[Resolvido!] internet explorer com problema

[igor s 0]

Olá pessoal...

O meu pc esta com o seguinte problema: sempre que eu fecho uma janela do internet explorer, aparece a seguinte mensagem: "o internet explorer encontrou um problema e precisa ser fechado...depurar ou enviar relatório de erros ou não enviar. Logo depois qdo eu clico em naum enviar acaba fechando todas as janelas que estavam abertas do internet explorer. Será que pode ser algum virus? Eu rodei o avira, o spybot, webroot spy sweeper e o malwarebytes e naum acusou nada. Parece que começou acontecer isso depois que passei o ccleaner e mandei corrigir os erros selecionados no registro...mas naum tenho certeza pois ao mesmo tempo estava baixando alguns videos na internet por sites proxy. Por isso naum sei como isso foi acontecer. Espero por ajuda.

Obrigado!!!

[DigRam 144]

  igor s disse:

Olá pessoal...

O meu pc esta com o seguinte problema: sempre que eu fecho uma janela do internet explorer, aparece a seguinte mensagem: "o internet explorer encontrou um problema e precisa ser fechado...depurar ou enviar relatório de erros ou não enviar. Logo depois qdo eu clico em naum enviar acaba fechando todas as janelas que estavam abertas do internet explorer. Será que pode ser algum virus? Eu rodei o avira, o spybot, webroot spy sweeper e o malwarebytes e naum acusou nada. Parece que começou acontecer isso depois que passei o ccleaner e mandei corrigir os erros selecionados no registro...mas naum tenho certeza pois ao mesmo tempo estava baixando alguns videos na internet por sites proxy. Por isso naum sei como isso foi acontecer. Espero por ajuda.

Obrigado!!!

<><><><><><><><>

Opa! igor s

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

Abraços!

[igor s 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:53, on 27/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21020)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Igor\CONFIG~1\Temp\Rar$EX00.000\Abc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234973651515

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

 

--

End of file - 9501 bytes

[DigRam 144]

Boa Noite! igor s

 

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

<><><><><><><><><><><>

<@> Baixe: < DrWebCureIt >

<@> Salve-o no desktop!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

  Citar

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Texto!

<@> Poste: DrWeb.csv + HijackThis,atualizado.

 

Abraços!

[igor s 0]

Boa noite, DigRam!

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Celeron® D CPU 3.46GHz )

BIOS : Default System BIOS

USER : Igor ( Administrator )

BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:39 Go (Free:5 Go)

D:\ (Local Disk) - NTFS - Total:35 Go (Free:32 Go)

E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( seg 27/04/2009|19:16 )

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.com.br/"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\ConvertXtoDVD_v2.2.3.258.zip

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\crack anti virus.doc

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\TUTORIAL DE COMO ATIVAR.doc

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\VSO_Software_ConvertXtoDVD_v2_2_3_258-TE

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\WinAVI_Video_Converter_v7.7_by_Core.zip

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\windows serial.doc

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\VSO_Software_ConvertXtoDVD_v2_2_3_258-TE\VSO.Software.ConvertXtoDVD.v2.2.3.258-TE

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\VSO_Software_ConvertXtoDVD_v2_2_3_258-TE\VSO.Software.ConvertXtoDVD.v2.2.3.258-TE\Crack

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\VSO_Software_ConvertXtoDVD_v2_2_3_258-TE\VSO.Software.ConvertXtoDVD.v2.2.3.258-TE\te.nfo

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\VSO_Software_ConvertXtoDVD_v2_2_3_258-TE\VSO.Software.ConvertXtoDVD.v2.2.3.258-TE\Crack\ConvertXtoDvd.exe

C:\DOCUME~1\Igor\Meus documentos\PASTA COM CRACK\VSO_Software_ConvertXtoDVD_v2_2_3_258-TE\VSO.Software.ConvertXtoDVD.v2.2.3.258-TE\Crack\Registration.reg

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - seg 27/04/2009|19:17 - Option : [2]

 

-----------\\ Verificação completa em 19:17:01,84

 

-------------------------\\ Segue o DrWeb:

 

wrconsumerservice.exe c:\arquivos de programas\webroot\webrootsecurity Provavelmente DLOADER.Trojan

FindyKill.exe\data014 C:\Arquivos de programas\FindyKill.exe Tool.Prockill

FindyKill.exe C:\Arquivos de programas A pasta contem objectos infectados

Process.exe C:\Arquivos de programas\FindyKill\Tools Tool.Prockill

VBAPB10.CHM\html/pbproStartInNextTextBox.htm C:\Arquivos de programas\Microsoft Office\OFFICE11\1046\VBAPB10.CHM Modificação de Avispa.2048

VBAPB10.CHM C:\Arquivos de programas\Microsoft Office\OFFICE11\1046 A pasta contem objectos infectados

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:48:08, on 27/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21020)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Igor\CONFIG~1\Temp\Rar$EX00.125\Abc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234973651515

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

 

--

End of file - 8304 bytes

[DigRam 144]

Bom Dia! igor s

 

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

  Citar

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[igor s 0]

Bom dia! DigRam

 

Segue os relatótios...

 

ComboFix 09-04-27.04 - Igor 28/04/2009 11:20.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.479.57 [GMT -3:00]

Executando de: c:\documents and settings\Igor\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-4-28 ))))))))))))))))))))))))))))

.

 

2009-04-27 22:32 . 2009-04-27 22:42 -------- d-----w c:\documents and settings\Igor\DoctorWeb

2009-04-27 22:15 . 2009-04-27 22:17 -------- d-----w C:\ToolBar SD

2009-04-27 21:59 . 2009-04-27 21:59 -------- d-----w C:\toolbar

2009-04-26 02:20 . 2009-04-26 02:20 -------- d-----w c:\documents and settings\Igor\Configurações locais\Dados de aplicativos\AskToolbar

2009-04-26 02:19 . 2009-04-26 02:19 -------- d-----w c:\arquivos de programas\Ask.com

2009-04-25 23:21 . 2009-04-25 23:22 11772 ----a-w C:\cc_20090425_202126.reg

2009-04-16 17:31 . 2005-07-26 04:29 60416 ------w c:\windows\system32\dllcache\colbact.dll

2009-04-16 17:31 . 2009-03-06 14:00 286208 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-16 17:31 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 17:31 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 17:31 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 17:31 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe

2009-04-16 17:31 . 2009-02-09 09:53 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-16 17:31 . 2009-02-09 10:03 684032 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 17:31 . 2009-02-09 10:03 731136 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 17:31 . 2009-02-09 10:03 731136 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 17:24 . 2008-04-21 21:27 216064 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-10 18:16 . 2009-04-10 18:16 -------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-04-10 18:16 . 2009-04-10 18:16 4909440 ----a-w c:\arquivos de programas\Silverlight.2.0.exe

2009-03-30 02:33 . 2009-03-30 02:33 552 ----a-w c:\windows\system32\d3d8caps.dat

2009-03-29 14:24 . 2009-03-29 14:25 -------- d-----w c:\arquivos de programas\MessengerDiscovery

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-28 14:04 . 2009-01-26 00:55 -------- d-----w c:\arquivos de programas\lg_fwupdate

2009-04-28 01:03 . 2009-02-13 23:03 -------- d-----w c:\arquivos de programas\PokerStars

2009-04-25 23:38 . 2009-02-19 00:41 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-04-25 23:25 . 2009-02-17 22:00 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-18 21:42 . 2009-01-26 18:51 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-04-17 06:28 . 2007-07-21 21:40 67450 ----a-w c:\windows\system32\perfc016.dat

2009-04-17 06:28 . 2007-07-21 21:40 425426 ----a-w c:\windows\system32\perfh016.dat

2009-04-06 18:32 . 2009-02-17 22:00 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32 . 2009-02-17 22:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-06 16:32 . 2009-03-20 15:25 1563008 ----a-w c:\windows\WRSetup.dll

2009-04-02 17:30 . 2008-12-08 00:26 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys

2009-04-02 17:30 . 2008-12-08 00:26 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys

2009-04-02 17:30 . 2008-12-08 00:26 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys

2009-03-29 14:23 . 2009-03-29 14:11 2174939 ----a-w c:\arquivos de programas\MDL_1.5.0805.exe

2009-03-29 13:46 . 2009-01-26 18:37 -------- d-----w c:\arquivos de programas\eMule

2009-03-24 01:44 . 2009-01-26 03:43 95768 ----a-w c:\documents and settings\Igor\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-24 01:43 . 2009-03-24 01:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2009-03-24 01:43 . 2009-03-24 01:39 -------- d-----w c:\arquivos de programas\AutoCAD LT 2008

2009-03-23 18:19 . 2009-03-20 15:25 -------- d-----w c:\arquivos de programas\Webroot

2009-03-20 19:40 . 2009-01-27 13:49 -------- d-----w c:\arquivos de programas\WinAVI Video Converter

2009-03-11 00:36 . 2009-03-11 00:36 -------- d-----w c:\arquivos de programas\Real Alternative

2009-03-07 01:52 . 2009-02-19 20:46 -------- d-----w c:\arquivos de programas\Yahoo!

2009-03-07 00:38 . 2009-03-07 00:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-06 14:00 . 2007-07-21 21:40 286208 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:15 . 2007-09-02 17:27 828416 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:19 . 2007-09-02 17:13 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-20 05:56 . 2009-02-20 05:56 12018 ----a-w C:\reg2.reg

2009-02-18 21:35 . 2009-02-18 21:35 941088 ----a-w c:\arquivos de programas\FindyKill.exe

2009-02-18 19:48 . 2009-02-18 19:48 288654 ----a-w C:\SafeBootKeyRepair.exe

2009-02-13 13:19 . 2009-02-13 13:19 0 ----a-w c:\windows\nsreg.dat

2009-02-09 13:55 . 2007-09-02 17:34 1847552 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:43 . 2007-02-28 08:08 2067200 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:43 . 2007-09-02 17:35 2190336 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 10:03 . 2007-09-02 17:34 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:03 . 2007-09-02 17:32 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:03 . 2007-07-21 21:40 684032 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:03 . 2007-07-21 21:40 731136 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 09:53 . 2007-07-21 21:41 111104 ----a-w c:\windows\system32\services.exe

2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 09:54 . 2007-07-21 21:41 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:53 . 2007-07-21 21:41 56320 ----a-w c:\windows\system32\secur32.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\sfcfiles.dll

[-] 2007-09-02 17:15 1548288 DB3AA410ED1228B9DF98C06549AE0763 c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-02-09 18:06 764296 ----a-w c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-07-21 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SpySweeper"="c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Arquivos de programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=

 

R0 pavboot;pavboot; [x]

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-02 29808]

S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S2 WRConsumerService;Webroot Client Service;c:\arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe [2009-04-26 1181040]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Setup.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-02-09 18:06]

 

2009-04-24 c:\windows\Tasks\wrSpySweeper_LAFA74416CAE547899E3CBFA20D0138AD.job

- c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-20 16:32]

 

2009-04-24 c:\windows\Tasks\wrSpySweeper_LAFA74416CAE547899E3CBFA20D0138AD.job

- c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-20 16:32]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: webaula.com.br\www

FF - ProfilePath - c:\documents and settings\Igor\Dados de aplicativos\Mozilla\Firefox\Profiles\16uowz9b.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13997&locale=en_US&q=

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-28 11:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(316)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2009-04-28 11:24

ComboFix-quarantined-files.txt 2009-04-28 14:24

 

Pré-execução: 5.108.588.544 bytes disponíveis

Pós execução: 5.130.694.656 bytes disponíveis

 

183 --- E O F --- 2009-04-17 06:07

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:28:06, on 28/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21020)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Igor\CONFIG~1\Temp\Rar$EX00.968\Abc.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234973651515

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

 

--

End of file - 8963 bytes

[DigRam 144]

Boa Tarde! igor s

 

<@> Baixe: < BTFix.zip > ( ...par bibi26 )

<@> Descompacte-o para o Desktop ou Disco local ©.

<@> Reinicie o computador em Modo de Segurança. <-- Importante!

<@> Execute o BTFix.exe,com um duplo-clique.

<@> Clique em Rechercher. <-- Função diagnóstico!

 

  Citar

BTFix 1.075 (par bibi26) - 01/11/2008 14:39:33 - Analyse - Mode sans échec

Lancé depuis C:\Documents and Settings\Administrador\Desktop\BTFix\BTFix.exe

 

---> Fichiers/Dossiers trouvés

 

---> Analyse terminée

<@> Exemplo de relatório,em que nada foi encontrado.

<@> Terminando e,existindo infecções,execute novamente o BTFix.exe.

<@> Faça-o em Modo Seguro! <-- Importante!

 

  Citar

BTFix 1.075 (par bibi26) - 01/11/2008 14:39:33 - Nettoyage - Mode sans échec

Lancé depuis C:\Documents and Settings\Administrador\Desktop\BTFix\BTFix.exe

 

---> Fichiers/dossiers supprimés (Première passe)

 

- Fichiers temporaires effacés

- C:\WINDOWS\system32\bitsprx4.dll

- C:\Arquivos de programas\AskSBar\bar\1.bin\

- C:\Arquivos de programas\AskSBar\bar\

- C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\

 

---> Nettoyage terminé

<@> Exemplo de relatório,em que foram encontradas infecções.

<@> Clique em Nettoyer. <-- Função Fix!

<@> Terminando,copie/poste o relatório: ( C:\BTFix\BTFix.txt ) + HijackThis,atualizado.

 

Abraços!

[igor s 0]

Boa Noite! DigRam

 

BTFix 1.075 (par bibi26) - 28/04/2009 20:39:53 - Analyse

Lancé depuis C:\Documents and Settings\Igor\Desktop\BTFix\BTFix.exe

 

---> Fichiers/Dossiers trouvés

 

 

---> Analyse terminée

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:46:35, on 28/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21020)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Igor\CONFIG~1\Temp\Rar$EX00.703\Abc.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234973651515

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

 

--

End of file - 9310 bytes

 

Obs: O problema descrito no inicio do topico ainda continua!

 

Abraços!

[DigRam 144]

Boa Noite! igor s

 

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

  Citar

File::

c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

c:\arquivos de programas\Ask.com\UpdateTask.exe

E:\Setup.exe

Regnull::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•6~*]

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Firefox::

FF - prefs.js: browser.search.selectedEngine - Ask.com

Folder::

c:\documents and settings\Igor\Configurações locais\Dados de aplicativos\AskToolbar

c:\arquivos de programas\Ask.com

Driver::

"pavboot"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[igor s 0]

Bom dia! DigRam

 

Naum sei se consegui fazer direito as ultimas instruções! Mas confere ai se deu certo.

 

 

ComboFix 09-04-27.04 - Igor 29/04/2009 11:21.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.479.84 [GMT -3:00]

Executando de: c:\documents and settings\Igor\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Igor\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

c:\arquivos de programas\Ask.com\UpdateTask.exe

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

E:\Setup.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Ask.com

c:\arquivos de programas\Ask.com\config.xml

c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

c:\arquivos de programas\Ask.com\mupcfg.xml

c:\arquivos de programas\Ask.com\UpdateTask.exe

c:\documents and settings\Igor\Configurações locais\Dados de aplicativos\AskToolbar

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

E:\Setup.exe . . . . falha na exclusão

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_pavboot

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))

.

 

2009-04-27 22:32 . 2009-04-27 22:42 -------- d-----w c:\documents and settings\Igor\DoctorWeb

2009-04-27 22:15 . 2009-04-27 22:17 -------- d-----w C:\ToolBar SD

2009-04-27 21:59 . 2009-04-27 21:59 -------- d-----w C:\toolbar

2009-04-25 23:21 . 2009-04-25 23:22 11772 ----a-w C:\cc_20090425_202126.reg

2009-04-16 17:31 . 2005-07-26 04:29 60416 ------w c:\windows\system32\dllcache\colbact.dll

2009-04-16 17:31 . 2009-03-06 14:00 286208 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-16 17:31 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 17:31 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 17:31 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 17:31 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe

2009-04-16 17:31 . 2009-02-09 09:53 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-16 17:31 . 2009-02-09 10:03 684032 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 17:31 . 2009-02-09 10:03 731136 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 17:31 . 2009-02-09 10:03 731136 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 17:24 . 2008-04-21 21:27 216064 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-10 18:16 . 2009-04-10 18:16 -------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-04-10 18:16 . 2009-04-10 18:16 4909440 ----a-w c:\arquivos de programas\Silverlight.2.0.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-29 14:25 . 2009-01-26 00:55 -------- d-----w c:\arquivos de programas\lg_fwupdate

2009-04-28 18:47 . 2009-02-13 23:03 -------- d-----w c:\arquivos de programas\PokerStars

2009-04-25 23:38 . 2009-02-19 00:41 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-04-25 23:25 . 2009-02-17 22:00 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-18 21:42 . 2009-01-26 18:51 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-04-17 06:28 . 2007-07-21 21:40 67450 ----a-w c:\windows\system32\perfc016.dat

2009-04-17 06:28 . 2007-07-21 21:40 425426 ----a-w c:\windows\system32\perfh016.dat

2009-04-06 18:32 . 2009-02-17 22:00 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32 . 2009-02-17 22:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-06 16:32 . 2009-03-20 15:25 1563008 ----a-w c:\windows\WRSetup.dll

2009-04-02 17:30 . 2008-12-08 00:26 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys

2009-04-02 17:30 . 2008-12-08 00:26 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys

2009-04-02 17:30 . 2008-12-08 00:26 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys

2009-03-30 02:33 . 2009-03-30 02:33 552 ----a-w c:\windows\system32\d3d8caps.dat

2009-03-29 14:25 . 2009-03-29 14:24 -------- d-----w c:\arquivos de programas\MessengerDiscovery

2009-03-29 14:23 . 2009-03-29 14:11 2174939 ----a-w c:\arquivos de programas\MDL_1.5.0805.exe

2009-03-29 13:46 . 2009-01-26 18:37 -------- d-----w c:\arquivos de programas\eMule

2009-03-24 01:44 . 2009-01-26 03:43 95768 ----a-w c:\documents and settings\Igor\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-24 01:43 . 2009-03-24 01:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2009-03-24 01:43 . 2009-03-24 01:39 -------- d-----w c:\arquivos de programas\AutoCAD LT 2008

2009-03-23 18:19 . 2009-03-20 15:25 -------- d-----w c:\arquivos de programas\Webroot

2009-03-20 19:40 . 2009-01-27 13:49 -------- d-----w c:\arquivos de programas\WinAVI Video Converter

2009-03-11 00:36 . 2009-03-11 00:36 -------- d-----w c:\arquivos de programas\Real Alternative

2009-03-07 01:52 . 2009-02-19 20:46 -------- d-----w c:\arquivos de programas\Yahoo!

2009-03-07 00:38 . 2009-03-07 00:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-06 14:00 . 2007-07-21 21:40 286208 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:15 . 2007-09-02 17:27 828416 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:19 . 2007-09-02 17:13 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-20 05:56 . 2009-02-20 05:56 12018 ----a-w C:\reg2.reg

2009-02-18 21:35 . 2009-02-18 21:35 941088 ----a-w c:\arquivos de programas\FindyKill.exe

2009-02-18 19:48 . 2009-02-18 19:48 288654 ----a-w C:\SafeBootKeyRepair.exe

2009-02-13 13:19 . 2009-02-13 13:19 0 ----a-w c:\windows\nsreg.dat

2009-02-09 13:55 . 2007-09-02 17:34 1847552 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:43 . 2007-02-28 08:08 2067200 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:43 . 2007-09-02 17:35 2190336 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 10:03 . 2007-09-02 17:34 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:03 . 2007-09-02 17:32 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:03 . 2007-07-21 21:40 684032 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:03 . 2007-07-21 21:40 731136 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 09:53 . 2007-07-21 21:41 111104 ----a-w c:\windows\system32\services.exe

2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 09:54 . 2007-07-21 21:41 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:53 . 2007-07-21 21:41 56320 ----a-w c:\windows\system32\secur32.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\sfcfiles.dll

[-] 2007-09-02 17:15 1548288 DB3AA410ED1228B9DF98C06549AE0763 c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_14.22.32 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-26 00:41 . 2009-04-28 14:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-01-26 00:41 . 2009-04-29 14:25 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2009-01-26 00:41 . 2009-04-28 14:03 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-26 00:41 . 2009-04-29 14:25 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-26 00:41 . 2009-04-28 14:03 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-01-26 00:41 . 2009-04-29 14:25 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-01-26 00:50 . 2009-04-29 06:01 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2009-01-26 00:50 . 2009-04-17 06:02 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2009-01-26 00:50 . 2009-04-29 06:01 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-07-21 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SpySweeper"="c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Arquivos de programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=

 

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-02 29808]

S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S2 WRConsumerService;Webroot Client Service;c:\arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe [2009-04-26 1181040]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-24 c:\windows\Tasks\wrSpySweeper_LAFA74416CAE547899E3CBFA20D0138AD.job

- c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-20 16:32]

 

2009-04-24 c:\windows\Tasks\wrSpySweeper_LAFA74416CAE547899E3CBFA20D0138AD.job

- c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-20 16:32]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: webaula.com.br\www

FF - ProfilePath - c:\documents and settings\Igor\Dados de aplicativos\Mozilla\Firefox\Profiles\16uowz9b.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13997&locale=en_US&q=

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-29 11:26

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

c:\windows\TEMP\SST-662A37E6-4568-4331-A70C-A6AEE3D33AB9.tmp 0 bytes

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3516)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

c:\arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

c:\arquivos de programas\Webroot\WebrootSecurity\SSU.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-29 11:28 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-29 14:28

ComboFix2.txt 2009-04-28 14:24

 

Pré-execução: 4.852.379.648 bytes disponíveis

Pós execução: 4.812.955.648 bytes disponíveis

 

235 --- E O F --- 2009-04-29 06:01

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:35:58, on 29/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.21020)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Igor\CONFIG~1\Temp\Rar$EX00.640\Abc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Arquivos de programas\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234973651515

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe

 

--

End of file - 8984 bytes

 

Obrigado!

[DigRam 144]

Boa Noite! igor s

 

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Rootkit::

c:\windows\TEMP\SST-662A37E6-4568-4331-A70C-A6AEE3D33AB9.tmp

Regnull::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•6~*]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt

 

Abraços!

[igor s 0]

Boa Noite! DigRam

 

O internet explorer não esta mais acusando que encontrou um problema e precisa ser fechado qdo eu fecho alguma janela. Acho q ficou bom!!!

 

ComboFix 09-04-27.04 - Igor 29/04/2009 19:33.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.479.170 [GMT -3:00]

Executando de: c:\documents and settings\Igor\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Igor\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-28 to 2009-4-29 ))))))))))))))))))))))))))))

.

 

2009-04-27 22:32 . 2009-04-27 22:42 -------- d-----w c:\documents and settings\Igor\DoctorWeb

2009-04-27 22:15 . 2009-04-27 22:17 -------- d-----w C:\ToolBar SD

2009-04-27 21:59 . 2009-04-27 21:59 -------- d-----w C:\toolbar

2009-04-25 23:21 . 2009-04-25 23:22 11772 ----a-w C:\cc_20090425_202126.reg

2009-04-16 17:31 . 2005-07-26 04:29 60416 ------w c:\windows\system32\dllcache\colbact.dll

2009-04-16 17:31 . 2009-03-06 14:00 286208 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-16 17:31 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 17:31 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 17:31 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 17:31 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe

2009-04-16 17:31 . 2009-02-09 09:53 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-16 17:31 . 2009-02-09 10:03 684032 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 17:31 . 2009-02-09 10:03 731136 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 17:31 . 2009-02-09 10:03 731136 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 17:24 . 2008-04-21 21:27 216064 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-10 18:16 . 2009-04-10 18:16 -------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-04-10 18:16 . 2009-04-10 18:16 4909440 ----a-w c:\arquivos de programas\Silverlight.2.0.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-29 22:37 . 2009-01-26 00:55 -------- d-----w c:\arquivos de programas\lg_fwupdate

2009-04-29 22:14 . 2009-02-13 23:03 -------- d-----w c:\arquivos de programas\PokerStars

2009-04-25 23:38 . 2009-02-19 00:41 -------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-04-25 23:25 . 2009-02-17 22:00 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-18 21:42 . 2009-01-26 18:51 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-04-17 06:28 . 2007-07-21 21:40 67450 ----a-w c:\windows\system32\perfc016.dat

2009-04-17 06:28 . 2007-07-21 21:40 425426 ----a-w c:\windows\system32\perfh016.dat

2009-04-06 18:32 . 2009-02-17 22:00 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32 . 2009-02-17 22:01 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-06 16:32 . 2009-03-20 15:25 1563008 ----a-w c:\windows\WRSetup.dll

2009-04-02 17:30 . 2008-12-08 00:26 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys

2009-04-02 17:30 . 2008-12-08 00:26 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys

2009-04-02 17:30 . 2008-12-08 00:26 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys

2009-03-30 02:33 . 2009-03-30 02:33 552 ----a-w c:\windows\system32\d3d8caps.dat

2009-03-29 14:25 . 2009-03-29 14:24 -------- d-----w c:\arquivos de programas\MessengerDiscovery

2009-03-29 14:23 . 2009-03-29 14:11 2174939 ----a-w c:\arquivos de programas\MDL_1.5.0805.exe

2009-03-29 13:46 . 2009-01-26 18:37 -------- d-----w c:\arquivos de programas\eMule

2009-03-24 01:44 . 2009-01-26 03:43 95768 ----a-w c:\documents and settings\Igor\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-24 01:43 . 2009-03-24 01:39 -------- d-----w c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2009-03-24 01:43 . 2009-03-24 01:39 -------- d-----w c:\arquivos de programas\AutoCAD LT 2008

2009-03-23 18:19 . 2009-03-20 15:25 -------- d-----w c:\arquivos de programas\Webroot

2009-03-20 19:40 . 2009-01-27 13:49 -------- d-----w c:\arquivos de programas\WinAVI Video Converter

2009-03-11 00:36 . 2009-03-11 00:36 -------- d-----w c:\arquivos de programas\Real Alternative

2009-03-07 01:52 . 2009-02-19 20:46 -------- d-----w c:\arquivos de programas\Yahoo!

2009-03-07 00:38 . 2009-03-07 00:37 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-06 14:00 . 2007-07-21 21:40 286208 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:15 . 2007-09-02 17:27 828416 ----a-w c:\windows\system32\wininet.dll

2009-02-20 17:19 . 2007-09-02 17:13 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-20 05:56 . 2009-02-20 05:56 12018 ----a-w C:\reg2.reg

2009-02-18 21:35 . 2009-02-18 21:35 941088 ----a-w c:\arquivos de programas\FindyKill.exe

2009-02-18 19:48 . 2009-02-18 19:48 288654 ----a-w C:\SafeBootKeyRepair.exe

2009-02-13 13:19 . 2009-02-13 13:19 0 ----a-w c:\windows\nsreg.dat

2009-02-09 13:55 . 2007-09-02 17:34 1847552 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:43 . 2007-02-28 08:08 2067200 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:43 . 2007-09-02 17:35 2190336 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 10:03 . 2007-09-02 17:34 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:03 . 2007-09-02 17:32 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:03 . 2007-07-21 21:40 684032 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:03 . 2007-07-21 21:40 731136 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 09:53 . 2007-07-21 21:41 111104 ----a-w c:\windows\system32\services.exe

2009-02-06 22:14 . 2009-02-06 22:14 308088 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 21:52 . 2009-02-06 21:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 09:54 . 2007-07-21 21:41 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:53 . 2007-07-21 21:41 56320 ----a-w c:\windows\system32\secur32.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-14 02:20 1571840 698F9583D1EB213B09F12DD5826A46E2 c:\windows\SoftwareDistribution\Download\286c254ee4e7710365274c10a063b3f3\sfcfiles.dll

[-] 2007-09-02 17:15 1548288 DB3AA410ED1228B9DF98C06549AE0763 c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-04-29_14.26.13 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-01-26 00:41 . 2009-04-29 14:25 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-01-26 00:41 . 2009-04-29 22:36 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-01-26 00:41 . 2009-04-29 22:36 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-26 00:41 . 2009-04-29 14:25 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-26 00:41 . 2009-04-29 22:36 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2009-01-26 00:41 . 2009-04-29 14:25 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-07-21 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"LGODDFU"="c:\arquivos de programas\lg_fwupdate\fwupdate.exe" [2007-02-26 249856]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SpySweeper"="c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\Arquivos de programas\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=

 

S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-04-02 29808]

S2 SeaPort;SeaPort;c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S2 WRConsumerService;Webroot Client Service;c:\arquivos de programas\Webroot\WebrootSecurity\WRConsumerService.exe [2009-04-26 1181040]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-24 c:\windows\Tasks\wrSpySweeper_LAFA74416CAE547899E3CBFA20D0138AD.job

- c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-20 16:32]

 

2009-04-24 c:\windows\Tasks\wrSpySweeper_LAFA74416CAE547899E3CBFA20D0138AD.job

- c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-03-20 16:32]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mWindow Title =

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: webaula.com.br\www

FF - ProfilePath - c:\documents and settings\Igor\Dados de aplicativos\Mozilla\Firefox\Profiles\16uowz9b.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13997&locale=en_US&q=

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-29 19:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1860)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\IoctlSvc.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Webroot\WebrootSecurity\SpySweeper.exe

c:\arquivos de programas\Webroot\WebrootSecurity\SSU.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-29 19:52 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-29 22:52

ComboFix2.txt 2009-04-29 22:29

ComboFix3.txt 2009-04-29 14:28

ComboFix4.txt 2009-04-28 14:24

 

Pré-execução: 4.676.366.336 bytes disponíveis

Pós execução: 4.679.593.984 bytes disponíveis

 

189 --- E O F --- 2009-04-29 06:01

 

Obrigado!

[DigRam 144]

Boa Noite! igor s

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<!> Os logs estão limpos!

<!> Tudo Ok?

 

Abraços!

[igor s 0]

Bom dia! DigRam

 

Valeu mesmo pela ajuda.

 

Obrigado...Abraços!!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.