Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

torugorj

[Resolvido!] Não consigo executar o msconfig e arquivos não abrem

Recommended Posts

Não consigo executar o msconfig; aparece a seguinte mensagem: "O Windows não consegue encontrar 'msconfig'. Certifique-se de que o nome foi digitado corretamente e tente de novo. Para procurar um arquivo, clique no botão "Iniciar' e em 'Pesquisar'.

Além disso, quando tento abrir um arquivo ele nao abre sem que o programa que o executa esteja previamente aberto. Ex: tento abrir um arquivo de musica, dou 2 cliques e nada acontece, so acontece se o windows media player ja estiver aberto, isso cotei tambem nas tarefas que aparecem quando clica com o botão direito, elas não funcionam. Segue o log do hijack

Desde ja agradeço.

 

Logfile of HijackThis v1.99.1

Scan saved at 19:31, on 07/07/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Bywifi\bywifi.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe

C:\WINDOWS\system32\cmpe.exe

C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpprop.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIVOS DE PROGRAMAS\BitTorrent\Downloads Bittorrent\Winning.Eleven.Pro.Evolution.Soccer.2007.CloneDVD-NETSHOW\tools\YASU.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Media Player\wmplayer.exe

C:\Documents and Settings\PC\Meus documentos\Programas antivirus\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/cadastro.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKfind\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [LGMobileSyncLauncher] C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - Startup: hpqtra08.exe.lnk = C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\ARQUIVOS DE PROGRAMAS\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie2.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{68D0BEAD-47BF-4FD0-A03E-B087D3238F5D}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WB - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARQUIVOS DE PROGRAMAS\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

RcAuto1.gif

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

whatnext.png

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito essa etapa, seguem os logs do combofix e do hijack:

 

ComboFix 09-07-07.A2 - PC 07/07/2009 22:39.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1983.1272 [GMT -3:00]

Executando de: c:\documents and settings\PC\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 208 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\PC\Dados de aplicativos\inst.exe

C:\InfoSat.txt

C:\Muestras

c:\recycler\S-1-5-21-4090293015-2699072550-1654092251-1003

c:\recycler\S-1-5-21-682003330-1390067357-839522115-1003

c:\windows\icon.ico

c:\windows\Installer\30219b5.msi

c:\windows\Installer\51838.msi

c:\windows\Installer\7e1ed1.msi

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Legacy_SROSA

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))

.

 

2009-07-07 15:25 . 2009-07-07 15:25 -------- d-----w- c:\arquivos de programas\Vstplugins

2009-07-07 15:24 . 2009-07-07 15:27 -------- d-----w- c:\arquivos de programas\Sony

2009-07-06 11:45 . 2009-07-06 11:45 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll

2009-06-30 00:21 . 2009-06-14 19:07 1004800 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll

2009-06-29 12:53 . 2009-06-29 12:52 832144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\AVGToolbarInstall.exe

2009-06-29 12:52 . 2009-06-30 00:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\AVGTOOLBAR

2009-06-26 00:49 . 2009-06-26 00:58 -------- d-----w- C:\LBA

2009-06-25 19:51 . 2005-06-23 17:51 225280 ----a-w- c:\windows\system\SDL.dll

2009-06-25 18:46 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2009-06-25 18:46 . 2009-06-25 18:46 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2009-06-25 18:44 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2009-06-25 18:44 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll

2009-06-25 18:44 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2009-06-25 18:44 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2009-06-25 18:41 . 2009-06-25 18:39 33781176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_por_br.exe

2009-06-25 18:40 . 2009-06-25 18:40 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe

2009-06-25 18:40 . 2009-06-25 18:40 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe

2009-06-25 18:40 . 2009-06-25 18:40 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-06-25 18:40 . 2009-06-25 18:40 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe

2009-06-25 17:50 . 2007-11-08 19:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll

2009-06-25 17:50 . 2009-07-07 16:22 -------- d-----w- c:\arquivos de programas\LG PC Suite II

2009-06-25 17:50 . 2009-06-25 17:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\LG Electronics

2009-06-25 17:48 . 2009-06-25 17:48 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\InstallShield

2009-06-18 23:07 . 2009-06-18 19:12 51200 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\FFExternalAlert.dll

2009-06-18 23:07 . 2009-06-18 19:12 114688 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\npmozax.dll

2009-06-15 21:55 . 2009-06-15 21:55 -------- d-----w- c:\windows\Logs

2009-06-15 18:52 . 2009-06-15 18:51 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-06-15 18:31 . 2009-06-15 18:47 -------- d-----w- c:\documents and settings\PC\.jSMS

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-08 01:55 . 2009-03-17 02:44 -------- d-----w- c:\arquivos de programas\Bywifi

2009-07-08 01:54 . 2008-08-13 00:12 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator

2009-07-08 01:52 . 2008-01-19 12:58 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-07 21:15 . 2008-01-23 03:11 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-07-07 18:49 . 2008-06-24 20:19 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\BitTorrent

2009-07-07 15:17 . 2007-11-21 13:09 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-06-30 15:00 . 2008-01-05 11:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-30 15:00 . 2008-09-01 23:19 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-06-29 12:52 . 2009-01-28 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-29 12:52 . 2009-01-28 12:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-29 12:52 . 2009-01-28 12:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-25 19:35 . 2009-04-21 15:24 -------- d-----w- c:\arquivos de programas\Warcraft III

2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2009-06-25 18:57 . 2006-10-15 03:09 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Nokia

2009-06-25 18:47 . 2007-02-09 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2009-06-25 18:47 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2009-06-25 18:39 . 2008-01-05 15:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2009-06-25 17:58 . 2009-06-25 17:58 -------- d-----w- c:\arquivos de programas\LG Electronics

2009-06-25 17:58 . 2006-09-18 15:56 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-22 14:08 . 2009-05-20 02:48 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-21 19:00 . 2009-05-14 21:39 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\MessengerDiscovery 2

2009-06-17 06:28 . 2008-06-23 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-06-16 22:10 . 2009-01-22 12:28 83456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2009-06-15 21:10 . 2006-09-18 16:12 73122 ----a-w- c:\windows\system32\perfc016.dat

2009-06-15 21:10 . 2006-09-18 16:12 442018 ----a-w- c:\windows\system32\perfh016.dat

2009-06-15 18:51 . 2006-09-18 15:47 -------- d-----w- c:\arquivos de programas\Java

2009-06-14 15:44 . 2007-08-10 15:49 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-06-13 23:54 . 2007-11-27 01:03 -------- d-----w- c:\arquivos de programas\KONAMI

2009-06-13 12:23 . 2006-10-25 22:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Image Zone Express

2009-06-12 00:24 . 2006-11-19 12:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-06-11 14:36 . 2007-03-12 19:38 -------- d-----w- c:\arquivos de programas\Positivo

2009-06-07 23:41 . 2009-06-07 23:41 98304 ----a-w- c:\windows\system32CmdLineExt.dll

2009-06-01 18:12 . 2006-10-15 06:01 -------- d-----w- c:\arquivos de programas\eMule

2009-05-30 23:45 . 2009-05-30 23:34 -------- d-----w- c:\arquivos de programas\SWAT 4

2009-05-29 23:57 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Nokia

2009-05-29 23:55 . 2009-05-29 23:55 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe

2009-05-29 23:55 . 2009-05-29 23:55 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe

2009-05-29 23:55 . 2009-05-29 23:55 3181612 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe

2009-05-29 23:55 . 2009-05-29 23:55 24390976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe

2009-05-29 03:11 . 2009-02-27 03:47 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-05-29 03:04 . 2007-12-08 10:07 -------- d-----w- c:\arquivos de programas\TweakNow PowerPack 2006

2009-05-29 03:04 . 2007-12-13 12:39 -------- d-----w- c:\arquivos de programas\Sword of The New World

2009-05-29 03:04 . 2007-12-23 21:10 -------- d-----w- c:\arquivos de programas\Soulseek

2009-05-29 03:04 . 2006-10-22 04:54 -------- d-----w- c:\arquivos de programas\Shareaza

2009-05-29 03:04 . 2007-11-28 19:42 -------- d-----w- c:\arquivos de programas\ONGAME

2009-05-29 03:03 . 2008-05-30 15:56 -------- d-----w- c:\arquivos de programas\eREAD6.0

2009-05-29 03:03 . 2006-11-19 12:59 -------- d-----w- c:\arquivos de programas\DVD Shrink

2009-05-29 03:03 . 2008-08-12 21:45 -------- d-----w- c:\arquivos de programas\DAP

2009-05-29 03:03 . 2008-02-24 21:01 -------- dc----w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-05-29 03:03 . 2006-09-18 16:07 -------- d-----w- c:\arquivos de programas\Ahead

2009-05-29 03:03 . 2009-04-24 17:36 -------- d-----w- c:\arquivos de programas\Call of Duty

2009-05-25 02:42 . 2009-03-12 02:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bassic Technologies

2009-05-22 23:17 . 2009-05-22 23:17 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\www.TheXSoft.com

2009-05-22 06:26 . 2009-05-22 06:26 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-05-14 21:37 . 2009-05-14 21:37 -------- d-----w- c:\arquivos de programas\MessengerDiscovery 2

2009-05-11 15:47 . 2009-05-11 15:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll

2009-05-09 12:07 . 2009-02-27 03:48 -------- d-----w- c:\arquivos de programas\MessengerDiscovery

2009-05-07 15:33 . 2006-09-18 16:11 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2006-09-18 16:12 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2006-09-18 16:11 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-21 15:48 . 2009-04-21 15:31 69981 ----a-w- c:\windows\War3Unin.dat

2009-04-21 15:47 . 2009-04-21 15:31 2829 ----a-w- c:\windows\War3Unin.pif

2009-04-21 15:47 . 2009-04-21 15:31 139264 ----a-w- c:\windows\War3Unin.exe

2009-04-19 19:50 . 2006-09-18 16:12 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2006-09-18 16:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2008-04-17 01:13 . 2008-04-17 01:13 0 -csh--w- c:\windows\S1A39CB36.tmp

2006-05-03 10:06 . 2008-01-21 22:59 163328 -csh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2008-01-21 22:59 31232 -csh--r- c:\windows\system32\msfDX.dll

2007-12-17 13:43 . 2008-01-21 22:59 27648 -csh--w- c:\windows\system32\Smab0.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-14 19:07 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-01-22 3134976]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344]

"Google Update"="c:\documents and settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104]

"LGMobileSyncLauncher"="c:\arquivos de programas\LG PC Suite II\LG_MobileSync_Launcher.exe" [2008-06-11 4169728]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

"bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-18 198160]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-06-15 148888]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-08-27 200704]

 

c:\documents and settings\PC\Menu Iniciar\Programas\Inicializar\

hpqtra08.exe.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2009-06-22 14:08 289768 ----a-w- c:\arquiv~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-29 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Conexão Oi Velox.lnk]

backup=c:\windows\pss\Conexão Oi Velox.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Desconect@ Expert.lnk]

backup=c:\windows\pss\Desconect@ Expert.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk]

backup=c:\windows\pss\MagicDisc.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Idle Professional

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavAV

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\BitTorrent\\bittorrent.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Ares\\Ares.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\eMule\\emule.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Bywifi\\bywifi.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Warcraft III\\Warcraft III.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\DAP\\DAP.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [19/5/2009 23:48 26984]

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [16/10/2006 20:13 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [16/10/2006 20:13 5504]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/1/2009 09:53 327688]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [28/1/2009 09:52 298776]

R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [26/2/2007 10:11 61440]

R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [9/2/2007 11:49 33404]

R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [9/2/2007 11:49 13440]

R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [9/2/2007 11:49 16314]

R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [9/2/2007 11:49 8344]

R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [9/2/2007 11:49 32666]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/9/2008 20:19 53736]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 18:19 13592]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [9/6/2002 23:09 31232]

S2 RPCHE;Remote Procedure Call (RPCE);c:\arquivos de programas\Common Files\Microsoft Shared\Speech\csvd.exe [21/4/2009 12:24 11573248]

S2 sbbotdi;sbbotdi;\??\c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys --> c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys [?]

S3 filter;filter;c:\windows\system32\drivers\filter.sys [5/7/2004 01:20 8832]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [25/6/2009 14:58 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [25/6/2009 14:58 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [25/6/2009 14:58 110464]

S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [25/6/2009 14:58 104448]

S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [25/6/2009 14:58 25344]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [25/6/2009 14:58 100480]

S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [25/6/2009 14:58 109952]

S3 UXDCMN;UXDCMN;\??\c:\sysprep\wst\UXDCMN.SYS --> c:\sysprep\wst\UXDCMN.SYS [?]

S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys --> c:\windows\system32\XDva033.sys [?]

S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys --> c:\windows\system32\XDva038.sys [?]

S3 XDva074;XDva074;\??\c:\windows\system32\XDva074.sys --> c:\windows\system32\XDva074.sys [?]

S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]

S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2009-07-08 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 21:20]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify-WB - (no file)

SafeBoot-sglfb.sys

SafeBoot-tga.sys

 

 

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.orkut.com/

uInternet Connection Wizard,ShellNext = hxxp://www.positivoinformatica.com.br/cadastro.asp

uInternet Settings,ProxyOverride = local

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

TCP: {68D0BEAD-47BF-4FD0-A03E-B087D3238F5D} = 200.149.55.140 200.165.132.147

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-07 22:52

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-3230164199-3094433589-404582642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(936)

c:\arquiv~1\GbPlugin\gbiehabn.dll

 

- - - - - - - > 'explorer.exe'(2564)

c:\arquiv~1\GbPlugin\gbiehabn.dll

c:\arquivos de programas\Windows Media Player\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\a-squared Free\a2service.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\drivers\CDANTSRV.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\UAService7.exe

c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-08 23:05 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-08 02:05

 

Pré-execução: 5.470.928.896 bytes disponíveis

Pós execução: 5.355.679.744 bytes disponíveis

 

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

354 --- E O F --- 2009-07-07 04:55

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:10:22, on 7/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe

C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Bywifi\bywifi.exe

C:\WINDOWS\explorer.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\Documents and Settings\PC\Meus documentos\Programas antivirus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/cadastro.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKfind\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [LGMobileSyncLauncher] C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - Startup: hpqtra08.exe.lnk = C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\ARQUIVOS DE PROGRAMAS\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie2.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{68D0BEAD-47BF-4FD0-A03E-B087D3238F5D}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARQUIVOS DE PROGRAMAS\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

Compartilhar este post


Link para o post
Compartilhar em outros sites

1° Passo a ser seguido é a execução do comboFix através do script abaixo.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

c:\windows\system32\deploytk.dll

c:\windows\S1A39CB36.tmp

c:\windows\system32\XDva020.sys

c:\windows\system32\XDva033.sys

c:\windows\system32\XDva038.sys

c:\windows\system32\XDva074.sys

c:\windows\system32\XDva090.sys

c:\windows\system32\XDva186.sys

c:\windows\system32\XDva189.sys

c:\windows\system32\XDva224.sys

 

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

2° Passo

 

• Vá a este Link,e baixe: < Malwarebytes >

Atualize o programa!

• Escolha o escaneamento Rápido!

Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt, HijackThis e ComboFix na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito todas as etapas acima, segue os logs mbam, HijackThis e ComboFix. obrigado pela ajuda

 

Malwarebytes' Anti-Malware 1.38

Versão do banco de dados: 2394

Windows 5.1.2600 Service Pack 3

 

8/7/2009 17:33:54

mbam-log-2009-07-08 (17-33-54).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 107150

Tempo decorrido: 6 minute(s), 7 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RPCHE (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

_______________________________________

 

Logfile of HijackThis v1.99.1

Scan saved at 19:48:01, on 8/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Bywifi\bywifi.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\ARQUIVOS DE PROGRAMAS\Mozilla Firefox\firefox.exe

C:\ARQUIVOS DE PROGRAMAS\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\MessengerDiscovery 2\MessengerDiscovery 2.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Documents and Settings\PC\Meus documentos\Programas antivirus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/cadastro.asp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKfind\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Arquivos de programas\Bywifi\bywifiie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIVOS DE PROGRAMAS\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\ARQUIVOS DE PROGRAMAS\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bywifi] C:\Arquivos de programas\Bywifi\bywifi.exe "-silent"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [LGMobileSyncLauncher] C:\ARQUIVOS DE PROGRAMAS\LG PC Suite II\LG_MobileSync_Launcher.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\ARQUIVOS DE PROGRAMAS\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - Startup: hpqtra08.exe.lnk = C:\ARQUIVOS DE PROGRAMAS\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Clean Traces - C:\ARQUIVOS DE PROGRAMAS\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\ARQUIVOS DE PROGRAMAS\DAP\dapextie2.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{68D0BEAD-47BF-4FD0-A03E-B087D3238F5D}: NameServer = 200.149.55.140 200.165.132.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\ARQUIVOS DE PROGRAMAS\Ares\chatServer.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe (file missing)

 

 

_____________________________________________________-

 

 

ComboFix 09-07-08.01 - PC 08/07/2009 16:37.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1983.1323 [GMT -3:00]

Executando de: c:\documents and settings\PC\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\PC\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\windows\S1A39CB36.tmp"

"c:\windows\system32\deploytk.dll"

"c:\windows\system32\XDva020.sys"

"c:\windows\system32\XDva033.sys"

"c:\windows\system32\XDva038.sys"

"c:\windows\system32\XDva074.sys"

"c:\windows\system32\XDva090.sys"

"c:\windows\system32\XDva186.sys"

"c:\windows\system32\XDva189.sys"

"c:\windows\system32\XDva224.sys"

.

ADS - drivers: deleted 208 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\S1A39CB36.tmp

c:\windows\system32\deploytk.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))

.

 

2009-07-07 15:25 . 2009-07-07 15:25 -------- d-----w- c:\arquivos de programas\Vstplugins

2009-07-07 15:24 . 2009-07-07 15:27 -------- d-----w- c:\arquivos de programas\Sony

2009-07-06 11:45 . 2009-07-08 01:57 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\Updates\Condition.dll

2009-06-30 00:21 . 2009-06-14 19:07 1004800 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar\IEToolbar.dll

2009-06-29 12:53 . 2009-06-29 12:52 832144 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Avg8\update\backup\AVGToolbarInstall.exe

2009-06-29 12:52 . 2009-06-30 00:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar

2009-06-29 12:52 . 2009-06-29 12:52 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\AVGTOOLBAR

2009-06-26 00:49 . 2009-06-26 00:58 -------- d-----w- C:\LBA

2009-06-25 19:51 . 2005-06-23 17:51 225280 ----a-w- c:\windows\system\SDL.dll

2009-06-25 18:46 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2009-06-25 18:46 . 2009-06-25 18:46 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-06-25 18:44 . 2009-02-09 11:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2009-06-25 18:44 . 2009-02-09 11:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2009-06-25 18:44 . 2009-02-09 11:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll

2009-06-25 18:44 . 2009-02-09 11:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2009-06-25 18:44 . 2009-02-09 11:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

2009-06-25 18:41 . 2009-06-25 18:39 33781176 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_por_br.exe

2009-06-25 18:40 . 2009-06-25 18:40 95232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe

2009-06-25 18:40 . 2009-06-25 18:40 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe

2009-06-25 18:40 . 2009-06-25 18:40 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-06-25 18:40 . 2009-06-25 18:40 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe

2009-06-25 17:50 . 2007-11-08 19:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll

2009-06-25 17:50 . 2009-07-07 16:22 -------- d-----w- c:\arquivos de programas\LG PC Suite II

2009-06-25 17:50 . 2009-06-25 17:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\LG Electronics

2009-06-25 17:48 . 2009-06-25 17:48 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\InstallShield

2009-06-18 23:07 . 2009-06-18 19:12 51200 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\FFExternalAlert.dll

2009-06-18 23:07 . 2009-06-18 19:12 114688 ----a-w- c:\documents and settings\PC\Dados de aplicativos\Mozilla\Firefox\Profiles\cp4u944f.default\extensions\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}\components\npmozax.dll

2009-06-15 21:55 . 2009-06-15 21:55 -------- d-----w- c:\windows\Logs

2009-06-15 18:31 . 2009-06-15 18:47 -------- d-----w- c:\documents and settings\PC\.jSMS

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-08 15:11 . 2008-08-13 00:12 -------- d-----w- c:\arquivos de programas\SpeedBit Video Accelerator

2009-07-08 15:11 . 2008-01-19 12:58 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-07-08 01:59 . 2009-03-17 02:44 -------- d-----w- c:\arquivos de programas\Bywifi

2009-07-07 21:15 . 2008-01-23 03:11 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-07-07 18:49 . 2008-06-24 20:19 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\BitTorrent

2009-07-07 15:17 . 2007-11-21 13:09 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-06-30 15:00 . 2008-01-05 11:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-06-30 15:00 . 2008-09-01 23:19 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-06-29 12:52 . 2009-01-28 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-06-29 12:52 . 2009-01-28 12:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-06-29 12:52 . 2009-01-28 12:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-25 19:35 . 2009-04-21 15:24 -------- d-----w- c:\arquivos de programas\Warcraft III

2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-06-25 18:59 . 2009-06-25 18:59 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2009-06-25 18:57 . 2006-10-15 03:09 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Nokia

2009-06-25 18:47 . 2007-02-09 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PCSuite

2009-06-25 18:47 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nokia

2009-06-25 18:39 . 2008-01-05 15:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2009-06-25 17:58 . 2009-06-25 17:58 -------- d-----w- c:\arquivos de programas\LG Electronics

2009-06-25 17:58 . 2006-09-18 15:56 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-06-22 14:08 . 2009-05-20 02:48 26984 ----a-w- c:\windows\system32\drivers\GbpKm.sys

2009-06-21 19:00 . 2009-05-14 21:39 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\MessengerDiscovery 2

2009-06-17 06:28 . 2008-06-23 18:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-06-16 22:10 . 2009-01-22 12:28 83456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll

2009-06-15 21:10 . 2006-09-18 16:12 73122 ----a-w- c:\windows\system32\perfc016.dat

2009-06-15 21:10 . 2006-09-18 16:12 442018 ----a-w- c:\windows\system32\perfh016.dat

2009-06-15 18:51 . 2006-09-18 15:47 -------- d-----w- c:\arquivos de programas\Java

2009-06-14 15:44 . 2007-08-10 15:49 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-06-13 23:54 . 2007-11-27 01:03 -------- d-----w- c:\arquivos de programas\KONAMI

2009-06-13 12:23 . 2006-10-25 22:50 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\Image Zone Express

2009-06-12 00:24 . 2006-11-19 12:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-06-11 14:36 . 2007-03-12 19:38 -------- d-----w- c:\arquivos de programas\Positivo

2009-06-07 23:41 . 2009-06-07 23:41 98304 ----a-w- c:\windows\system32CmdLineExt.dll

2009-06-01 18:12 . 2006-10-15 06:01 -------- d-----w- c:\arquivos de programas\eMule

2009-05-30 23:45 . 2009-05-30 23:34 -------- d-----w- c:\arquivos de programas\SWAT 4

2009-05-29 23:57 . 2007-02-09 14:49 -------- d-----w- c:\arquivos de programas\Nokia

2009-05-29 23:55 . 2009-05-29 23:55 3351812 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe

2009-05-29 23:55 . 2009-05-29 23:55 36864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe

2009-05-29 23:55 . 2009-05-29 23:55 3181612 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe

2009-05-29 23:55 . 2009-05-29 23:55 24390976 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_1.6.13PT_BR.exe

2009-05-29 03:11 . 2009-02-27 03:47 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-05-29 03:04 . 2007-12-08 10:07 -------- d-----w- c:\arquivos de programas\TweakNow PowerPack 2006

2009-05-29 03:04 . 2007-12-13 12:39 -------- d-----w- c:\arquivos de programas\Sword of The New World

2009-05-29 03:04 . 2007-12-23 21:10 -------- d-----w- c:\arquivos de programas\Soulseek

2009-05-29 03:04 . 2006-10-22 04:54 -------- d-----w- c:\arquivos de programas\Shareaza

2009-05-29 03:04 . 2007-11-28 19:42 -------- d-----w- c:\arquivos de programas\ONGAME

2009-05-29 03:03 . 2008-05-30 15:56 -------- d-----w- c:\arquivos de programas\eREAD6.0

2009-05-29 03:03 . 2006-11-19 12:59 -------- d-----w- c:\arquivos de programas\DVD Shrink

2009-05-29 03:03 . 2008-08-12 21:45 -------- d-----w- c:\arquivos de programas\DAP

2009-05-29 03:03 . 2008-02-24 21:01 -------- dc----w- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2009-05-29 03:03 . 2006-09-18 16:07 -------- d-----w- c:\arquivos de programas\Ahead

2009-05-29 03:03 . 2009-04-24 17:36 -------- d-----w- c:\arquivos de programas\Call of Duty

2009-05-25 02:42 . 2009-03-12 02:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Bassic Technologies

2009-05-22 23:17 . 2009-05-22 23:17 -------- d-----w- c:\documents and settings\PC\Dados de aplicativos\www.TheXSoft.com

2009-05-22 06:26 . 2009-05-22 06:26 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-05-14 21:37 . 2009-05-14 21:37 -------- d-----w- c:\arquivos de programas\MessengerDiscovery 2

2009-05-11 15:47 . 2009-05-11 15:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll

2009-05-07 15:33 . 2006-09-18 16:11 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:45 . 2006-09-18 16:12 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:45 . 2006-09-18 16:11 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-21 15:48 . 2009-04-21 15:31 69981 ----a-w- c:\windows\War3Unin.dat

2009-04-21 15:47 . 2009-04-21 15:31 2829 ----a-w- c:\windows\War3Unin.pif

2009-04-21 15:47 . 2009-04-21 15:31 139264 ----a-w- c:\windows\War3Unin.exe

2009-04-19 19:50 . 2006-09-18 16:12 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2006-09-18 16:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2006-05-03 10:06 . 2008-01-21 22:59 163328 -csh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 . 2008-01-21 22:59 31232 -csh--r- c:\windows\system32\msfDX.dll

2007-12-17 13:43 . 2008-01-21 22:59 27648 -csh--w- c:\windows\system32\Smab0.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-08_01.52.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-08 15:11 . 2009-07-08 15:11 16384 c:\windows\Temp\Perflib_Perfdata_6dc.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-14 19:07 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2009-01-22 3134976]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344]

"Google Update"="c:\documents and settings\PC\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-10-02 133104]

"LGMobileSyncLauncher"="c:\arquivos de programas\LG PC Suite II\LG_MobileSync_Launcher.exe" [2008-06-11 4169728]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-12 1414144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]

"bywifi"="c:\arquivos de programas\Bywifi\bywifi.exe" [2009-07-05 1081344]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-04-18 198160]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-06-15 148888]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-08-27 200704]

 

c:\documents and settings\PC\Menu Iniciar\Programas\Inicializar\

hpqtra08.exe.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoResolveTrack"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"= "c:\arquiv~1\GbPlugin\gbiehabn.dll" [2009-06-22 289768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2009-06-22 14:08 289768 ----a-w- c:\arquiv~1\GbPlugin\gbiehabn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-29 12:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Desktop Search.lnk]

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

backup=c:\windows\pss\Adobe Gamma.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Conexão Oi Velox.lnk]

backup=c:\windows\pss\Conexão Oi Velox.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^Desconect@ Expert.lnk]

backup=c:\windows\pss\Desconect@ Expert.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk]

backup=c:\windows\pss\MagicDisc.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^PC^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\BitTorrent\\bittorrent.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Ares\\Ares.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\eMule\\emule.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Bywifi\\bywifi.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Warcraft III\\Warcraft III.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\DAP\\DAP.exe"=

"c:\\ARQUIVOS DE PROGRAMAS\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [19/5/2009 23:48 26984]

R0 xmasbus;xmasbus;c:\windows\system32\drivers\xmasbus.sys [16/10/2006 20:13 140800]

R0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys [16/10/2006 20:13 5504]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/1/2009 09:53 327688]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [28/1/2009 09:52 298776]

R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [26/2/2007 10:11 61440]

R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [9/2/2007 11:49 33404]

R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [9/2/2007 11:49 13440]

R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [9/2/2007 11:49 16314]

R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [9/2/2007 11:49 8344]

R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [9/2/2007 11:49 32666]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/9/2008 20:19 53736]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe -start -scm [?]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 18:19 13592]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [9/6/2002 23:09 31232]

S2 RPCHE;Remote Procedure Call (RPCE);c:\arquivos de programas\Common Files\Microsoft Shared\Speech\csvd.exe [21/4/2009 12:24 11573248]

S2 sbbotdi;sbbotdi;\??\c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys --> c:\arquiv~1\SpeedBit Video Accelerator\sbbotdi.sys [?]

S3 filter;filter;c:\windows\system32\drivers\filter.sys [5/7/2004 01:20 8832]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [25/6/2009 14:58 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [25/6/2009 14:58 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [25/6/2009 14:58 110464]

S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [25/6/2009 14:58 104448]

S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [25/6/2009 14:58 25344]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [25/6/2009 14:58 100480]

S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [25/6/2009 14:58 109952]

S3 UXDCMN;UXDCMN;\??\c:\sysprep\wst\UXDCMN.SYS --> c:\sysprep\wst\UXDCMN.SYS [?]

S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys --> c:\windows\system32\XDva033.sys [?]

S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys --> c:\windows\system32\XDva038.sys [?]

S3 XDva074;XDva074;\??\c:\windows\system32\XDva074.sys --> c:\windows\system32\XDva074.sys [?]

S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]

S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2009-07-08 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 21:20]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.orkut.com/

uInternet Connection Wizard,ShellNext = hxxp://www.positivoinformatica.com.br/cadastro.asp

uInternet Settings,ProxyOverride = local

IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm

IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm

TCP: {68D0BEAD-47BF-4FD0-A03E-B087D3238F5D} = 200.149.55.140 200.165.132.147

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-08 16:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-3230164199-3094433589-404582642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

@SACL=

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(940)

c:\arquiv~1\GbPlugin\gbiehabn.dll

.

Tempo para conclusão: 2009-07-08 16:47

ComboFix-quarantined-files.txt 2009-07-08 19:47

ComboFix2.txt 2009-07-08 02:05

 

Pré-execução: 5.294.559.232 bytes disponíveis

Pós execução: 5.276.389.376 bytes disponíveis

 

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

296 --- E O F --- 2009-07-07 04:55

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em Clipboard01-1.jpg

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

kosjn0.gif

 

poste o log do scan aqui mesmo no tópico

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai esta o log do scan:

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Friday, July 10, 2009

Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Thursday, July 09, 2009 19:50:46

Records in database: 2451499

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

 

Scan statistics:

Files scanned: 193207

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 09:27:47

 

 

File name / Threat name / Threats count

C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1

 

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log estar limpo :)

 

Vá em Iniciar > Executar e digite "combofix /u" sem aspas como mostra a imagem abaixo:

 

combou.jpg

 

Aguarde a desinstalação do programa combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.