torugorj 0 Denunciar post Postado Julho 7, 2009 Não consigo executar o msconfig; aparece a seguinte mensagem: "O Windows não consegue encontrar 'msconfig'. Certifique-se de que o nome foi digitado corretamente e tente de novo. Para procurar um arquivo, clique no botão "Iniciar' e em 'Pesquisar'. Além disso, quando tento abrir um arquivo ele nao abre sem que o programa que o executa esteja previamente aberto. Ex: tento abrir um arquivo de musica, dou 2 cliques e nada acontece, so acontece se o windows media player ja estiver aberto, isso cotei tambem nas tarefas que aparecem quando clica com o botão direito, elas não funcionam. Segue o log do hijack Desde ja agradeço. Logfile of HijackThis v1.99.1 Scan saved at 19:31, on 07/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Bywifi\bywifi.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe C:\WINDOWS\system32\cmpe.exe C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\alg.exe C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpprop.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\ARQUIVOS DE PROGRAMAS\BitTorrent\Downloads Bittorrent\Winning.Eleven.Pro.Evolution.Soccer.2007.CloneDVD-NETSHOW\tools\YASU.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\ARQUIVOS DE PROGRAMAS\Windows Media Player\wmplayer.exe C:\Documents and Settings\PC\Meus documentos\Programas antivirus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/cadastro.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKfind\PlugIns\IEHelp.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [LGMobileSyncLauncher] C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Startup: hpqtra08.exe.lnk = C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\ARQUIVOS DE PROGRAMAS\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie2.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{68D0BEAD-47BF-4FD0-A03E-B087D3238F5D}: NameServer = 200.149.55.140 200.165.132.147 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WB - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARQUIVOS DE PROGRAMAS\Ares\chatServer.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 7, 2009 Faça o download do ComboFix de um destes locais: Link 1. Link 2. Link 3. Importante! Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança. Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado. Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional. Certifique-se de que você salvou ComboFix.exe para o seu desktop. • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Dê um duplo clique no ComboFix.exe & siga as instruções. • Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware. • Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console. -- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos. Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem: Clique em Sim, para continuar a varredura de malware. Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
torugorj 0 Denunciar post Postado Julho 8, 2009 Feito essa etapa, seguem os logs do combofix e do hijack: ComboFix 09-07-07.A2 - PC 07/07/2009 22:39.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1983.1272 [GMT -3:00] Executando de: c:\documents and settings\PC\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ADS - drivers: deleted 208 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\PC\Dados de aplicativos\inst.exe C:\InfoSat.txt C:\Muestras c:\recycler\S-1-5-21-4090293015-2699072550-1654092251-1003 c:\recycler\S-1-5-21-682003330-1390067357-839522115-1003 c:\windows\icon.ico c:\windows\Installer\30219b5.msi c:\windows\Installer\51838.msi c:\windows\Installer\7e1ed1.msi c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_SROSA -------\Service_NPF (((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))) . 2009-07-07 15:25 . 2009-07-07 15:25 -------- d-----w- c:\arquivos de programas\Vstplugins 2009-07-07 15:24 . 2009-07-07 15:27 -------- d-----w- c:\arquivos de programas\Sony 2009-07-06 11:45 . 2009-07-06 11:45 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll 2009-06-30 00:21 . 2009-06-14 19:07 1004800 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll 2009-06-29 12:53 . 2009-06-29 12:52 832144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\AVGToolbarInstall.exe 2009-06-29 12:52 . 2009-06-30 00:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar 2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar 2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\AVGTOOLBAR 2009-06-26 00:49 . 2009-06-26 00:58 -------- d-----w- C:\LBA 2009-06-25 19:51 . 2005-06-23 17:51 225280 ----a-w- c:\windows\system\SDL.dll 2009-06-25 18:46 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-06-25 18:46 . 2009-06-25 18:46 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution 2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2009-06-25 18:44 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2009-06-25 18:44 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll 2009-06-25 18:44 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2009-06-25 18:44 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2009-06-25 18:41 . 2009-06-25 18:39 33781176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_por_br.exe 2009-06-25 18:40 . 2009-06-25 18:40 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2009-06-25 18:40 . 2009-06-25 18:40 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe 2009-06-25 18:40 . 2009-06-25 18:40 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-25 18:40 . 2009-06-25 18:40 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-25 17:50 . 2007-11-08 19:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll 2009-06-25 17:50 . 2009-07-07 16:22 -------- d-----w- c:\arquivos de programas\LG PC Suite II 2009-06-25 17:50 . 2009-06-25 17:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\LG Electronics 2009-06-25 17:48 . 2009-06-25 17:48 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\InstallShield 2009-06-18 23:07 . 2009-06-18 19:12 51200 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\FFExternalAlert.dll 2009-06-18 23:07 . 2009-06-18 19:12 114688 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\npmozax.dll 2009-06-15 21:55 . 2009-06-15 21:55 -------- d-----w- c:\windows\Logs 2009-06-15 18:52 . 2009-06-15 18:51 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-15 18:31 . 2009-06-15 18:47 -------- d-----w- c:\documents and settings\PC\.jSMS . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 01:55 . 2009-03-17 02:44 -------- d-----w- c:\arquivos de programas\Bywifi 2009-07-08 01:54 . 2008-08-13 00:12 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator 2009-07-08 01:52 . 2008-01-19 12:58 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-07-07 21:15 . 2008-01-23 03:11 -------- d-----w- c:\arquivos de programas\a-squared Free 2009-07-07 18:49 . 2008-06-24 20:19 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\BitTorrent 2009-07-07 15:17 . 2007-11-21 13:09 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-06-30 15:00 . 2008-01-05 11:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-06-30 15:00 . 2008-09-01 23:19 -------- d-----w- c:\arquivos de programas\GbPlugin 2009-06-29 12:52 . 2009-01-28 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 12:52 . 2009-01-28 12:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 12:52 . 2009-01-28 12:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-25 19:35 . 2009-04-21 15:24 -------- d-----w- c:\arquivos de programas\Warcraft III 2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-06-25 18:57 . 2006-10-15 03:09 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Nokia 2009-06-25 18:47 . 2007-02-09 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite 2009-06-25 18:47 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia 2009-06-25 18:39 . 2008-01-05 15:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations 2009-06-25 17:58 . 2009-06-25 17:58 -------- d-----w- c:\arquivos de programas\LG Electronics 2009-06-25 17:58 . 2006-09-18 15:56 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-06-22 14:08 . 2009-05-20 02:48 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2009-06-21 19:00 . 2009-05-14 21:39 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\MessengerDiscovery 2 2009-06-17 06:28 . 2008-06-23 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-06-16 22:10 . 2009-01-22 12:28 83456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll 2009-06-15 21:10 . 2006-09-18 16:12 73122 ----a-w- c:\windows\system32\perfc016.dat 2009-06-15 21:10 . 2006-09-18 16:12 442018 ----a-w- c:\windows\system32\perfh016.dat 2009-06-15 18:51 . 2006-09-18 15:47 -------- d-----w- c:\arquivos de programas\Java 2009-06-14 15:44 . 2007-08-10 15:49 -------- d-----w- c:\arquivos de programas\Yahoo! 2009-06-13 23:54 . 2007-11-27 01:03 -------- d-----w- c:\arquivos de programas\KONAMI 2009-06-13 12:23 . 2006-10-25 22:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Image Zone Express 2009-06-12 00:24 . 2006-11-19 12:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-06-11 14:36 . 2007-03-12 19:38 -------- d-----w- c:\arquivos de programas\Positivo 2009-06-07 23:41 . 2009-06-07 23:41 98304 ----a-w- c:\windows\system32CmdLineExt.dll 2009-06-01 18:12 . 2006-10-15 06:01 -------- d-----w- c:\arquivos de programas\eMule 2009-05-30 23:45 . 2009-05-30 23:34 -------- d-----w- c:\arquivos de programas\SWAT 4 2009-05-29 23:57 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Nokia 2009-05-29 23:55 . 2009-05-29 23:55 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-05-29 23:55 . 2009-05-29 23:55 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-05-29 23:55 . 2009-05-29 23:55 3181612 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-05-29 23:55 . 2009-05-29 23:55 24390976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe 2009-05-29 03:11 . 2009-02-27 03:47 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2009-05-29 03:04 . 2007-12-08 10:07 -------- d-----w- c:\arquivos de programas\TweakNow PowerPack 2006 2009-05-29 03:04 . 2007-12-13 12:39 -------- d-----w- c:\arquivos de programas\Sword of The New World 2009-05-29 03:04 . 2007-12-23 21:10 -------- d-----w- c:\arquivos de programas\Soulseek 2009-05-29 03:04 . 2006-10-22 04:54 -------- d-----w- c:\arquivos de programas\Shareaza 2009-05-29 03:04 . 2007-11-28 19:42 -------- d-----w- c:\arquivos de programas\ONGAME 2009-05-29 03:03 . 2008-05-30 15:56 -------- d-----w- c:\arquivos de programas\eREAD6.0 2009-05-29 03:03 . 2006-11-19 12:59 -------- d-----w- c:\arquivos de programas\DVD Shrink 2009-05-29 03:03 . 2008-08-12 21:45 -------- d-----w- c:\arquivos de programas\DAP 2009-05-29 03:03 . 2008-02-24 21:01 -------- dc----w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2009-05-29 03:03 . 2006-09-18 16:07 -------- d-----w- c:\arquivos de programas\Ahead 2009-05-29 03:03 . 2009-04-24 17:36 -------- d-----w- c:\arquivos de programas\Call of Duty 2009-05-25 02:42 . 2009-03-12 02:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bassic Technologies 2009-05-22 23:17 . 2009-05-22 23:17 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\www.TheXSoft.com 2009-05-22 06:26 . 2009-05-22 06:26 -------- d-----w- c:\arquivos de programas\Ask Search Assistant 2009-05-14 21:37 . 2009-05-14 21:37 -------- d-----w- c:\arquivos de programas\MessengerDiscovery 2 2009-05-11 15:47 . 2009-05-11 15:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll 2009-05-09 12:07 . 2009-02-27 03:48 -------- d-----w- c:\arquivos de programas\MessengerDiscovery 2009-05-07 15:33 . 2006-09-18 16:11 347136 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:45 . 2006-09-18 16:12 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2006-09-18 16:11 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-21 15:48 . 2009-04-21 15:31 69981 ----a-w- c:\windows\War3Unin.dat 2009-04-21 15:47 . 2009-04-21 15:31 2829 ----a-w- c:\windows\War3Unin.pif 2009-04-21 15:47 . 2009-04-21 15:31 139264 ----a-w- c:\windows\War3Unin.exe 2009-04-19 19:50 . 2006-09-18 16:12 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2006-09-18 16:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2008-04-17 01:13 . 2008-04-17 01:13 0 -csh--w- c:\windows\S1A39CB36.tmp 2006-05-03 10:06 . 2008-01-21 22:59 163328 -csh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2008-01-21 22:59 31232 -csh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43 . 2008-01-21 22:59 27648 -csh--w- c:\windows\system32\Smab0.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 19:07 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-01-22 3134976] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344] "Google Update"="c:\documents and settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104] "LGMobileSyncLauncher"="c:\arquivos de programas\LG PC Suite II\LG_MobileSync_Launcher.exe" [2008-06-11 4169728] "PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-18 198160] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-06-15 148888] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248] "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-08-27 200704] c:\documents and settings\PC\Menu Iniciar\Programas\Inicializar\ hpqtra08.exe.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2009-06-22 14:08 289768 ----a-w- c:\arquiv~1\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-29 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk] backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Conexão Oi Velox.lnk] backup=c:\windows\pss\Conexão Oi Velox.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Desconect@ Expert.lnk] backup=c:\windows\pss\Desconect@ Expert.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk] backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\BitTorrent\\bittorrent.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Ares\\Ares.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\eMule\\emule.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Bywifi\\bywifi.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Warcraft III\\Warcraft III.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\DAP\\DAP.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [19/5/2009 23:48 26984] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [16/10/2006 20:13 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [16/10/2006 20:13 5504] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/1/2009 09:53 327688] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [28/1/2009 09:52 298776] R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [26/2/2007 10:11 61440] R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [9/2/2007 11:49 33404] R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [9/2/2007 11:49 13440] R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [9/2/2007 11:49 16314] R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [9/2/2007 11:49 8344] R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [9/2/2007 11:49 32666] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/9/2008 20:19 53736] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?] R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 18:19 13592] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [9/6/2002 23:09 31232] S2 RPCHE;Remote Procedure Call (RPCE);c:\arquivos de programas\Common Files\Microsoft Shared\Speech\csvd.exe [21/4/2009 12:24 11573248] S2 sbbotdi;sbbotdi;\??\c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys --> c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys [?] S3 filter;filter;c:\windows\system32\drivers\filter.sys [5/7/2004 01:20 8832] S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [25/6/2009 14:58 83584] S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [25/6/2009 14:58 14976] S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [25/6/2009 14:58 110464] S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [25/6/2009 14:58 104448] S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [25/6/2009 14:58 25344] S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [25/6/2009 14:58 100480] S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [25/6/2009 14:58 109952] S3 UXDCMN;UXDCMN;\??\c:\sysprep\wst\UXDCMN.SYS --> c:\sysprep\wst\UXDCMN.SYS [?] S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?] S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys --> c:\windows\system32\XDva033.sys [?] S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys --> c:\windows\system32\XDva038.sys [?] S3 XDva074;XDva074;\??\c:\windows\system32\XDva074.sys --> c:\windows\system32\XDva074.sys [?] S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?] S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?] . Conteúdo da pasta 'Tarefas Agendadas' 2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2009-07-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 21:20] . - - - - ORFÃOS REMOVIDOS - - - - Notify-WB - (no file) SafeBoot-sglfb.sys SafeBoot-tga.sys . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.orkut.com/ uInternet Connection Wizard,ShellNext = hxxp://www.positivoinformatica.com.br/cadastro.asp uInternet Settings,ProxyOverride = local IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm TCP: {68D0BEAD-47BF-4FD0-A03E-B087D3238F5D} = 200.149.55.140 200.165.132.147 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-07 22:52 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-3230164199-3094433589-404582642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(936) c:\arquiv~1\GbPlugin\gbiehabn.dll - - - - - - - > 'explorer.exe'(2564) c:\arquiv~1\GbPlugin\gbiehabn.dll c:\arquivos de programas\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\arquivos de programas\Scpad\scpLIB.dll c:\arquivos de programas\Scpad\scpMIB.dll c:\arquivos de programas\Scpad\sshib.dll c:\arquivos de programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\a-squared Free\a2service.exe c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\arquivos de programas\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDANTSRV.EXE c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe c:\arquiv~1\AVG\AVG8\avgrsx.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\UAService7.exe c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Tempo para conclusão: 2009-07-08 23:05 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-07-08 02:05 Pré-execução: 5.470.928.896 bytes disponíveis Pós execução: 5.355.679.744 bytes disponíveis Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 354 --- E O F --- 2009-07-07 04:55 Logfile of HijackThis v1.99.1 Scan saved at 23:10:22, on 7/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\cmpe.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE C:\WINDOWS\system32\ctfmon.exe C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Arquivos de programas\Bywifi\bywifi.exe C:\WINDOWS\explorer.exe C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe C:\Documents and Settings\PC\Meus documentos\Programas antivirus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/cadastro.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKfind\PlugIns\IEHelp.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [LGMobileSyncLauncher] C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Startup: hpqtra08.exe.lnk = C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\ARQUIVOS DE PROGRAMAS\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie2.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{68D0BEAD-47BF-4FD0-A03E-B087D3238F5D}: NameServer = 200.149.55.140 200.165.132.147 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARQUIVOS DE PROGRAMAS\Ares\chatServer.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 8, 2009 1° Passo a ser seguido é a execução do comboFix através do script abaixo. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::c:\windows\system32\deploytk.dll c:\windows\S1A39CB36.tmp c:\windows\system32\XDva020.sys c:\windows\system32\XDva033.sys c:\windows\system32\XDva038.sys c:\windows\system32\XDva074.sys c:\windows\system32\XDva090.sys c:\windows\system32\XDva186.sys c:\windows\system32\XDva189.sys c:\windows\system32\XDva224.sys Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 1 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"=- Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. 2° Passo • Vá a este Link,e baixe: < Malwarebytes > • Atualize o programa! • Escolha o escaneamento Rápido! • Desabilite programas de proteção,ao executar o malwarebytes. • Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. • Para maiores detalhes: < Link > ----------------------- • Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt, HijackThis e ComboFix na sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
torugorj 0 Denunciar post Postado Julho 8, 2009 Feito todas as etapas acima, segue os logs mbam, HijackThis e ComboFix. obrigado pela ajuda Malwarebytes' Anti-Malware 1.38 Versão do banco de dados: 2394 Windows 5.1.2600 Service Pack 3 8/7/2009 17:33:54 mbam-log-2009-07-08 (17-33-54).txt Tipo de Verificação: Rápida Objetos verificados: 107150 Tempo decorrido: 6 minute(s), 7 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RPCHE (Backdoor.Bot) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) _______________________________________ Logfile of HijackThis v1.99.1 Scan saved at 19:48:01, on 8/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\a-squared Free\a2service.exe C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\AVG\AVG8\avgtray.exe C:\Arquivos de programas\Bywifi\bywifi.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ctfmon.exe C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\cmpe.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\ARQUIV~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Documents and Settings\PC\Meus documentos\Programas antivirus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/cadastro.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKfind\PlugIns\IEHelp.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DownloadAccelerator] "C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [LGMobileSyncLauncher] C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Startup: hpqtra08.exe.lnk = C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\ARQUIVOS DE PROGRAMAS\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie2.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/ O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{68D0BEAD-47BF-4FD0-A03E-B087D3238F5D}: NameServer = 200.149.55.140 200.165.132.147 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARQUIVOS DE PROGRAMAS\Ares\chatServer.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing) _____________________________________________________- ComboFix 09-07-08.01 - PC 08/07/2009 16:37.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1983.1323 [GMT -3:00] Executando de: c:\documents and settings\PC\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\PC\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\S1A39CB36.tmp" "c:\windows\system32\deploytk.dll" "c:\windows\system32\XDva020.sys" "c:\windows\system32\XDva033.sys" "c:\windows\system32\XDva038.sys" "c:\windows\system32\XDva074.sys" "c:\windows\system32\XDva090.sys" "c:\windows\system32\XDva186.sys" "c:\windows\system32\XDva189.sys" "c:\windows\system32\XDva224.sys" . ADS - drivers: deleted 208 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\S1A39CB36.tmp c:\windows\system32\deploytk.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))) . 2009-07-07 15:25 . 2009-07-07 15:25 -------- d-----w- c:\arquivos de programas\Vstplugins 2009-07-07 15:24 . 2009-07-07 15:27 -------- d-----w- c:\arquivos de programas\Sony 2009-07-06 11:45 . 2009-07-08 01:57 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll 2009-06-30 00:21 . 2009-06-14 19:07 1004800 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll 2009-06-29 12:53 . 2009-06-29 12:52 832144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\AVGToolbarInstall.exe 2009-06-29 12:52 . 2009-06-30 00:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar 2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar 2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\AVGTOOLBAR 2009-06-26 00:49 . 2009-06-26 00:58 -------- d-----w- C:\LBA 2009-06-25 19:51 . 2005-06-23 17:51 225280 ----a-w- c:\windows\system\SDL.dll 2009-06-25 18:46 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-06-25 18:46 . 2009-06-25 18:46 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution 2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2009-06-25 18:44 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2009-06-25 18:44 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll 2009-06-25 18:44 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2009-06-25 18:44 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll 2009-06-25 18:41 . 2009-06-25 18:39 33781176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_por_br.exe 2009-06-25 18:40 . 2009-06-25 18:40 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2009-06-25 18:40 . 2009-06-25 18:40 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe 2009-06-25 18:40 . 2009-06-25 18:40 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-25 18:40 . 2009-06-25 18:40 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-25 17:50 . 2007-11-08 19:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll 2009-06-25 17:50 . 2009-07-07 16:22 -------- d-----w- c:\arquivos de programas\LG PC Suite II 2009-06-25 17:50 . 2009-06-25 17:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\LG Electronics 2009-06-25 17:48 . 2009-06-25 17:48 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\InstallShield 2009-06-18 23:07 . 2009-06-18 19:12 51200 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\FFExternalAlert.dll 2009-06-18 23:07 . 2009-06-18 19:12 114688 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\npmozax.dll 2009-06-15 21:55 . 2009-06-15 21:55 -------- d-----w- c:\windows\Logs 2009-06-15 18:31 . 2009-06-15 18:47 -------- d-----w- c:\documents and settings\PC\.jSMS . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 15:11 . 2008-08-13 00:12 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator 2009-07-08 15:11 . 2008-01-19 12:58 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2009-07-08 01:59 . 2009-03-17 02:44 -------- d-----w- c:\arquivos de programas\Bywifi 2009-07-07 21:15 . 2008-01-23 03:11 -------- d-----w- c:\arquivos de programas\a-squared Free 2009-07-07 18:49 . 2008-06-24 20:19 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\BitTorrent 2009-07-07 15:17 . 2007-11-21 13:09 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-06-30 15:00 . 2008-01-05 11:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin 2009-06-30 15:00 . 2008-09-01 23:19 -------- d-----w- c:\arquivos de programas\GbPlugin 2009-06-29 12:52 . 2009-01-28 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-29 12:52 . 2009-01-28 12:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-29 12:52 . 2009-01-28 12:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-25 19:35 . 2009-04-21 15:24 -------- d-----w- c:\arquivos de programas\Warcraft III 2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-06-25 18:57 . 2006-10-15 03:09 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Nokia 2009-06-25 18:47 . 2007-02-09 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite 2009-06-25 18:47 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia 2009-06-25 18:39 . 2008-01-05 15:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations 2009-06-25 17:58 . 2009-06-25 17:58 -------- d-----w- c:\arquivos de programas\LG Electronics 2009-06-25 17:58 . 2006-09-18 15:56 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-06-22 14:08 . 2009-05-20 02:48 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2009-06-21 19:00 . 2009-05-14 21:39 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\MessengerDiscovery 2 2009-06-17 06:28 . 2008-06-23 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-06-16 22:10 . 2009-01-22 12:28 83456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll 2009-06-15 21:10 . 2006-09-18 16:12 73122 ----a-w- c:\windows\system32\perfc016.dat 2009-06-15 21:10 . 2006-09-18 16:12 442018 ----a-w- c:\windows\system32\perfh016.dat 2009-06-15 18:51 . 2006-09-18 15:47 -------- d-----w- c:\arquivos de programas\Java 2009-06-14 15:44 . 2007-08-10 15:49 -------- d-----w- c:\arquivos de programas\Yahoo! 2009-06-13 23:54 . 2007-11-27 01:03 -------- d-----w- c:\arquivos de programas\KONAMI 2009-06-13 12:23 . 2006-10-25 22:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Image Zone Express 2009-06-12 00:24 . 2006-11-19 12:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink 2009-06-11 14:36 . 2007-03-12 19:38 -------- d-----w- c:\arquivos de programas\Positivo 2009-06-07 23:41 . 2009-06-07 23:41 98304 ----a-w- c:\windows\system32CmdLineExt.dll 2009-06-01 18:12 . 2006-10-15 06:01 -------- d-----w- c:\arquivos de programas\eMule 2009-05-30 23:45 . 2009-05-30 23:34 -------- d-----w- c:\arquivos de programas\SWAT 4 2009-05-29 23:57 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Nokia 2009-05-29 23:55 . 2009-05-29 23:55 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-05-29 23:55 . 2009-05-29 23:55 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-05-29 23:55 . 2009-05-29 23:55 3181612 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-05-29 23:55 . 2009-05-29 23:55 24390976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe 2009-05-29 03:11 . 2009-02-27 03:47 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2009-05-29 03:04 . 2007-12-08 10:07 -------- d-----w- c:\arquivos de programas\TweakNow PowerPack 2006 2009-05-29 03:04 . 2007-12-13 12:39 -------- d-----w- c:\arquivos de programas\Sword of The New World 2009-05-29 03:04 . 2007-12-23 21:10 -------- d-----w- c:\arquivos de programas\Soulseek 2009-05-29 03:04 . 2006-10-22 04:54 -------- d-----w- c:\arquivos de programas\Shareaza 2009-05-29 03:04 . 2007-11-28 19:42 -------- d-----w- c:\arquivos de programas\ONGAME 2009-05-29 03:03 . 2008-05-30 15:56 -------- d-----w- c:\arquivos de programas\eREAD6.0 2009-05-29 03:03 . 2006-11-19 12:59 -------- d-----w- c:\arquivos de programas\DVD Shrink 2009-05-29 03:03 . 2008-08-12 21:45 -------- d-----w- c:\arquivos de programas\DAP 2009-05-29 03:03 . 2008-02-24 21:01 -------- dc----w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller 2009-05-29 03:03 . 2006-09-18 16:07 -------- d-----w- c:\arquivos de programas\Ahead 2009-05-29 03:03 . 2009-04-24 17:36 -------- d-----w- c:\arquivos de programas\Call of Duty 2009-05-25 02:42 . 2009-03-12 02:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bassic Technologies 2009-05-22 23:17 . 2009-05-22 23:17 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\www.TheXSoft.com 2009-05-22 06:26 . 2009-05-22 06:26 -------- d-----w- c:\arquivos de programas\Ask Search Assistant 2009-05-14 21:37 . 2009-05-14 21:37 -------- d-----w- c:\arquivos de programas\MessengerDiscovery 2 2009-05-11 15:47 . 2009-05-11 15:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll 2009-05-07 15:33 . 2006-09-18 16:11 347136 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:45 . 2006-09-18 16:12 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2006-09-18 16:11 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-21 15:48 . 2009-04-21 15:31 69981 ----a-w- c:\windows\War3Unin.dat 2009-04-21 15:47 . 2009-04-21 15:31 2829 ----a-w- c:\windows\War3Unin.pif 2009-04-21 15:47 . 2009-04-21 15:31 139264 ----a-w- c:\windows\War3Unin.exe 2009-04-19 19:50 . 2006-09-18 16:12 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2006-09-18 16:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2006-05-03 10:06 . 2008-01-21 22:59 163328 -csh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2008-01-21 22:59 31232 -csh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43 . 2008-01-21 22:59 27648 -csh--w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-08_01.52.46 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-08 15:11 . 2009-07-08 15:11 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 19:07 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-01-22 3134976] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344] "Google Update"="c:\documents and settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104] "LGMobileSyncLauncher"="c:\arquivos de programas\LG PC Suite II\LG_MobileSync_Launcher.exe" [2008-06-11 4169728] "PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440] "bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-18 198160] "SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-06-15 148888] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248] "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-08-27 200704] c:\documents and settings\PC\Menu Iniciar\Programas\Inicializar\ hpqtra08.exe.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] "{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn] 2009-06-22 14:08 289768 ----a-w- c:\arquiv~1\GbPlugin\gbiehabn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-29 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk] backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk] backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk] backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Conexão Oi Velox.lnk] backup=c:\windows\pss\Conexão Oi Velox.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Desconect@ Expert.lnk] backup=c:\windows\pss\Desconect@ Expert.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk] backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\BitTorrent\\bittorrent.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Ares\\Ares.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\EA GAMES\\Battlefield 1942\\BF1942.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\eMule\\emule.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Bywifi\\bywifi.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Warcraft III\\Warcraft III.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\DAP\\DAP.exe"= "c:\\ARQUIVOS DE PROGRAMAS\\Windows Live\\Messenger\\msnmsgr.exe"= R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [19/5/2009 23:48 26984] R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [16/10/2006 20:13 140800] R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [16/10/2006 20:13 5504] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/1/2009 09:53 327688] R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [28/1/2009 09:52 298776] R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [26/2/2007 10:11 61440] R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [9/2/2007 11:49 33404] R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [9/2/2007 11:49 13440] R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [9/2/2007 11:49 16314] R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [9/2/2007 11:49 8344] R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [9/2/2007 11:49 32666] R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/9/2008 20:19 53736] R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?] R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 18:19 13592] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [9/6/2002 23:09 31232] S2 RPCHE;Remote Procedure Call (RPCE);c:\arquivos de programas\Common Files\Microsoft Shared\Speech\csvd.exe [21/4/2009 12:24 11573248] S2 sbbotdi;sbbotdi;\??\c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys --> c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys [?] S3 filter;filter;c:\windows\system32\drivers\filter.sys [5/7/2004 01:20 8832] S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [25/6/2009 14:58 83584] S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [25/6/2009 14:58 14976] S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [25/6/2009 14:58 110464] S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [25/6/2009 14:58 104448] S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [25/6/2009 14:58 25344] S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [25/6/2009 14:58 100480] S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [25/6/2009 14:58 109952] S3 UXDCMN;UXDCMN;\??\c:\sysprep\wst\UXDCMN.SYS --> c:\sysprep\wst\UXDCMN.SYS [?] S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?] S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys --> c:\windows\system32\XDva033.sys [?] S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys --> c:\windows\system32\XDva038.sys [?] S3 XDva074;XDva074;\??\c:\windows\system32\XDva074.sys --> c:\windows\system32\XDva074.sys [?] S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?] S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?] . Conteúdo da pasta 'Tarefas Agendadas' 2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2009-07-08 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 21:20] . . ------- Scan Suplementar ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.orkut.com/ uInternet Connection Wizard,ShellNext = hxxp://www.positivoinformatica.com.br/cadastro.asp uInternet Settings,ProxyOverride = local IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm TCP: {68D0BEAD-47BF-4FD0-A03E-B087D3238F5D} = 200.149.55.140 200.165.132.147 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-08 16:44 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-3230164199-3094433589-404582642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) @SACL= [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(940) c:\arquiv~1\GbPlugin\gbiehabn.dll . Tempo para conclusão: 2009-07-08 16:47 ComboFix-quarantined-files.txt 2009-07-08 19:47 ComboFix2.txt 2009-07-08 02:05 Pré-execução: 5.294.559.232 bytes disponíveis Pós execução: 5.276.389.376 bytes disponíveis Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5 296 --- E O F --- 2009-07-07 04:55 Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 9, 2009 Acesse este site: http://www.kaspersky.com/virusscanner Clique em Siga as instruções de configuração do verificador conforme imagem abaixo. poste o log do scan aqui mesmo no tópico Compartilhar este post Link para o post Compartilhar em outros sites
torugorj 0 Denunciar post Postado Julho 10, 2009 Ai esta o log do scan: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, July 10, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Thursday, July 09, 2009 19:50:46 Records in database: 2451499 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 193207 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 09:27:47 File name / Threat name / Threats count C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1 The selected area was scanned. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 10, 2009 Ok, o log estar limpo :) Vá em Iniciar > Executar e digite "combofix /u" sem aspas como mostra a imagem abaixo: Aguarde a desinstalação do programa combofix. - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner ◘ Clique em Salvar e quando terminado o download, faça a instalação; ◘ Abra o programa e clique em Executar Limpeza; ◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
torugorj 0 Denunciar post Postado Julho 11, 2009 Muito obrigado pela ajuda! Problema resolvido, otimo trabalho! =] Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Julho 11, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
