[Arquivado] Verificar Log - IE travando e fechando, instável

[Gix 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:46:16, on 08/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\gerlane\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL

O4 - HKLM\..\Run: [Vistadrv] C:\Arquivos de programas\VistaDrives\vsdrv.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [software Informer] "C:\Arquivos de programas\Software Informer\softinfo.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Arquivos de programas\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.4,85.255.112.14

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4,85.255.112.14

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4,85.255.112.14

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 11222 bytes

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[Gix 0]

Boa tarde Sr Perfect,

 

Relatório ComboFix:

 

ComboFix 09-05-07.A01 - gerlane 08/05/2009 14:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1982.1635 [GMT -3:00]

Executando de: c:\documents and settings\gerlane\Desktop\ComboFix.exe

AV: ESET NOD32 sistema antivírus 2.70 *On-access scanning disabled* (Updated)

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Mozilla Firefox\components\iamfamous.dll

c:\documents and settings\Administrador\Dados de aplicativos\inst.exe

C:\resycled

c:\resycled\ntldr.com

c:\windows\a3kebook.ini

c:\windows\akebook.ini

c:\windows\ANS2000.INI

c:\windows\jestertb.dll

c:\windows\system32\drivers\gaopdxkxvrgoxt.sys

c:\windows\system32\drivers\gaopdxpwqvshpt.sys

c:\windows\system32\drivers\gaopdxqhovmllr.sys

c:\windows\system32\drivers\gaopdxsrpruxdu.sys

c:\windows\system32\drivers\gaopdxvxblasft.sys

c:\windows\system32\gaopdxaswwosrq.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_gaopdxserv.sys

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-04-08 to 2009-05-08 ))))))))))))))))))))))))))))

.

 

2009-05-08 13:35 . 2009-05-08 13:35 -------- d-----w C:\!KillBox

2009-05-01 22:54 . 2009-05-01 22:54 -------- d-----w c:\arquivos de programas\MSN Messenger

2009-04-25 19:24 . 2004-08-04 02:10 78464 ----a-w c:\windows\system32\dllcache\usbvideo.sys

2009-04-25 19:24 . 2004-08-04 02:10 78464 ----a-w c:\windows\system32\drivers\usbvideo.sys

2009-04-19 14:56 . 2009-04-19 14:56 -------- d-----w c:\arquivos de programas\MySearch

2009-04-19 14:56 . 2009-04-19 14:56 -------- d-----w c:\documents and settings\gerlane\Dados de aplicativos\Desktopicon

2009-04-19 14:56 . 2009-04-19 14:56 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\FreeRIP

2009-04-19 14:56 . 2009-05-08 14:17 -------- d-----w c:\arquivos de programas\FreeRIP3

2009-04-19 14:34 . 2009-04-19 14:49 -------- d-----w c:\arquivos de programas\CDex_150

2009-04-16 01:18 . 2009-04-16 01:18 -------- d-----w c:\arquivos de programas\Java

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-08 14:16 . 2008-12-26 12:35 -------- d-----w c:\arquivos de programas\Valve

2009-05-08 06:19 . 2008-12-05 19:57 -------- d-----w c:\arquivos de programas\ESET

2009-05-01 13:59 . 2009-02-10 18:35 491856 ----a-w c:\documents and settings\gerlane\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-16 01:18 . 2009-01-06 17:20 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-01 02:46 . 2009-03-31 18:47 -------- d-----w c:\arquivos de programas\MP3 WAV Converter

2009-03-20 22:50 . 2009-02-17 16:08 -------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-03-20 03:56 . 2009-03-20 03:56 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-03-15 01:31 . 2009-03-15 01:30 -------- d-----w c:\arquivos de programas\Arquivos comuns\Macromedia

2009-03-15 01:30 . 2009-03-15 01:30 -------- d-----w c:\arquivos de programas\Macromedia

2009-03-15 01:28 . 2008-12-13 18:02 -------- d-----w c:\arquivos de programas\Ares

2009-03-13 21:35 . 2008-12-05 20:58 -------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-03-12 12:06 . 2008-12-05 20:35 -------- d-----w c:\arquivos de programas\FirebirdClient

2009-03-11 04:02 . 2009-03-11 04:02 552 ----a-w c:\windows\system32\d3d8caps.dat

2009-03-09 13:23 . 2009-03-06 12:34 512096 ----a-w c:\windows\system32\drivers\amon.sys

2009-03-09 13:23 . 2009-03-06 12:34 298104 ----a-w c:\windows\system32\imon.dll

2009-03-09 13:23 . 2009-03-06 12:34 15424 ----a-w c:\windows\system32\drivers\nod32drv.sys

2009-03-06 13:42 . 2008-12-05 20:17 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-02-27 00:38 . 2009-02-26 23:41 25600 ----a-w c:\windows\system32\drivers\usbser.sys

2009-02-18 01:47 . 2009-02-18 01:47 696 ----a-w c:\windows\Fonts\BAI_____.PFM

2009-02-17 13:59 . 2009-02-17 13:59 258048 ------w c:\windows\Setup1.exe

2009-02-17 13:59 . 2009-02-17 13:59 73216 ----a-w c:\windows\ST6UNST.EXE

2009-02-08 09:40 . 2001-10-28 15:07 70980 ----a-w c:\windows\system32\perfc016.dat

2009-02-08 09:40 . 2001-10-28 15:07 433840 ----a-w c:\windows\system32\perfh016.dat

2005-04-01 01:17 . 2009-02-26 17:30 40960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

2009-03-07 23:36 . 2009-03-06 12:21 67688 ----a-w c:\arquivos de programas\mozilla firefox\components\jar50.dll

2009-03-07 23:36 . 2009-03-06 12:21 54368 ----a-w c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2009-03-07 23:36 . 2009-03-06 12:21 34944 ----a-w c:\arquivos de programas\mozilla firefox\components\myspell.dll

2009-03-07 23:36 . 2009-03-06 12:21 46712 ----a-w c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2009-03-07 23:36 . 2009-03-06 12:21 172136 ----a-w c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

.

 

------- Sigcheck -------

 

[-] 2007-02-14 01:54 1405440 43A1C4B69B358556C54EA17E93C6A203 c:\windows\explorer.exe

 

[-] 2007-02-04 01:22 1548288 689DA768BC2D2509338E245DA46484ED c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2008-12-26 893440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"="c:\arquivos de programas\VistaDrives\vsdrv.exe" [2006-07-30 121089]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-01-21 29753344]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-08-19 49152]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"UVS10 Preload"="c:\arquivos de programas\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]

"Acrobat Assistant 7.0"="c:\arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"nod32kui"="c:\arquivos de programas\Eset\nod32kui.exe" [2009-03-09 949376]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-04-16 148888]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-06-11 176128]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-02-04 123904]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-2-17 25214]

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-13 113664]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\eMule\\eMule.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\ViteSoft\\Admin\\VSCyberAdmin.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1155:TCP"= 1155:TCP:VSCyber

"445:TCP"= 445:TCP:@xpsp2res.dll,-22005

"137:UDP"= 137:UDP:@xpsp2res.dll,-22001

"3050:TCP"= 3050:TCP:Firebird

 

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [06/03/2009 09:34 15424]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [10/03/2009 08:50 714240]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05/12/2008 18:12 215936]

S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys [26/02/2009 20:41 28800]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-Software Informer - c:\arquivos de programas\Software Informer\softinfo.exe

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

HKCU-Run-fsm - (no file)

HKU-Default-Run-Sidebar - c:\arquivos de programas\Windows Sidebar\sidebar.exe

 

 

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\gerlane\Dados de aplicativos\Mozilla\Firefox\Profiles\cuut5qyt.default\

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-08 14:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(632)

c:\windows\system32\sfc_os.dll

 

- - - - - - - > 'lsass.exe'(688)

c:\windows\system32\imon.dll

c:\arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2009-05-08 14:29

ComboFix-quarantined-files.txt 2009-05-08 17:29

 

Pré-execução: 21 pasta(s) 203.756.318.720 bytes disponíveis

Pós execução: 19 pasta(s) 212.187.566.080 bytes disponíveis

 

196

 

 

 

HijackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:30:56, on 08/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\gerlane\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL

O4 - HKLM\..\Run: [Vistadrv] C:\Arquivos de programas\VistaDrives\vsdrv.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4,85.255.112.14

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 9078 bytes

[PedroN 1]

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

 

poste o log do scan aqui mesmo no tópico

[Gix 0]

Log do scan

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, May 8, 2009

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Friday, May 08, 2009 21:12:31

Records in database: 2146873

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Files scanned: 75924

Threat name: 10

Infected objects: 24

Suspicious objects: 0

Duration of the scan: 01:33:39

 

 

File name / Threat name / Threats count

C:\Arquivos de programas\ESET\infected\DYGKUVCA.NQF Infected: Rootkit.Win32.TDSS.fpt 1

C:\Arquivos de programas\ESET\infected\RUEEHHDA.NQF Infected: Trojan.Win32.TDSS.ztz 1

C:\Arquivos de programas\Mozilla Firefox\plugins\NPMySrch.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1

C:\Arquivos de programas\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1

C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.br 1

C:\Arquivos de programas\OnlineHelpConsole\Hide.exe Infected: not-a-virus:AdWare.Win32.Dm.wf 1

C:\Documents and Settings\Administrador\7zS12E9.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\Documents and Settings\Default User\7zS12E9.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\Documents and Settings\gerlane\7zS12E9.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\Documents and Settings\gerlane\Desktop\10120_freerip_mp3_3091.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br 1

C:\Qoobox\Quarantine\C\Arquivos de programas\Mozilla Firefox\components\iamfamous.dll.vir Infected: Packed.Win32.Tdss.c 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gaopdxpwqvshpt.sys.vir Infected: Rootkit.Win32.TDSS.fpt 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxaswwosrq.dll.vir Infected: Trojan-PSW.Win32.Agent.lqj 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024414.sys Infected: Rootkit.Win32.TDSS.fpt 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024415.dll Infected: Trojan-PSW.Win32.Agent.lqj 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024433.dll Infected: Packed.Win32.Tdss.c 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024441.sys Infected: Rootkit.Win32.TDSS.fpt 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024442.sys Infected: Trojan.Win32.TDSS.ztz 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024443.sys Infected: Rootkit.Win32.TDSS.fpt 1

C:\System Volume Information\_restore{8907B95C-A841-40CA-B334-99AB553D9B34}\RP66\A0024444.sys Infected: Rootkit.Win32.TDSS.fpt 1

C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1

C:\WINDOWS\system32\config\systemprofile\7zS12E9.tmp\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\WINDOWS\system32\Tools\Hide.exe Infected: not-a-virus:AdWare.Win32.Dm.wf 1

C:\WINDOWS\system32\vimc.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1

 

The selected area was scanned.

[PedroN 1]

Gix, apague o arquivo abaixo em destaque.

 

C:\Documents and Settings\gerlane\Desktop\10120_freerip_mp3_3091.exe

 

- Agora faça os procedimentos na seqüencia.

 

1.

 

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste, o relatório: mbam-log-2008-xx-xx (00-00-00).txt

 

2.

 

• Baixe: < Kaspersky Virus Removal Tool >

• Salve-o em Arquivos de Programas,e instale-o aí mesmo!

• Reinicie o computador,em Modo de Segurança! <-- Importante!

• Dê início ao exame,clicando em "Scan".

• A verificação é um pouco demorada. Aguarde!

• Caso seja encontrada infecções,clique em "disinfect".

• Terminando,clique na aba Events.

• Desmarque a caixa de seleção "Show all events".

• Clique em "Save to file".

• Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

• Poste,também,HijackThis atualizado.

[Gix 0]

Olá bom dia Sr Perfect!

 

Tive que fazer uma viagem de urgência e retornarei à minha cidade na próxima quarta-feira... somente quando chegar poderei efetuar os procedimentos ok? Muito grata pela ajuda até aqui, e até mais!!!

 

Gerlane

[PedroN 1]

Olá bom dia Sr Perfect!

 

Tive que fazer uma viagem de urgência e retornarei à minha cidade na próxima quarta-feira... somente quando chegar poderei efetuar os procedimentos ok? Muito grata pela ajuda até aqui, e até mais!!!

 

Gerlane

 

Sem problemas, fico no aguardo. :rolleyes:

[Gix 0]

Bom dia!

 

Seguem os relatórios:

 

Malwarebytes:

 

Malwarebytes' Anti-Malware 1.36

Versão do banco de dados: 2138

Windows 5.1.2600 Service Pack 2

 

15/05/2009 20:49:35

mbam-log-2009-05-15 (20-49-16).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 84427

Tempo decorrido: 2 minute(s), 24 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 15

Valores do Registro infectados: 2

Ítens do Registro infectados: 0

Pastas infectadas: 6

Arquivos infectados: 22

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> No action taken.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\Arquivos de programas\MySearch (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\History (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

 

Arquivos infectados:

C:\Arquivos de programas\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\1.bin\S4FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\1.bin\S4FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\1.bin\S4NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\1.bin\S4NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\0001199D (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\0001B82F.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\00021756.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\00023C05.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\00055FDA.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\0006A4BE.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\000806BF.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\001C5A4D.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\00236D17.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\00236F69.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\0209314B.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\03D56EE3.bmp (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.

C:\Arquivos de programas\MySearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.

C:\WINDOWS\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> No action taken.

 

 

Karpersky:

 

Scan

----

Scanned: 731978

Detected: 10

Untreated: 0

Start time: 16/05/2009 00:06:28

Duration: 09:32:47

Finish time: 16/05/2009 09:39:15

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

16/05/2009 00:06:36 Running module: smss.exe\smss.exe ok scanned

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

HijackThis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:03:12, on 16/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Eset\nod32kui.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\gerlane\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [Vistadrv] C:\Arquivos de programas\VistaDrives\vsdrv.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: is-K4E03.lnk = C:\Documents and Settings\gerlane\Desktop\Virus Removal Tool1\is-K4E03\startup.exe

O4 - Startup: is-TC7GP.lnk = C:\Documents and Settings\gerlane\Desktop\Virus Removal Tool\is-TC7GP\startup.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 9729 bytes

 

obg!

[PedroN 1]

Oi Gix tenha uma boa tarde, vou precisar do resultado de outro scan online do kaspesky, faça-o novamente e poste-o em sua próxima resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.