

2009-03-28 20:38 . 2009-03-28 20:39 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Adobe

2009-03-28 20:38 . 2009-03-28 20:39 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Adobe

2009-03-28 20:08 . 2009-03-28 20:08 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-03-28 19:49 . 2009-03-28 20:07 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\NOS

2009-03-28 19:49 . 2009-03-28 20:07 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\NOS

2009-03-28 19:36 . 2009-04-08 11:17 -------- d-----w e:\documents and settings\CarOol\Contacts

2009-03-28 19:29 . 2009-04-20 22:35 -------- d-----w e:\windows\system32\LogFiles

2009-03-28 19:29 . 2009-03-28 19:30 -------- d-----w e:\windows\system32\drivers\UMDF

2009-03-28 18:49 . 2009-03-28 18:52 -------- d-----w e:\windows\system32\CatRoot_bak

2009-03-28 18:12 . 2009-02-09 11:50 2061952 -c----w e:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-28 18:12 . 2009-02-09 11:50 2184704 -c----w e:\windows\system32\dllcache\ntoskrnl.exe

2009-03-28 18:12 . 2009-02-09 11:50 2140160 -c----w e:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-28 18:12 . 2009-02-09 11:50 2019840 -c----w e:\windows\system32\dllcache\ntkrpamp.exe

2009-03-28 18:00 . 2008-10-24 11:10 453632 -c----w e:\windows\system32\dllcache\mrxsmb.sys

2009-03-28 17:38 . 2009-04-21 14:37 -------- d--h--w e:\windows\$hf_mig$

2009-03-28 17:34 . 2009-03-28 17:34 -------- d-sh--w e:\documents and settings\CarOol\UserData

2009-03-28 17:24 . 2009-03-28 17:24 68480 ----a-w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-28 17:24 . 2009-03-28 17:24 68480 ----a-w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-28 17:24 . 2009-04-01 00:49 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\Ahead

2009-03-28 17:23 . 2009-03-28 17:24 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Ahead

2009-03-28 17:23 . 2009-03-28 17:24 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Ahead

2009-03-28 17:23 . 2009-03-28 17:23 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Ahead

2009-03-28 17:21 . 2009-03-28 17:21 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Nero

2009-03-28 17:15 . 2006-10-26 22:56 32592 ----a-w e:\windows\system32\msonpmon.dll

2009-03-28 17:12 . 2009-03-28 17:14 -------- d-----w e:\windows\SHELLNEW

2009-03-28 17:12 . 2009-03-28 17:12 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Microsoft Help

2009-03-28 17:12 . 2009-03-28 17:12 -------- d-----w e:\documents and settings\CarOol\Configurações locais\Dados de aplicativos\Microsoft Help

2009-03-28 17:12 . 2009-03-28 17:15 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-03-28 17:12 . 2009-03-28 17:12 -------- d--h--r E:\MSOCache

2009-03-28 16:58 . 2003-03-18 20:20 1060864 ----a-w e:\windows\system32\MFC71.dll

2009-03-28 16:58 . 2003-03-18 19:14 499712 ----a-w e:\windows\system32\MSVCP71.dll

2009-03-28 16:58 . 2003-02-21 03:42 348160 ----a-w e:\windows\system32\MSVCR71.dll

2009-03-28 16:57 . 2009-03-28 16:57 940794 ----a-w e:\windows\system32\LoopyMusic.wav

2009-03-28 16:57 . 2009-03-28 16:57 146650 ----a-w e:\windows\system32\BuzzingBee.wav

2009-03-28 16:57 . 2009-03-28 16:57 -------- d-----w e:\windows\system32\Lang

2009-03-28 16:54 . 2009-04-22 01:51 188791 ----a-w e:\windows\system32\nvapps.xml

2009-03-28 16:53 . 2009-03-28 16:53 -------- d-----w e:\windows\nview

2009-03-28 16:53 . 2008-08-01 06:48 453152 ----a-w e:\windows\system32\nvudisp.exe

2009-03-28 16:53 . 2008-08-01 06:48 18335 ----a-w e:\windows\system32\nvdisp.nvu

2009-03-28 16:51 . 2007-11-14 07:18 553 ------r e:\windows\USetup.iss

2009-03-28 16:50 . 2008-10-28 09:18 17331200 ----a-w e:\windows\RTHDCPL.EXE

2009-03-28 16:50 . 2006-01-04 07:41 1389056 ----a-w e:\windows\system32\drivers\Monfilt.sys

2009-03-28 16:50 . 2008-09-30 08:38 2168320 ----a-w e:\windows\MicCal.exe

2009-03-28 16:50 . 2008-06-19 08:20 57344 ----a-w e:\windows\ALCMTR.EXE

2009-03-28 16:50 . 2008-08-05 12:10 1684736 ----a-w e:\windows\system32\drivers\Ambfilt.sys

2009-03-28 16:50 . 2008-06-19 08:42 2808832 ----a-w e:\windows\ALCWZRD.EXE

2009-03-28 16:50 . 2008-06-19 08:24 278528 ----a-w e:\windows\system32\ALSNDMGR.CPL

2009-03-28 16:50 . 2008-08-25 08:17 528384 ------r e:\windows\RtlExUpd.dll

2009-03-28 16:49 . 2007-04-16 19:46 33792 ----a-w e:\windows\system32\drivers\AmdPPM.sys

2009-03-28 16:49 . 2009-03-28 16:49 -------- dc----w e:\windows\system32\DRVSTORE

2009-03-28 16:48 . 2009-03-28 16:48 -------- d-----w e:\documents and settings\CarOol\Dados de aplicativos\InstallShield

2009-03-28 16:48 . 2004-08-14 02:56 5810 ----a-r e:\windows\system32\drivers\ASACPI.sys

2009-03-28 16:47 . 2009-03-28 16:48 26653 ----a-w e:\windows\Ascd_tmp.ini

2009-03-28 16:47 . 2007-12-29 23:22 10296 ----a-w e:\windows\system32\drivers\ASUSHWIO.SYS

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 01:55 . 2001-10-28 15:07 48628 ----a-w e:\windows\system32\perfc016.dat

2009-04-22 01:55 . 2001-10-28 15:07 344380 ----a-w e:\windows\system32\perfh016.dat

2009-04-21 18:29 . 2009-04-21 18:29 -------- d-----w e:\arquivos de programas\Avira

2009-04-20 02:18 . 2009-03-28 19:33 -------- d-----w e:\arquivos de programas\eMule

2009-04-18 17:56 . 2009-04-18 17:56 -------- d-----w e:\arquivos de programas\Lavalys

2009-04-12 16:58 . 2009-03-29 17:22 -------- d-----w e:\arquivos de programas\EA GAMES

2009-04-03 01:42 . 2009-04-03 01:30 -------- d-----w e:\arquivos de programas\Google

2009-03-30 02:37 . 2009-03-28 21:12 -------- d-----w e:\arquivos de programas\HP

2009-03-29 16:59 . 2009-03-29 16:59 -------- d-----w e:\arquivos de programas\D-Tools

2009-03-29 01:31 . 2009-03-29 01:31 -------- d-----w e:\arquivos de programas\MSXML 4.0

2009-03-28 21:23 . 2009-03-28 16:49 -------- d--h--w e:\arquivos de programas\InstallShield Installation Information

2009-03-28 21:22 . 2009-03-28 21:22 -------- d-----w e:\arquivos de programas\Arquivos comuns\PCCamera

2009-03-28 21:22 . 2009-03-28 21:22 -------- d-----w e:\arquivos de programas\PC Camera

2009-03-28 21:22 . 2009-03-28 16:50 -------- d-----w e:\arquivos de programas\Arquivos comuns\InstallShield

2009-03-28 21:20 . 2009-03-28 21:11 119088 ----a-w e:\windows\hpoins11.dat

2009-03-28 21:19 . 2009-03-28 21:19 -------- d-----w e:\documents and settings\All Users\Dados de aplicativos\HP

2009-03-28 21:16 . 2009-03-28 21:16 -------- d-----w e:\arquivos de programas\Arquivos comuns\HP

2009-03-28 21:14 . 2009-03-28 21:14 -------- d-----w e:\arquivos de programas\Hewlett-Packard

2009-03-28 21:14 . 2009-03-28 21:14 -------- d-----w e:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-03-28 20:08 . 2009-03-28 20:08 -------- d-----w e:\arquivos de programas\Lavasoft

2009-03-28 20:07 . 2009-03-28 20:07 -------- d-----w e:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-03-28 20:07 . 2009-03-28 20:07 -------- d-----w e:\arquivos de programas\Arquivos comuns\Adobe

2009-03-28 20:00 . 2009-03-28 20:00 -------- d-----w e:\arquivos de programas\Windows Live

2009-03-28 20:00 . 2009-03-28 20:00 -------- d-----w e:\arquivos de programas\Messenger Plus! Live

2009-03-28 20:00 . 2009-03-28 19:35 -------- d-----w e:\arquivos de programas\MSN Messenger

2009-03-28 19:52 . 2009-03-28 19:52 -------- d-----w e:\arquivos de programas\CCleaner

2009-03-28 19:30 . 2009-03-28 19:30 -------- d-----w e:\arquivos de programas\Windows Media Connect 2

2009-03-28 17:22 . 2009-03-28 17:21 -------- d-----w e:\arquivos de programas\Arquivos comuns\Ahead

2009-03-28 17:21 . 2009-03-28 17:21 -------- d-----w e:\arquivos de programas\Nero

2009-03-28 17:14 . 2009-03-28 17:14 -------- d-----w e:\arquivos de programas\Microsoft Works

2009-03-28 17:14 . 2009-03-28 17:14 -------- d-----w e:\arquivos de programas\MSBuild

2009-03-28 16:58 . 2009-03-28 16:58 -------- d-----w e:\arquivos de programas\Alwil Software

2009-03-28 16:54 . 2009-03-28 16:54 -------- d-----w e:\arquivos de programas\NVIDIA Corporation

2009-03-28 16:50 . 2009-03-28 16:50 -------- d-----w e:\arquivos de programas\Realtek

2009-03-28 16:49 . 2009-03-28 16:49 -------- d-----w e:\arquivos de programas\AMD

2009-03-28 16:43 . 2009-03-28 15:07 86327 ----a-w e:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-28 15:08 . 2009-03-28 15:08 -------- d-----w e:\arquivos de programas\microsoft frontpage

2009-03-28 15:07 . 2009-03-28 15:07 -------- d-----w e:\arquivos de programas\Serviços on-line

2009-03-28 15:06 . 2009-03-28 15:06 -------- d-----w e:\arquivos de programas\Arquivos comuns\Serviços

2009-03-28 15:05 . 2009-03-28 15:05 21844 ----a-w e:\windows\system32\emptyregdb.dat

2009-03-06 14:46 . 2004-08-04 03:45 285696 ----a-w e:\windows\system32\pdh.dll

2009-03-03 00:06 . 2004-08-04 03:45 826368 ----a-w e:\windows\system32\wininet.dll

2009-02-20 17:11 . 2004-08-04 03:45 78336 ----a-w e:\windows\system32\ieencode.dll

2009-02-09 14:17 . 2004-08-04 03:38 1846400 ----a-w e:\windows\system32\win32k.sys

2009-02-09 11:50 . 2004-08-04 00:40 2019840 ----a-w e:\windows\system32\ntkrnlpa.exe

2009-02-09 11:50 . 2004-08-04 03:40 2140160 ----a-w e:\windows\system32\ntoskrnl.exe

2009-02-09 10:19 . 2004-08-04 03:45 399360 ----a-w e:\windows\system32\rpcss.dll

2009-02-09 10:19 . 2004-08-04 03:45 726016 ----a-w e:\windows\system32\lsasrv.dll

2009-02-09 10:19 . 2004-08-04 03:45 683008 ----a-w e:\windows\system32\advapi32.dll

2009-02-09 10:19 . 2004-08-04 03:45 730624 ----a-w e:\windows\system32\ntdll.dll

2009-02-09 10:08 . 2004-08-04 03:45 111104 ----a-w e:\windows\system32\services.exe

2009-02-06 16:54 . 2001-10-28 15:07 35328 ----a-w e:\windows\system32\sc.exe

2009-02-03 20:10 . 2004-08-04 03:45 55808 ----a-w e:\windows\system32\secur32.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-21_16.45.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-07 05:19 . 2007-11-07 05:19 54272 e:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 62976 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 46080 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 46592 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 64512 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 66048 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 65024 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 65024 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 56832 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 66560 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 39936 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 38912 e:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 09:07 . 2008-07-29 09:07 59904 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 09:07 . 2008-07-29 09:07 59904 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2001-10-28 15:07 . 2009-04-22 01:55 39992 e:\windows\system32\perfc009.dat

- 2001-10-28 15:07 . 2009-04-21 16:35 39992 e:\windows\system32\perfc009.dat

+ 2009-04-21 18:29 . 2009-02-13 14:50 28376 e:\windows\system32\drivers\ssmdrv.sys

+ 2009-04-21 18:29 . 2009-02-13 17:22 95576 e:\windows\system32\drivers\avipbb.sys

+ 2009-04-21 18:29 . 2009-02-13 14:29 22360 e:\windows\system32\drivers\avgntmgr.sys

+ 2009-04-21 18:29 . 2009-02-13 14:17 45416 e:\windows\system32\drivers\avgntdd.sys

+ 2008-07-29 11:05 . 2008-07-29 11:05 655872 e:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 572928 e:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 06:54 . 2008-07-29 06:54 225280 e:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 161784 e:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2001-10-28 15:07 . 2009-04-22 01:55 311604 e:\windows\system32\perfh009.dat

- 2001-10-28 15:07 . 2009-04-21 16:35 311604 e:\windows\system32\perfh009.dat

+ 2009-03-29 17:18 . 2009-04-21 19:13 270336 e:\windows\system32\config\systemprofile\ntuser.dat

- 2009-03-29 17:18 . 2009-03-29 17:18 270336 e:\windows\system32\config\systemprofile\ntuser.dat

+ 2008-07-29 11:05 . 2008-07-29 11:05 3783672 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 3768312 e:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"swg"="e:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-08-01 13529088]

"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-08-01 86016]

"GrooveMonitor"="e:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"NeroFilterCheck"="e:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="e:\arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]

"InCD"="e:\arquivos de programas\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

"AAWTray"="e:\arquivos de programas\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]

"HP Software Update"="e:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"DAEMON Tools-1033"="e:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"avgnt"="e:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - e:\windows\RTHDCPL.EXE [2008-10-28 17331200]

"nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2008-08-01 1630208]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

e:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - e:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

HP Digital Imaging Monitor.lnk - e:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"e:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"e:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"e:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"e:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Arquivos de programas\\eMule\\emule.exe"=

"e:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

 

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]

S3 PAC207;SoC PC-Camera Beta3;e:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]

 

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - e:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvLsp.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 23:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(796)

e:\windows\system32\nvLsp.dll

 

- - - - - - - > 'explorer.exe'(888)

e:\arquivos de programas\Windows Media Player\wmpband.dll

e:\windows\system32\msi.dll

e:\windows\system32\WPDShServiceObj.dll

e:\windows\system32\PortableDeviceTypes.dll

e:\windows\system32\PortableDeviceApi.dll

e:\windows\system32\nvLsp.dll

.

Tempo para conclusão: 2009-04-22 23:10

ComboFix-quarantined-files.txt 2009-04-22 02:10

ComboFix2.txt 2009-04-21 16:46

 

Pré-execução: 11 pasta(s) 23.355.564.032 bytes disponíveis

Pós execução: 10 pasta(s) 23.376.457.728 bytes disponíveis

 

273 --- E O F --- 2009-04-21 14:38

 

 

 

 

 

---------------------------------------------------------------------------------------------------

 

 

 

Aparentemente o problema parece ter sido resolvido..verificarei melhor amanha.Desde já obrigada.

[Sam Spade 2]

Ok, os logs estão limpos. Para finalizar, vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /u

 

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix, deletar os arquivos e pastas relacionados e apagará pontos da Restauração do sistema que possam estar infectados, criando um ponto limpo.

 

Faça uma limpeza nos temporários e corrija erros no Registro com o CCleaner.

 

Atualize o Internet Explorer. Baixe e instale o Internet Explorer 8.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

Leia estes artigos sobre segurança:

 

Proteja seu PC

Cuidados ao navegar na net.

 

Abraço.

[carols2tutu 0]

Mt obrigada, o problema foi resolvido.

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.