Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

BabiFerrer

[Resolvido!] Computador Travando / Explorer Travando

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

BabiFerrer    0

BabiFerrer
Postado

Boa tarde,

 

Mais uma vez pedindo a ajuda de vcs para resolver um problemão !

 

Meu Explorer esta travando toda hora, trava e a tela fica toda azul, tenho que reiniciar o computador ao menos 3 a 4 vezes por dia.

 

Por favor me ajudem !

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:55, on 04/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\PDFCreator\PDFCreator.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrador.OEM\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8697 bytes

 

 

------------------

 

Incluindo Log do Combofix

 

ComboFix 09-06-03.04 - Administrador 04/06/2009 14:05.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.958.534 [GMT -3:00]

Executando de: c:\documents and settings\Administrador.OEM\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090603-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 350 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-04 to 2009-06-04 ))))))))))))))))))))))))))))

.

 

2009-05-27 17:12 . 2009-05-27 17:12 7680 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\xulutil.dll

2009-05-26 16:51 . 2005-10-15 15:32 196608 -c--a-w- c:\windows\system32\pdfcmnnt.dll

2009-05-26 16:51 . 1998-07-06 03:00 23552 -c--a-w- c:\windows\system32\MSMPIDE.DLL

2009-05-26 16:51 . 2009-05-26 16:57 -------- dc----w- c:\arquivos de programas\PDFCreator

2009-05-22 16:09 . 2009-05-08 14:46 38208 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-05-08 14:48 . 2009-05-08 14:48 -------- dc----w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1

2009-05-08 14:47 . 2009-05-08 14:47 -------- dc----w- c:\arquivos de programas\TweetDeck

2009-05-08 14:47 . 2009-05-08 14:47 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Adobe AIR

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-29 20:06 . 2009-05-27 17:12 -------- dc----w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire

2009-05-29 20:00 . 2009-02-02 13:20 -------- dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-29 20:00 . 2009-03-13 18:00 3371383 -c--a-w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-27 17:12 . 2009-05-27 17:12 282624 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\websrvcs.dll

2009-05-27 17:12 . 2009-05-27 17:12 15872 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\xmlextras.dll

2009-05-27 17:12 . 2009-05-27 17:12 200704 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\transformiix.dll

2009-05-27 17:12 . 2009-05-27 17:12 110592 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\universalchardet.dll

2009-05-27 17:12 . 2009-05-27 17:12 225280 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\pipnss.dll

2009-05-27 17:12 . 2009-05-27 17:12 20992 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\pipboot.dll

2009-05-27 17:12 . 2009-05-27 17:12 19968 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\pippki.dll

2009-05-27 17:12 . 2009-05-27 17:12 20480 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\autoconfig.dll

2009-05-27 17:12 . 2009-05-27 17:12 18944 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\appshell_modal.dll

2009-05-27 17:12 . 2009-05-27 17:12 17408 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\components\auth.dll

2009-05-27 17:12 . 2009-05-27 17:12 8192 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\AccessibleMarshal.dll

2009-05-27 17:12 . 2009-05-27 17:12 20480 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\LimeWire\browser\xulrunner\IA2Marshal.dll

2009-05-27 17:12 . 2009-05-27 17:10 -------- dc----w- c:\arquivos de programas\LimeWire

2009-05-26 16:20 . 2009-02-02 13:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-26 16:19 . 2009-02-02 13:20 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-26 13:16 . 2006-09-20 17:37 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-05-22 10:57 . 2009-02-19 13:48 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-05-22 10:57 . 2008-07-08 17:53 -------- dc----w- c:\arquivos de programas\GbPlugin

2009-05-12 19:52 . 2007-04-01 18:41 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-05-01 18:30 . 2009-05-01 18:30 3366912 -c--a-w- c:\windows\system32\GPhotos.scr

2009-04-27 18:48 . 2008-12-18 13:24 47956 -c-ha-w- c:\windows\system32\mlfcache.dat

2009-04-22 20:09 . 2007-09-11 20:26 -------- dc----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-04-17 11:09 . 2001-10-28 15:07 49586 ----a-w- c:\windows\system32\perfc016.dat

2009-04-17 11:09 . 2001-10-28 15:07 347294 ----a-w- c:\windows\system32\perfh016.dat

2009-03-27 15:03 . 2009-02-03 13:25 26568 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-03-26 10:56 . 2009-03-20 15:31 81920 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\zweitgeist\uninstall.exe

2009-03-20 15:31 . 2009-03-20 15:31 49152 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\zweitgeist\IdleHook.dll

2009-03-20 15:31 . 2009-03-20 15:31 20480 -c--a-w- c:\documents and settings\Administrador.OEM\Dados de aplicativos\zweitgeist\hook13.dll

2008-03-19 19:34 . 2008-03-19 19:34 14298 -c--a-w- c:\arquivos de programas\settings.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AxMonitor"="c:\arquivos de programas\SafeNet\BSecClient\axmonitor.exe" [2007-09-13 450560]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2008-03-12 208896]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2008-09-26 378792]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2009-03-27 264776]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^PDFCreator.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\PDFCreator.lnk

backup=c:\windows\pss\PDFCreator.lnkCommon Startup

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [03/02/2009 10:25 26568]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03/02/2009 13:33 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/02/2009 13:33 20560]

R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [13/09/2007 14:21 122880]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [08/07/2008 14:53 52808]

R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [07/08/2008 16:38 12480]

R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [07/08/2008 16:38 19232]

R3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\drivers\perto38u.sys [10/10/2006 14:06 33408]

S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [07/08/2008 16:38 22304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-15 c:\windows\Tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 21:36]

 

2009-03-26 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-03-26 01:18]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-procexp90.Sys

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uInternet Connection Wizard,ShellNext = hxxp://orion/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {C327EC23-7F81-4E1D-802C-8780052BCD50} = 200.204.0.10 200.204.0.138

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: {3B2FC559-5102-4482-9684-66906D53A500} - hxxp://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-04 14:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

c:\windows\system32\zshp1018.exe [2872] 0x85DCE610

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-507921405-2000478354-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,be,5c,73,dc,69,f1,4c,9a,9e,6e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,be,5c,73,dc,69,f1,4c,9a,9e,6e,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000}\Programmable]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399003}\Programmable]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83}\Programmable]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

@DACL=(02 0000)

"Asynchronous"=dword:00000001

"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"

"Startup"="WlDimsStartup"

"Shutdown"="WlDimsShutdown"

"Logon"="WlDimsLogon"

"Logoff"="WlDimsLogoff"

"StartShell"="WlDimsStartShell"

"Lock"="WlDimsLock"

"Unlock"="WlDimsUnlock"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DkWLNP]

@DACL=(02 0000)

"DllName"=expand:"DkWLNP.dll"

"Logon"="WLEventLogon"

"Logoff"="WLEventLogoff"

"StartShell"="WLEventStartShell"

"Startup"="WLEventStartup"

"Shutdown"="WLEventShutdown"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(752)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

 

- - - - - - - > 'lsass.exe'(808)

c:\windows\system32\aetsprov.dll

 

- - - - - - - > 'explorer.exe'(2744)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-06-04 14:16

ComboFix-quarantined-files.txt 2009-06-04 17:15

 

Pré-execução: 7,718,752,256 bytes disponíveis

Pós execução: 8,083,709,952 bytes disponíveis

 

177 --- E O F --- 2009-05-14 10:55

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Opa BabiFerrer, Você usou o combofix 7 vezes, dessa maneira dificulta realizar uma análise. Vou precisar de uma análise mais detalhada do seu PC.

 

• Baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste, o relatório: mbam-log-2008-xx-xx (00-00-00).txt.

 

Depois execute o RSIT

 

Faça o download do Random's System Information Tool (RSIT)

http://images.malwareremoval.com/random/RSIT.exe

Salve na sua área de trabalho.

 

◘ Execute o RSIT.exe.

◘ Haverá uma janela informativa:

List files/folders created or modified in the last: 1 month

◘ Clique em Continue.

 

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

 

poste o arquivo log.txt na sua proxima resposta.

 

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

 

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

Compartilhar este post

Link para o post
Compartilhar em outros sites

BabiFerrer    0

BabiFerrer
Postado
Opa BabiFerrer, Você usou o combofix 7 vezes, dessa maneira dificulta realizar uma análise. Vou precisar de uma análise mais detalhada do seu PC.

 

• Baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste, o relatório: mbam-log-2008-xx-xx (00-00-00).txt.

 

Depois execute o RSIT

 

Faça o download do Random's System Information Tool (RSIT)

http://images.malwareremoval.com/random/RSIT.exe

Salve na sua área de trabalho.

 

◘ Execute o RSIT.exe.

◘ Haverá uma janela informativa:

List files/folders created or modified in the last: 1 month

◘ Clique em Continue.

 

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

 

poste o arquivo log.txt na sua proxima resposta.

 

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

 

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

 

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2227

Windows 5.1.2600 Service Pack 3

 

08/06/2009 11:10:50

mbam-log-2009-06-08 (11-10-50).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 102607

Tempo decorrido: 7 minute(s), 32 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrador at 2009-06-08 11:13:33

Microsoft Windows XP Professional Service Pack 3

System drive C: has 8 GB (41%) free of 19 GB

Total RAM: 958 MB (49% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:14, on 08/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\aetcrss1.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC10.exe

C:\Documents and Settings\Administrador.OEM\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Administrador.OEM\Desktop\Administrador.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://orion/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3B2FC559-5102-4482-9684-66906D53A500} (Auth Class) - http://www.t37.com.br/_conteudo/ecpf/EvalCriptoCOM.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com.br/s/v/35.08/uploader2.cab

O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.wilsononline.com.br/includes/asp/arview2.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugi...GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C327EC23-7F81-4E1D-802C-8780052BCD50}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8645 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{22B879E5-9FF6-41BF-A137-EE1116761378}.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-08 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-04-30 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-30 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-03-10 421168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

PDFCreator Toolbar Helper - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-30 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-03-19 806912]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll [2009-04-30 259696]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AxMonitor"=C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe [2007-09-13 450560]

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"CertificateRegistration"=C:\WINDOWS\system32\aetcrss1.exe [2008-03-12 208896]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DkAutoReg]

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe [2007-09-13 253952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DkStartup]

C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe [2007-09-13 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-08 136600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\ARQUIV~1\GbPlugin\gbiehabn.dll [2008-09-26 378792]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2009-03-10 421168]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2009-03-27 264776]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-06-08 11:13:33 ----DC---- C:\rsit

2009-06-05 10:46:58 ----AC---- C:\WINDOWS\system32\pdfcmnnt.dll

2009-06-05 10:46:57 ----AC---- C:\WINDOWS\system32\MSMPIDE.DLL

2009-06-05 10:46:56 ----DC---- C:\Arquivos de programas\PDFCreator

2009-06-04 14:35:27 ----SHDC---- C:\RECYCLER

2009-06-04 14:16:15 ----AC---- C:\ComboFix.txt

2009-06-04 14:03:19 ----AC---- C:\WINDOWS\PEV.exe

2009-06-04 14:01:33 ----DC---- C:\Qoobox

2009-05-27 14:12:39 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\LimeWire

2009-05-27 14:10:47 ----DC---- C:\Arquivos de programas\LimeWire

 

======List of files/folders modified in the last 1 months======

 

2009-06-08 11:14:14 ----DC---- C:\WINDOWS\Prefetch

2009-06-08 10:51:02 ----D---- C:\WINDOWS\Temp

2009-06-08 07:47:34 ----DC---- C:\WINDOWS

2009-06-08 07:46:19 ----AD---- C:\WINDOWS\system32\drivers

2009-06-05 18:36:43 ----AC---- C:\WINDOWS\SchedLgU.Txt

2009-06-05 10:46:58 ----DC---- C:\WINDOWS\system32

2009-06-05 10:46:56 ----RDC---- C:\Arquivos de programas

2009-06-04 15:19:44 ----DC---- C:\WINDOWS\network diagnostic

2009-06-04 14:51:01 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-04 14:49:57 ----DC---- C:\Arquivos de programas\Programas RFB

2009-06-04 14:10:18 ----C---- C:\WINDOWS\system.ini

2009-06-04 14:09:03 ----DC---- C:\WINDOWS\AppPatch

2009-06-04 14:08:54 ----DC---- C:\Arquivos de programas\Arquivos comuns

2009-06-03 11:20:59 ----DC---- C:\WINDOWS\pss

2009-06-01 15:44:35 ----AC---- C:\WINDOWS\NeroDigital.ini

2009-06-01 15:30:09 ----AC---- C:\WINDOWS\WDIC.INI

2009-05-29 17:00:46 ----DC---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-05-29 07:29:56 ----D---- C:\WINDOWS\system32\Macromed

2009-05-28 14:49:22 ----DC---- C:\WINDOWS\Downloaded Program Files

2009-05-28 14:49:20 ----DC---- C:\WINDOWS\inf

2009-05-27 14:13:34 ----DC---- C:\Documents and Settings\Administrador.OEM\Dados de aplicativos\Mozilla

2009-05-27 14:11:26 ----SHDC---- C:\WINDOWS\Installer

2009-05-27 14:11:26 ----HDC---- C:\Config.Msi

2009-05-26 10:16:55 ----DC---- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-05-22 07:57:54 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2009-05-22 07:57:54 ----DC---- C:\Arquivos de programas\GbPlugin

2009-05-14 12:35:05 ----DC---- C:\WINDOWS\Debug

2009-05-12 16:52:21 ----DC---- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

R3 iKeyEnum;Rainbow iKey Enumerator; C:\WINDOWS\system32\DRIVERS\ikeyenum.sys [2007-12-17 12480]

R3 iKeyIFD;Rainbow iKey Virtual Reader; C:\WINDOWS\system32\DRIVERS\ikeyifd.sys [2007-12-17 19232]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]

R3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes; C:\WINDOWS\system32\DRIVERS\perto38u.sys [2006-10-10 33408]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.OEM\CONFIG~1\Temp\catchme.sys []

S3 RnbToken;Rainbow iKey Token Service; C:\WINDOWS\system32\DRIVERS\rnbtoken.sys [2007-12-17 22304]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 DkLogger;SafeNet Log Service; C:\WINDOWS\system32\dklog.exe [2007-09-13 106496]

R2 DkTknSrv;SafeNet Token Service; C:\WINDOWS\system32\dkcktkn.exe [2007-09-13 737280]

R2 DkVcm;SafeNet Virtual Channel Monitor; C:\WINDOWS\system32\dkvcm.exe [2007-09-13 122880]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-03-27 52808]

R2 InCDsrv;InCD Helper; C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-08 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.06 2009-06-08 11:14:30

 

======Uninstall list======

 

-->C:\Arquivos de programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe AIR-->C:\Arquivos de programas\Arquivos comuns\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}

Adobe Reader 8.1.4 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Códigos de Barra - Comércio Exterior 1.1-->"C:\Arquivos de programas\Códigos de Barra - Comércio Exterior\unins000.exe"

DFX - BL Eletrônico-->MsiExec.exe /X{2E8B0682-1932-4679-A69F-AB8BCDA4F9C6}

Dic Michaelis - UOL-->C:\Dic\instala.exe -d

Google Toolbar for Internet Explorer-->"C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

HijackThis 2.0.2-->"C:\Documents and Settings\Administrador.OEM\Desktop\HijackThis.exe" /uninstall

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

HP Image Zone 4.2-->C:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP OrderReminder-->"C:\Arquivos de programas\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018

HP PSC & OfficeJet 4.2-->"C:\Arquivos de programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LaserJet 1018-->C:\Arquivos de programas\Zenographics\{29351AD1-1076-4DBC-8E50-649595FDDCBB}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"

Leitor USB de Cartões Inteligentes PertoSmart (desinstalar)-->C:\Arquivos de programas\PertoSmart USB Smartcard Reader\uninst.exe

LimeWire 5.1.3-->"C:\Arquivos de programas\LimeWire\uninstall.exe"

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI

On-line Help Console-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6283826F-59A2-11D9-BB04-000AE6BE6EE7}\setup.exe" -l0x9

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

PDFCreator-->C:\Arquivos de programas\PDFCreator\unins000.exe

Picasa 3-->"C:\Arquivos de programas\Google\Picasa3\Uninstall.exe"

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

SafeNet Borderless Security PK Client-->MsiExec.exe /X{74738135-38D6-4ABD-A2BF-A86744971607}

SafeNet iKey Driver v4.0.0.20-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6257E290-5E8E-11D4-9B8D-00D0B72459DD}\Setup.exe" -l0x9 UNINST

SafeNet iKey2032 versão 2.33 para Windows 2000/XP/Vista-->"C:\Arquivos de programas\Safenet\iKey2032\unins000.exe"

SafeSign-->MsiExec.exe /X{6347401C-C260-4B30-9816-8F5A1419CC49}

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins001.exe"

TweetDeck-->MsiExec.exe /X{A9B02DB6-F7BD-16B5-10F2-584333CDD70A}

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: AVG Anti-Virus Free

AV: avast! antivirus 4.8.1335 [VPS 090607-0]

 

======System event log======

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 14206

Source Name: Service Control Manager

Time Written: 20090319080507.000000-180

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 14205

Source Name: Service Control Manager

Time Written: 20090319080507.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço Compatibilidade com 'Troca rápida de usuário' entrou no estado executando.

 

Record Number: 14204

Source Name: Service Control Manager

Time Written: 20090319080507.000000-180

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 7035

Message: O serviço Compatibilidade com 'Troca rápida de usuário' recebeu com êxito um controle Iniciar.

 

Record Number: 14203

Source Name: Service Control Manager

Time Written: 20090319080507.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: AMABILE

Event Code: 7036

Message: O serviço Serviços de terminal entrou no estado executando.

 

Record Number: 14202

Source Name: Service Control Manager

Time Written: 20090319080507.000000-180

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: AMABILE

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 3839

Source Name: SecurityCenter

Time Written: 20091009075159.000000-180

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message: SafeNet Token Server (dkcktkn) Started Succesfully

 

Record Number: 3838

Source Name: SafeNet Token Service

Time Written: 20091009075147.000000-180

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 5

Message: Starting SafeNet Token Service.

 

Record Number: 3837

Source Name: SafeNet Token Service

Time Written: 20091009075147.000000-180

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message: SafeNet Logging Service (dkLog) Started Succesfully

 

Record Number: 3836

Source Name: DKLOG

Time Written: 20091009075132.000000-180

Event Type: Informações

User:

 

Computer Name: AMABILE

Event Code: 0

Message:

Record Number: 3835

Source Name: gusvc

Time Written: 20091006154808.000000-180

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=7f01

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Opa BabiFerrer, Tenha uma boa tarde.

 

Vá em Iniciar > Executar e digite "combofix /u" sem aspas como mostra a imagem abaixo:

 

combou.jpg

 

Aguarde a desinstalação do programa combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

 

• Atualize o Java.

• Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

• Faça download da última versão do Java Runtime Environment (JRE) 6u13.

• Localize: "Java Runtime Environment (JRE) 6 Update 13"

• Clique no botão Download.

Marque a opção que diz: "Accept License Agreement"

• A página será atualizada!

• Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

Feche o IE ou Firefox + Programas que estejam sendo executados.

• Vá em Iniciar --> Painel de Controle.

• Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

• Exemplos de antigas versões:

 

< javaicon.jpg > Java 2 Runtime Environment, SE v1.4.2

< javaicon.jpg > J2SE Runtime Environment 5.0

< javaicon.jpg > J2SE Runtime Environment 5.0 Update 6

 

Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

• Clique no botão Remover ou Alterar/Remover.

Repita quantas vezes for necessária,para remover cada versão do Java.

• Concluindo,reinicie o computador!

Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

 

Faça o download do ATF-Cleaner.exe

 

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

 

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

BabiFerrer    0

BabiFerrer
Postado
Opa BabiFerrer, Tenha uma boa tarde.

 

Vá em Iniciar > Executar e digite "combofix /u" sem aspas como mostra a imagem abaixo:

 

combou.jpg

 

Aguarde a desinstalação do programa combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

 

• Atualize o Java.

• Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

 

Pedro,

 

Por favor, help me please !

 

Fiz todo o procedimento, conforme descrito do Kaspersky Online Scanner, porem na hora de salvar não aparecia nada !

 

Deixei a noite toda rodando !

 

 

• Faça download da última versão do Java Runtime Environment (JRE) 6u13.

• Localize: "Java Runtime Environment (JRE) 6 Update 13"

• Clique no botão Download.

Marque a opção que diz: "Accept License Agreement"

• A página será atualizada!

• Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

Feche o IE ou Firefox + Programas que estejam sendo executados.

• Vá em Iniciar --> Painel de Controle.

• Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

• Exemplos de antigas versões:

 

< javaicon.jpg > Java 2 Runtime Environment, SE v1.4.2

< javaicon.jpg > J2SE Runtime Environment 5.0

< javaicon.jpg > J2SE Runtime Environment 5.0 Update 6

 

Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

• Clique no botão Remover ou Alterar/Remover.

Repita quantas vezes for necessária,para remover cada versão do Java.

• Concluindo,reinicie o computador!

Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

 

Faça o download do ATF-Cleaner.exe

 

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

 

 

Com o navegador Internet Explorer, acesse o Kaspersky Online Scanner e faça um scan online seguindo o tutorial abaixo.

 

Tutorial Kaspersky Online Scanner

 

Ao término do scan, salve o relatório com a extensão .txt (como mostra no final do tutorial) e poste em sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Realizou os procedimentos? :(

Compartilhar este post

Link para o post
Compartilhar em outros sites

BabiFerrer    0

BabiFerrer
Postado
Realizou os procedimentos? :(

 

Pedro,

 

Todos os procedimentos, não esqueci de nada !

 

ele chegou a finalizar, porem não havia nada a ser salvo... como eu te disse foi a noite inteira rodando.

 

E posso até te adiantar, que ele chegou a pegar um arquivo infectado. ( Um sinal, sinalizando para essa infecção)

 

Não há nenhum outro procedimento, que eu possa realizar.

 

Muito obrigada, por sua atenção ! :cry:

Compartilhar este post

Link para o post
Compartilhar em outros sites

BabiFerrer    0

BabiFerrer
Postado

 

 

Pedro, Muito grata, por sua paciencia comigo.

 

Estou fazendo o scaner e assim que obter o resultado em posto.

 

Segue analise:

 

BitDefender Online Scanner

 

 

Scan report generated at: Fri, Jun 12, 2009 - 15:21:24

 

 

 

Scan path: C:\Documents and Settings\Administrador.OEM\Configurações locais\Dados de aplicativos\Microsoft\Messenger\criabe@hotmail.com\Sharing Folders;C:\Documents and Settings\Administrador.OEM\Meus documentos;C:\Documents and Settings\All Users.WINDOWS\Documentos;A:\;C:\;D:\;

 

 

 

Statistics

 

Time

00:05:59

 

Files

22538

 

Folders

55

 

Boot Sectors

0

 

Archives

253

 

Packed Files

281

 

 

 

Results

 

Identified Viruses

0

 

Infected Files

0

 

Suspect Files

0

 

Warnings

0

 

Disinfected

0

 

Deleted Files

0

 

 

Engines Info

 

Virus Definitions

3348323

 

Engine build

AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

 

Scan plugins

17

 

Archive plugins

45

 

Unpack plugins

7

 

E-mail plugins

6

 

System plugins

4

 

 

Scan Settings

 

First Action

Disinfect

 

Second Action

Delete

 

Heuristics

Yes

 

Enable Warnings

Yes

 

Scanned Extensions

*;

 

Exclude Extensions

 

 

Scan Emails

Yes

 

Scan Archives

Yes

 

Scan Packed

Yes

 

Scan Files

Yes

 

Scan Boot

Yes

 

 

 

 

Scanned File

Status

 

No virus found.

 

BitDefender Online Scanner - Real Time Virus Report

 

 

 

Generated at: Fri, Jun 12, 2009 - 15:33:28

 

 

--------------------------------------------------------------------------------

 

 

 

 

 

Scan Info

 

 

 

Scanned Files

22593

 

Infected Files

0

 

 

 

 

 

 

 

 

Virus Detected

 

 

 

No virus found.

 

 

 

 

 

 

 

 

 

 

 

--------------------------------------------------------------------------------

 

 

 

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

 

 

Babi Ferrer

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

O seu log estar limpo :)

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito