[Resolvido!] MIcro estranho

[hanah 0]

Há mais de um mês o micro vem apresentando uns sintomas estranhos. Quando clico na IE abre mais de uma vez,quando clico em um site as vezes abre outro ou abre e fecha varias vezes, quando vou fechar um site fecha varios outros que estou usando, como aconteceu agora e tive que postar de novo! Além de está lento e também dá umas travadas. Tentei fazer Restauração do Sistema onde deu certo na primeira vez, mas como tentei restaurar em seguida pra uma data anterior,deu a informação de que a Restauração não tinha sido completada,depois disso não conseguir mais,desfiz a primeira e sempre que ligo o micro aparece uma janela com a informação (an ansupported operation was attempte).Já desativei e ativei a restauração e nada! Agora não volta nem os meses e datas pra escolher um ponto de restauração.

Já passei antivirus (agora o Avira),antispyware, CCleaner, MV RegCleaner, Malwarebytes Anti-Malware (que detectou 14 obj infectados enviados pra quarentena)com isso o Avira detectou 4 infecçõs q foram mandadas também pra quarentena, ComboFix, Kaspersky Removal Tool. Após o Malwarebytes não foi detectado mais nada de vírus, mas o micro continua do mesmo jeito! Será que vou ter que formatar?

Agradeço a atenção!

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:32:36, on 18/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\PESSOAL\Meus documentos\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe

[jgarcia 1]

Opa hanah,

 

Poste o log do ComboFix.

 

Abraços.

[hanah 0]

Opa hanah,

 

Poste o log do ComboFix.

 

Abraços.

[hanah 0]

Passei o ComboFix apos o Malwarebytes,aí vai o log:

 

 

ComboFix 09-07-14.08 - PESSOAL 15/07/2009 20:51.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.655 [GMT -3:00]

Executando de: c:\documents and settings\PESSOAL\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\100e1b.msp

c:\windows\Installer\100e1f.msp

c:\windows\Installer\2b4ee.msp

c:\windows\Installer\2b4f2.msp

c:\windows\Installer\2b4f6.msp

c:\windows\Installer\4c6947.msp

c:\windows\Installer\b31a67.msi

c:\windows\system32\AutoRun.inf

c:\windows\system32\Prefetchxs

c:\windows\system32\Prefetchxs\bandasouldoghetto2@hotmail.com

c:\windows\system32\Prefetchxs\dri_card@yahoo.com.br

c:\windows\system32\Prefetchxs\fashi.amint@gmail.com

c:\windows\system32\Prefetchxs\luciana_santoscard@hotmail.com

c:\windows\system32\Prefetchxs\paula.ufpe@hotmail.com

c:\windows\system32\Prefetchxs\toninhoolodum

c:\windows\system32\Prefetchxs\uid=10679832580636741220

c:\windows\system32\Prefetchxs\uid=10927616576801713134

c:\windows\system32\Prefetchxs\uid=10967132778198289171

c:\windows\system32\Prefetchxs\uid=11048902476419428187

c:\windows\system32\Prefetchxs\uid=1142420208158058615

c:\windows\system32\Prefetchxs\uid=11674897352555166147

c:\windows\system32\Prefetchxs\uid=11850153784090252434

c:\windows\system32\Prefetchxs\uid=12238114282886943720

c:\windows\system32\Prefetchxs\uid=12280337421963902597

c:\windows\system32\Prefetchxs\uid=1328073293012303488

c:\windows\system32\Prefetchxs\uid=13464177219910612897

c:\windows\system32\Prefetchxs\uid=13485108702241006492

c:\windows\system32\Prefetchxs\uid=13578099259492973272

c:\windows\system32\Prefetchxs\uid=13777022112848520999

c:\windows\system32\Prefetchxs\uid=13923704469191375116

c:\windows\system32\Prefetchxs\uid=13928272378301329850

c:\windows\system32\Prefetchxs\uid=14128349641728472351

c:\windows\system32\Prefetchxs\uid=1415570726509339614

c:\windows\system32\Prefetchxs\uid=141685310189570986

c:\windows\system32\Prefetchxs\uid=14283058951348670629

c:\windows\system32\Prefetchxs\uid=14423849403227110143

c:\windows\system32\Prefetchxs\uid=14751486113182275386

c:\windows\system32\Prefetchxs\uid=1488815517577712741

c:\windows\system32\Prefetchxs\uid=14964894082567593108

c:\windows\system32\Prefetchxs\uid=15448435197845366675

c:\windows\system32\Prefetchxs\uid=15694918437928818817

c:\windows\system32\Prefetchxs\uid=15761905846967789979

c:\windows\system32\Prefetchxs\uid=15885983062090610117

c:\windows\system32\Prefetchxs\uid=15923381616139035666

c:\windows\system32\Prefetchxs\uid=16060766673666014208

c:\windows\system32\Prefetchxs\uid=16081778442138410601

c:\windows\system32\Prefetchxs\uid=1624021439503106680

c:\windows\system32\Prefetchxs\uid=16367735134131155931

c:\windows\system32\Prefetchxs\uid=16410051992360965353

c:\windows\system32\Prefetchxs\uid=16823743788352678955

c:\windows\system32\Prefetchxs\uid=17116613574030473493

c:\windows\system32\Prefetchxs\uid=17156437964098033985

c:\windows\system32\Prefetchxs\uid=17157710108082146990

c:\windows\system32\Prefetchxs\uid=17176791614356912580

c:\windows\system32\Prefetchxs\uid=17438354418361314240

c:\windows\system32\Prefetchxs\uid=17729923203297868074

c:\windows\system32\Prefetchxs\uid=17942743879279759359

c:\windows\system32\Prefetchxs\uid=17954191863854365597

c:\windows\system32\Prefetchxs\uid=18030404729815448730

c:\windows\system32\Prefetchxs\uid=2060106617715926186

c:\windows\system32\Prefetchxs\uid=2128155776427407866

c:\windows\system32\Prefetchxs\uid=2474725721262442844

c:\windows\system32\Prefetchxs\uid=2844432896120804248

c:\windows\system32\Prefetchxs\uid=3140459874036391583

c:\windows\system32\Prefetchxs\uid=3279733039677704517

c:\windows\system32\Prefetchxs\uid=3306829314661347937

c:\windows\system32\Prefetchxs\uid=3568810179542853581

c:\windows\system32\Prefetchxs\uid=3744366729319147775

c:\windows\system32\Prefetchxs\uid=3805380566523333352

c:\windows\system32\Prefetchxs\uid=4139746508139406247

c:\windows\system32\Prefetchxs\uid=4244696561163922489

c:\windows\system32\Prefetchxs\uid=4680293599346741289

c:\windows\system32\Prefetchxs\uid=4799991980315442748

c:\windows\system32\Prefetchxs\uid=4881535898465974038

c:\windows\system32\Prefetchxs\uid=489849182913727093

c:\windows\system32\Prefetchxs\uid=5266207742186950447

c:\windows\system32\Prefetchxs\uid=5385101075344995941

c:\windows\system32\Prefetchxs\uid=5554314753648559553

c:\windows\system32\Prefetchxs\uid=5718023149181907186

c:\windows\system32\Prefetchxs\uid=5757604830722573551

c:\windows\system32\Prefetchxs\uid=6037225099814315814

c:\windows\system32\Prefetchxs\uid=6203545570645890183

c:\windows\system32\Prefetchxs\uid=6335236983402196376

c:\windows\system32\Prefetchxs\uid=639943330839296837

c:\windows\system32\Prefetchxs\uid=641745365503153305

c:\windows\system32\Prefetchxs\uid=6516005330102073153

c:\windows\system32\Prefetchxs\uid=6789295816574705485

c:\windows\system32\Prefetchxs\uid=737667548759169978

c:\windows\system32\Prefetchxs\uid=7526325856359735876

c:\windows\system32\Prefetchxs\uid=7553956261597646382

c:\windows\system32\Prefetchxs\uid=7697976924229513692

c:\windows\system32\Prefetchxs\uid=7776519713284640561

c:\windows\system32\Prefetchxs\uid=7789193936352252685

c:\windows\system32\Prefetchxs\uid=8199205274737826440

c:\windows\system32\Prefetchxs\uid=8223999366097015620

c:\windows\system32\Prefetchxs\uid=8291363777214520982

c:\windows\system32\Prefetchxs\uid=8473980637995362275

c:\windows\system32\Prefetchxs\uid=8562032400019862023

c:\windows\system32\Prefetchxs\uid=8644596802152029487

c:\windows\system32\Prefetchxs\uid=9069806824722772790

c:\windows\system32\Prefetchxs\uid=9117539128637488672

c:\windows\system32\Prefetchxs\uid=9765072274731384933

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))

.

 

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\docume~1\PESSOAL\DADOSD~1\Malwarebytes

2009-07-13 22:59 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-13 22:59 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-08 02:28 . 2009-07-08 02:28 -------- d-----w- c:\arquivos de programas\CCleaner

2009-07-06 01:20 . 2009-07-06 01:20 -------- d-----w- c:\docume~1\PESSOAL\DADOSD~1\Yahoo!

2009-07-06 01:19 . 2009-07-06 01:19 -------- d-----w- C:\f0c0c532e21a9c32d5

2009-07-05 14:50 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-05 14:50 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-05 14:50 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-05 14:50 . 2009-07-06 01:20 -------- d-----w- c:\arquivos de programas\Avira

2009-07-05 12:06 . 2009-07-05 12:06 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-05 04:58 . 2009-07-05 05:00 170131 ----a-w- c:\windows\hpqins00.dat

2009-07-05 01:45 . 2009-07-06 01:20 -------- d-----w- c:\arquivos de programas\ESET

2009-07-04 01:24 . 2009-07-04 01:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo!

2009-07-03 22:10 . 2009-07-08 21:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-03 22:10 . 2009-07-06 01:15 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-07-03 20:09 . 2009-07-03 20:09 -------- d-sh--w- c:\documents and settings\PESSOAL\IECompatCache

2009-06-30 04:15 . 2009-06-30 04:15 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-06 01:20 . 2009-02-08 03:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-06 01:18 . 2008-12-29 22:33 -------- d-----w- c:\arquivos de programas\SereneScreen

2009-07-04 01:25 . 2008-12-17 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-07-04 01:24 . 2008-12-16 23:53 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-06-18 20:39 . 2008-10-25 20:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-10 22:58 . 2008-04-14 12:00 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-06-10 22:58 . 2008-04-14 12:00 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\arquivos de programas\MSBuild

2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-06-03 19:10 . 2008-04-14 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-05-17 15:41 . 2008-09-24 20:02 -------- d-----w- c:\docume~1\PESSOAL\DADOSD~1\Ahead

2009-05-14 18:49 . 2009-05-14 18:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2009-05-14 18:47 . 2009-05-14 18:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2009-05-14 18:41 . 2009-05-14 18:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys

2009-05-13 05:03 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2008-04-14 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-19 19:50 . 2008-04-14 12:00 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-03-29 10:47 . 2008-12-27 12:04 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 210520]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\PESSOAL\\Desktop\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [5/7/2009 11:50 108289]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-15 c:\windows\Tasks\User_Feed_Synchronization-{321242C9-02ED-41AB-82F2-C9285E06EE17}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6} = 200.223.0.83 200.223.0.84

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-15 20:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-07-15 20:57

ComboFix-quarantined-files.txt 2009-07-15 23:57

 

Pré-execução: 8 pasta(s) 15.688.552.448 bytes disponíveis

Pós execução: 8 pasta(s) 15.848.361.984 bytes disponíveis

 

232 --- E O F --- 2009-07-15 23:33

[jgarcia 1]

Opa hanah,

 

1. Baixe o BankerFix 3.0.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM.

 

4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado.

 

5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos.

 

6. Terminado o scan, leia a mensagem na tela e aperte Enter.

 

7. Habilite o seu anti-vírus.

 

8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

 

PS.: Caso apareça a seguinte mensagem: Site denunciado como foco de ataques!, não se preocupe e clique sobre Ignorar este alerta.

[hanah 0]

Olá!

Parece que ja detectou de novo arquivo infectado e quando passei o ComboFix e Kaspersky parecia está limpo,como pode? Aí vai...

 

 

-------------------------------------------------------

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-07-22 - 11:12

-------------------------------------------------------

Lista de Definição: 2009-06-26-1 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\system32\errox32.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\imagens.zip

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\twumk.exe

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

[hanah 0]

Oi, Pessoal!

Estou precisando de ajuda, alguém pode responder meu post?

[jgarcia 1]

Opa hanah,

 

Primeiramente, desculpe a imensa demora, pois passei por problemas no trabalho e de saúde, os quais impediram o meu acesso ao fórum.

 

Bem, poste um novo log do ComboFix, a fim de que eu possa analisar a atual situação do micro.

 

Abraços.

[hanah 0]

Olá, JGarcia!

 

Aí vai o log do ComboFix...

 

 

ComboFix 09-08-01.06 - PESSOAL 01/08/2009 21:51.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.648 [GMT -3:00]

Executando de: c:\documents and settings\PESSOAL\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\1090f97.msp

c:\windows\Installer\194e820.msp

c:\windows\Installer\19f6d6d.msp

c:\windows\Installer\1b0461.msp

c:\windows\Installer\1b0dba5.msp

c:\windows\Installer\1bd04c.msp

c:\windows\Installer\1d898.msp

c:\windows\Installer\1dbc4.msp

c:\windows\Installer\1df2f.msp

c:\windows\Installer\1e4ec.msp

c:\windows\Installer\20d17d.msp

c:\windows\Installer\215c67.msp

c:\windows\Installer\244670.msp

c:\windows\Installer\29ebcf.msp

c:\windows\Installer\2ac43.msp

c:\windows\Installer\2d7a36.msp

c:\windows\Installer\32e01b.msp

c:\windows\Installer\3590c4.msp

c:\windows\Installer\3f370b.msp

c:\windows\Installer\46628.msp

c:\windows\Installer\49a8cf.msp

c:\windows\Installer\4a0353.msp

c:\windows\Installer\4af5f1.msp

c:\windows\Installer\4bab56.msp

c:\windows\Installer\4d425.msp

c:\windows\Installer\4dab4d.msp

c:\windows\Installer\4ff7dc.msp

c:\windows\Installer\509fa.msp

c:\windows\Installer\50e77c.msp

c:\windows\Installer\51e499.msp

c:\windows\Installer\530069.msp

c:\windows\Installer\54143b.msp

c:\windows\Installer\54ca8b.msp

c:\windows\Installer\58aba5.msp

c:\windows\Installer\5a6ec1.msp

c:\windows\Installer\69c758.msp

c:\windows\Installer\721bab.msp

c:\windows\Installer\730ba9.msp

c:\windows\Installer\77e24e.msp

c:\windows\Installer\80eeb6.msp

c:\windows\Installer\96a53f.msp

c:\windows\Installer\96eda2.msp

c:\windows\Installer\9b1a9a.msp

c:\windows\Installer\9c0086.msp

c:\windows\Installer\9c143c.msp

c:\windows\Installer\9f7e00.msp

c:\windows\Installer\afb9b7.msp

c:\windows\Installer\be35e8.msp

c:\windows\Installer\beac9f.msp

c:\windows\Installer\d432a1.msp

c:\windows\Installer\f6cbfe.msp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-02 to 2009-08-02 ))))))))))))))))))))))))))))

.

 

2009-07-17 05:03 . 2009-07-17 23:24 13205536 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-16 15:22 . 2008-04-13 14:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2009-07-16 15:22 . 2008-04-13 14:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\PESSOAL\Dados de aplicativos\Malwarebytes

2009-07-13 22:59 . 2009-07-13 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-13 22:59 . 2009-07-13 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-08 02:28 . 2009-07-08 02:28 -------- d-----w- c:\arquivos de programas\CCleaner

2009-07-06 01:20 . 2009-07-06 01:20 -------- d-----w- c:\documents and settings\PESSOAL\Dados de aplicativos\Yahoo!

2009-07-06 01:19 . 2009-07-06 01:19 -------- d-----w- C:\f0c0c532e21a9c32d5

2009-07-05 14:50 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-05 14:50 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-05 14:50 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-05 14:50 . 2009-07-06 01:20 -------- d-----w- c:\arquivos de programas\Avira

2009-07-05 12:06 . 2009-07-05 12:06 -------- d-----w- c:\windows\system32\wbem\Repository

2009-07-05 04:58 . 2009-07-05 05:00 170131 ----a-w- c:\windows\hpqins00.dat

2009-07-05 01:45 . 2009-07-06 01:20 -------- d-----w- c:\arquivos de programas\ESET

2009-07-04 01:24 . 2009-07-04 01:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo!

2009-07-03 22:10 . 2009-07-31 19:46 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-07-03 22:10 . 2009-07-17 23:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-03 20:09 . 2009-07-03 20:09 -------- d-sh--w- c:\documents and settings\PESSOAL\IECompatCache

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-17 23:24 . 2009-07-17 05:03 155828 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-06 01:20 . 2009-02-08 03:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-06 01:18 . 2008-12-29 22:33 -------- d-----w- c:\arquivos de programas\SereneScreen

2009-07-04 01:25 . 2008-12-17 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-07-04 01:24 . 2008-12-16 23:53 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-07-03 16:59 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-30 04:15 . 2009-06-30 04:15 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-06-18 20:39 . 2008-10-25 20:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-10 22:58 . 2008-04-14 12:00 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-06-10 22:58 . 2008-04-14 12:00 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\arquivos de programas\MSBuild

2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-06-03 19:10 . 2008-04-14 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-05-14 18:49 . 2009-05-14 18:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2009-05-14 18:47 . 2009-05-14 18:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2009-05-14 18:41 . 2009-05-14 18:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys

2009-05-07 15:33 . 2008-04-14 12:00 347136 ----a-w- c:\windows\system32\localspl.dll

2009-03-29 10:47 . 2008-12-27 12:04 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 210520]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\PESSOAL\\Desktop\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3004:UDP"= 3004:UDP:Windows Media Format SDK (iexplore.exe)

"3005:UDP"= 3005:UDP:Windows Media Format SDK (iexplore.exe)

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [5/7/2009 11:50 108289]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-01 c:\windows\Tasks\User_Feed_Synchronization-{321242C9-02ED-41AB-82F2-C9285E06EE17}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6} = 200.223.0.83 200.223.0.84

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-01 21:54

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-08-02 21:56

ComboFix-quarantined-files.txt 2009-08-02 00:56

ComboFix2.txt 2009-07-15 23:57

 

Pré-execução: 5.714.837.504 bytes disponíveis

Pós execução: 5.871.316.992 bytes disponíveis

 

187 --- E O F --- 2009-08-01 15:40

[jgarcia 1]

Opa hanah,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

RegNull::

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

Registry::

[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

 

2. Salve o arquivo como CFScript.txt;

 

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

 

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[hanah 0]

Olá, Jgarcia!

Tive que instalar o ComboFix novamente porque eu ja tinha desinstalado e tive que tentar o processo passado acima mais de uma vez pois informava erro no arquivo CF Script.txt.

Eu copiei e colei direto da resposta do seu post, fiquei na duvida se era pra fazer assim ou ir no log do ComboFix no Dico Local (C:)

Espero que esteja certo!

 

ComboFix 09-08-07.04 - PESSOAL 07/08/2009 19:08.4.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.622 [GMT -3:00]

Executando de: c:\documents and settings\PESSOAL\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\PESSOAL\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\13d0ebf.msp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-07 to 2009-08-07 ))))))))))))))))))))))))))))

.

 

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\PESSOAL\Dados de aplicativos\Malwarebytes

2009-07-13 22:59 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 22:59 . 2009-08-06 00:11 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-07-13 22:59 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-06 01:09 . 2009-05-16 18:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-06 00:09 . 2009-08-06 00:09 3942048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-07-31 19:46 . 2009-07-03 22:10 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-07-17 23:33 . 2009-07-03 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-17 23:24 . 2009-07-17 05:03 155828 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-17 23:24 . 2009-07-17 05:03 13205536 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-08 02:28 . 2009-07-08 02:28 -------- d-----w- c:\arquivos de programas\CCleaner

2009-07-06 01:20 . 2009-07-05 14:50 -------- d-----w- c:\arquivos de programas\Avira

2009-07-06 01:20 . 2009-02-08 03:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-06 01:20 . 2009-07-06 01:20 -------- d-----w- c:\documents and settings\PESSOAL\Dados de aplicativos\Yahoo!

2009-07-06 01:20 . 2009-07-05 01:45 -------- d-----w- c:\arquivos de programas\ESET

2009-07-06 01:18 . 2008-12-29 22:33 -------- d-----w- c:\arquivos de programas\SereneScreen

2009-07-05 05:00 . 2009-07-05 04:58 170131 ----a-w- c:\windows\hpqins00.dat

2009-07-04 01:25 . 2008-12-17 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-07-04 01:24 . 2009-07-04 01:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo!

2009-07-04 01:24 . 2008-12-16 23:53 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-07-03 16:59 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-30 04:15 . 2009-06-30 04:15 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-06-18 20:39 . 2008-10-25 20:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-10 22:58 . 2008-04-14 12:00 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-06-10 22:58 . 2008-04-14 12:00 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\arquivos de programas\MSBuild

2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-06-03 19:10 . 2008-04-14 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-05-14 18:49 . 2009-05-14 18:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2009-05-14 18:47 . 2009-05-14 18:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2009-05-14 18:41 . 2009-05-14 18:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys

2009-03-29 10:47 . 2008-12-27 12:04 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 210520]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\PESSOAL\\Desktop\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3004:UDP"= 3004:UDP:Windows Media Format SDK (iexplore.exe)

"3005:UDP"= 3005:UDP:Windows Media Format SDK (iexplore.exe)

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [5/7/2009 11:50 108289]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{321242C9-02ED-41AB-82F2-C9285E06EE17}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6} = 200.223.0.83 200.223.0.84

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-07 19:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-08-07 19:12

ComboFix-quarantined-files.txt 2009-08-07 22:12

ComboFix2.txt 2009-08-07 21:47

ComboFix3.txt 2009-08-02 00:56

 

Pré-execução: 6.714.671.104 bytes disponíveis

Pós execução: 6.661.746.688 bytes disponíveis

 

131 --- E O F --- 2009-08-07 22:02

 

 

 

E o log do hijackthis:

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:17:48, on 7/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\PESSOAL\Meus documentos\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6}: NameServer = 200.223.0.83 200.223.0.84

O17 - HKLM\System\CS1\Services\Tcpip\..\{277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6}: NameServer = 200.223.0.83 200.223.0.84

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Arquivos de programas\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Arquivos de programas\Yahoo!\SoftwareUpdate\YahooAUService.exe

[jgarcia 1]

Opa hanah,

 

1. Baixe o Kaspersky Virus Removal Tool.

 

2. O arquivo possui 39 Mb, mas o resultado compensará o trabalho.

 

3. Reinicie a máquina em Modo Seguro >> Se não conseguir utilize a ferramenta SafeBootKeyRepair para reparar a chave SafeBoot.

 

4. Execute a ferramenta dando duplo-clique sobre o arquivo baixado.

 

5. Abrir-se-á a seguinte janela:

 

6. Marque os diretórios que deseja varrer (é melhor marcar todos).

 

7. Clique em Scan e aguarde o término do processo.

 

8. Terminada a varredura, retorne com o resultado.

 

Abraços.

[hanah 0]

Ola, Jgarcia!

 

Quando clico no IE está abrindo mais de uma pagina de novo. Entrei no site da Microsoft e ao abrir mudou pra outro site por vontade propria.

Não conseguir enviar o log do Kaspersky, imagino que seja por ser muito extenso. O que faço?

[jgarcia 1]

Opa hanah,

 

Desculpe a imensa demora... :(

 

Bem, poste um novo log do ComboFix, a fim de que eu possa analisar se ainda há problemas em seu PC.

 

Abraços.

[hanah 0]

Olá!!!

 

Quando eu passo o ComboFix informa que não tenho instalado o console de recuperação e perunta se quero baixar mas como não sei do que se trata ignoro e não instalo, será que tem algum problema?

 

Outra coisa que vem aparecendo também desde que fiz duas restaurações de sistema, onde desfiz a primeira pra mudar de data, quando fiz a segunda nao foi completada e desde então quando ligo o micro aparece a informção: an ansupported operation was attempted.

E não tem mais pontos de restarações para meses anteriores, o que significa isso e como fazer pra não aparecer mais essa informação?

 

Um abraço, aí vai o log!

 

 

 

ComboFix 09-08-30.01 - PESSOAL 30/08/2009 17:07.5.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.650 [GMT -3:00]

Executando de: c:\documents and settings\PESSOAL\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\1005f49.msp

c:\windows\Installer\1005f4d.msp

c:\windows\Installer\1005f4e.msp

c:\windows\Installer\10d9b8.msp

c:\windows\Installer\10d9b9.msp

c:\windows\Installer\10d9bd.msp

c:\windows\Installer\1418fd3.msp

c:\windows\Installer\1418fd4.msp

c:\windows\Installer\1418fd8.msp

c:\windows\Installer\14256ad.msp

c:\windows\Installer\14256ae.msp

c:\windows\Installer\14256b2.msp

c:\windows\Installer\18bf15.msp

c:\windows\Installer\19358d.msp

c:\windows\Installer\193591.msp

c:\windows\Installer\193592.msp

c:\windows\Installer\193ddc5.msp

c:\windows\Installer\193ddc6.msp

c:\windows\Installer\193ddca.msp

c:\windows\Installer\1bed0a4.msp

c:\windows\Installer\1bed0a5.msp

c:\windows\Installer\1bed0a9.msp

c:\windows\Installer\1d6be60.msp

c:\windows\Installer\1d6be61.msp

c:\windows\Installer\1d6be65.msp

c:\windows\Installer\1fc9563.msp

c:\windows\Installer\1fc9564.msp

c:\windows\Installer\1fc9568.msp

c:\windows\Installer\20fe8b6.msp

c:\windows\Installer\20fe8b7.msp

c:\windows\Installer\20fe8bb.msp

c:\windows\Installer\22e0872.msp

c:\windows\Installer\22e0873.msp

c:\windows\Installer\22e0877.msp

c:\windows\Installer\265f5d.msp

c:\windows\Installer\265f5e.msp

c:\windows\Installer\265f62.msp

c:\windows\Installer\275588c.msp

c:\windows\Installer\28032.msp

c:\windows\Installer\28033.msp

c:\windows\Installer\28037.msp

c:\windows\Installer\2803b.msp

c:\windows\Installer\2803c.msp

c:\windows\Installer\28040.msp

c:\windows\Installer\28044.msp

c:\windows\Installer\28045.msp

c:\windows\Installer\28049.msp

c:\windows\Installer\2804d.msp

c:\windows\Installer\28051.msp

c:\windows\Installer\28052.msp

c:\windows\Installer\2905caf.msp

c:\windows\Installer\2905cb0.msp

c:\windows\Installer\2905cb4.msp

c:\windows\Installer\2b95f19.msp

c:\windows\Installer\2bdaedc.msp

c:\windows\Installer\2bdaedd.msp

c:\windows\Installer\2bdaee1.msp

c:\windows\Installer\2be13df.msp

c:\windows\Installer\2be13e3.msp

c:\windows\Installer\2be13e4.msp

c:\windows\Installer\2c0aa2a.msp

c:\windows\Installer\2c52b2e.msp

c:\windows\Installer\2c52b2f.msp

c:\windows\Installer\2c52b33.msp

c:\windows\Installer\2ceeba3.msp

c:\windows\Installer\2ceeba4.msp

c:\windows\Installer\2ceeba8.msp

c:\windows\Installer\2e804.msp

c:\windows\Installer\2e805.msp

c:\windows\Installer\2e809.msp

c:\windows\Installer\2f6c656.msp

c:\windows\Installer\307b5e8.msp

c:\windows\Installer\307b5e9.msp

c:\windows\Installer\307b5ed.msp

c:\windows\Installer\346ff14.msp

c:\windows\Installer\346ff15.msp

c:\windows\Installer\346ff19.msp

c:\windows\Installer\4949c0.msp

c:\windows\Installer\4949c4.msp

c:\windows\Installer\4949c5.msp

c:\windows\Installer\5fe08e.msp

c:\windows\Installer\5fe08f.msp

c:\windows\Installer\5fe093.msp

c:\windows\Installer\710fe8.msp

c:\windows\Installer\76e7f1.msp

c:\windows\Installer\76e7f2.msp

c:\windows\Installer\76e7f6.msp

c:\windows\Installer\878a3.msp

c:\windows\Installer\8fe6ed.msp

c:\windows\Installer\8fe6ee.msp

c:\windows\Installer\8fe6f2.msp

c:\windows\Installer\9078ae.msp

c:\windows\Installer\9078af.msp

c:\windows\Installer\9078b3.msp

c:\windows\Installer\b94d8.msp

c:\windows\Installer\b94d9.msp

c:\windows\Installer\b94dd.msp

c:\windows\Installer\ccb25.msp

c:\windows\Installer\ccb26.msp

c:\windows\Installer\ccb2a.msp

c:\windows\Installer\f1cc6.msp

c:\windows\Installer\f1cc7.msp

c:\windows\Installer\f1ccb.msp

c:\windows\Installer\f6b21d.msp

c:\windows\Installer\f6b21e.msp

c:\windows\Installer\f6b222.msp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-30 ))))))))))))))))))))))))))))

.

 

2009-08-23 05:26 . 2009-08-24 11:30 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-08-06 00:09 . 2009-08-06 00:09 3942048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 05:25 . 2009-03-26 03:49 -------- d-----w- c:\arquivos de programas\Windows Live

2009-08-14 15:44 . 2009-07-17 05:03 331844 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-14 15:44 . 2009-07-17 05:03 28225568 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-06 01:09 . 2009-05-16 18:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-06 00:11 . 2009-07-13 22:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 16:36 . 2009-07-13 22:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 16:36 . 2009-07-13 22:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-31 19:46 . 2009-07-03 22:10 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-17 23:33 . 2009-07-03 22:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\PESSOAL\Dados de aplicativos\Malwarebytes

2009-07-13 22:59 . 2009-07-13 22:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- c:\windows\WLXPGSS.SCR

2009-07-08 02:28 . 2009-07-08 02:28 -------- d-----w- c:\arquivos de programas\CCleaner

2009-07-06 01:20 . 2009-07-05 14:50 -------- d-----w- c:\arquivos de programas\Avira

2009-07-06 01:20 . 2009-02-08 03:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-06 01:20 . 2009-07-06 01:20 -------- d-----w- c:\documents and settings\PESSOAL\Dados de aplicativos\Yahoo!

2009-07-06 01:20 . 2009-07-05 01:45 -------- d-----w- c:\arquivos de programas\ESET

2009-07-06 01:18 . 2008-12-29 22:33 -------- d-----w- c:\arquivos de programas\SereneScreen

2009-07-05 05:00 . 2009-07-05 04:58 170131 ----a-w- c:\windows\hpqins00.dat

2009-07-04 01:25 . 2008-12-17 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-07-04 01:24 . 2009-07-04 01:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo!

2009-07-04 01:24 . 2008-12-16 23:53 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-07-03 16:59 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:27 . 2008-04-14 12:00 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:39 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:39 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:44 . 2008-04-14 12:00 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2008-04-14 12:00 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 22:58 . 2008-04-14 12:00 79022 ----a-w- c:\windows\system32\perfc016.dat

2009-06-10 22:58 . 2008-04-14 12:00 468108 ----a-w- c:\windows\system32\perfh016.dat

2009-06-10 14:14 . 2008-04-14 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2008-09-23 13:53 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-03 19:10 . 2008-04-14 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-03-29 10:47 . 2008-12-27 12:04 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 210520]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\PESSOAL\\Desktop\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [5/7/2009 11:50 108289]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{321242C9-02ED-41AB-82F2-C9285E06EE17}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6} = 200.223.0.83 200.223.0.84

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-30 17:11

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-08-30 17:13

ComboFix-quarantined-files.txt 2009-08-30 20:12

ComboFix2.txt 2009-08-07 22:12

 

Pré-execução: 4.113.977.344 bytes disponíveis

Pós execução: 4.189.065.216 bytes disponíveis

 

243 --- E O F --- 2009-08-30 03:13

[jgarcia 1]

Opa hanah,

 

É chato, porém vou lhe pedir mais uma vez que poste um novo log do ComboFix.

 

Abraços.

[hanah 0]

Olá, jgarcia!

 

Estou enviando outro log do ComboFix mas gostaria de fazer uma pergunta!

Esses problemas parecido com virus pode ser também referente a atualizações não instaladas?

Parece que o Cd de instalação do windowns que o tecnico utilizou quando veio fazer as instalações dos programas é pirata, e já faz algum tempo que as atualizaçoes baixadas automaticamente não estão sendo instaladas, sempre dá erro!

 

Um abraço!

 

 

ComboFix 09-09-20.04 - PESSOAL 21/09/2009 19:47.6.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.566 [GMT -3:00]

Executando de: c:\documents and settings\PESSOAL\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\Installer\103b94.msp

c:\windows\Installer\103b95.msp

c:\windows\Installer\103b99.msp

c:\windows\Installer\10ed8e.msp

c:\windows\Installer\10ed92.msp

c:\windows\Installer\10ed93.msp

c:\windows\Installer\11036c4.msp

c:\windows\Installer\11036c8.msp

c:\windows\Installer\11036c9.msp

c:\windows\Installer\1149d4b.msp

c:\windows\Installer\1149d4c.msp

c:\windows\Installer\130022.msp

c:\windows\Installer\130023.msp

c:\windows\Installer\130027.msp

c:\windows\Installer\13b8cc3.msp

c:\windows\Installer\13b8cc7.msp

c:\windows\Installer\13b8cc8.msp

c:\windows\Installer\149dcb3.msp

c:\windows\Installer\149dcb4.msp

c:\windows\Installer\149dcb8.msp

c:\windows\Installer\14a864.msp

c:\windows\Installer\14a868.msp

c:\windows\Installer\14a869.msp

c:\windows\Installer\14e628.msp

c:\windows\Installer\14e62c.msp

c:\windows\Installer\14e62d.msp

c:\windows\Installer\160dd0.msp

c:\windows\Installer\160dd1.msp

c:\windows\Installer\160dd5.msp

c:\windows\Installer\162f89e.msp

c:\windows\Installer\162f89f.msp

c:\windows\Installer\162f8a3.msp

c:\windows\Installer\17c3eb6.msp

c:\windows\Installer\17c3eb7.msp

c:\windows\Installer\17c3ebb.msp

c:\windows\Installer\17d987.msp

c:\windows\Installer\17d98b.msp

c:\windows\Installer\17d98c.msp

c:\windows\Installer\17f0681.msp

c:\windows\Installer\17f0682.msp

c:\windows\Installer\17f0686.msp

c:\windows\Installer\186721.msp

c:\windows\Installer\186725.msp

c:\windows\Installer\186726.msp

c:\windows\Installer\18f623.msp

c:\windows\Installer\18f627.msp

c:\windows\Installer\18f628.msp

c:\windows\Installer\1932f74.msp

c:\windows\Installer\1932f78.msp

c:\windows\Installer\1932f79.msp

c:\windows\Installer\1c77d49.msp

c:\windows\Installer\1c77d4d.msp

c:\windows\Installer\1c77d4e.msp

c:\windows\Installer\1ce1620.msp

c:\windows\Installer\1ce1621.msp

c:\windows\Installer\1ce1625.msp

c:\windows\Installer\1d24b27.msp

c:\windows\Installer\1d24b2b.msp

c:\windows\Installer\1d24b2c.msp

c:\windows\Installer\1d92ed3.msp

c:\windows\Installer\1d92ed4.msp

c:\windows\Installer\1d92ed8.msp

c:\windows\Installer\1e4c0ec.msp

c:\windows\Installer\1e4c0f0.msp

c:\windows\Installer\1e4c0f1.msp

c:\windows\Installer\1eadb9b.msp

c:\windows\Installer\1eadb9c.msp

c:\windows\Installer\1eadba0.msp

c:\windows\Installer\1f95991.msp

c:\windows\Installer\1f95995.msp

c:\windows\Installer\1f95996.msp

c:\windows\Installer\2069ab.msp

c:\windows\Installer\2069ac.msp

c:\windows\Installer\2069b0.msp

c:\windows\Installer\20cfbd0.msp

c:\windows\Installer\20cfbd1.msp

c:\windows\Installer\20cfbd5.msp

c:\windows\Installer\20ed42.msp

c:\windows\Installer\20ed43.msp

c:\windows\Installer\20ed47.msp

c:\windows\Installer\22d5ed4.msp

c:\windows\Installer\22d5ed5.msp

c:\windows\Installer\22d5ed9.msp

c:\windows\Installer\280193.msp

c:\windows\Installer\280194.msp

c:\windows\Installer\280198.msp

c:\windows\Installer\2a146c.msp

c:\windows\Installer\2a1470.msp

c:\windows\Installer\2a1471.msp

c:\windows\Installer\321922.msp

c:\windows\Installer\321923.msp

c:\windows\Installer\321927.msp

c:\windows\Installer\346bcc.msp

c:\windows\Installer\346bd0.msp

c:\windows\Installer\346bd1.msp

c:\windows\Installer\35172f.msp

c:\windows\Installer\351733.msp

c:\windows\Installer\351734.msp

c:\windows\Installer\55887.msp

c:\windows\Installer\5588b.msp

c:\windows\Installer\5588c.msp

c:\windows\Installer\580320.msp

c:\windows\Installer\580324.msp

c:\windows\Installer\580325.msp

c:\windows\Installer\5f95e8.msp

c:\windows\Installer\5f95ec.msp

c:\windows\Installer\5f95ed.msp

c:\windows\Installer\694de2.msp

c:\windows\Installer\694de3.msp

c:\windows\Installer\694de7.msp

c:\windows\Installer\7460e8.msp

c:\windows\Installer\7460e9.msp

c:\windows\Installer\7460ed.msp

c:\windows\Installer\762ec2.msp

c:\windows\Installer\762ec3.msp

c:\windows\Installer\762ec7.msp

c:\windows\Installer\78579e.msp

c:\windows\Installer\7857a2.msp

c:\windows\Installer\7857a3.msp

c:\windows\Installer\7923d7.msp

c:\windows\Installer\7923db.msp

c:\windows\Installer\7923dc.msp

c:\windows\Installer\801cb1.msp

c:\windows\Installer\801cb2.msp

c:\windows\Installer\80d216.msp

c:\windows\Installer\80d217.msp

c:\windows\Installer\9766aa.msp

c:\windows\Installer\9766ab.msp

c:\windows\Installer\9766af.msp

c:\windows\Installer\98559e.msp

c:\windows\Installer\98559f.msp

c:\windows\Installer\9855a3.msp

c:\windows\Installer\9faca5.msp

c:\windows\Installer\9faca6.msp

c:\windows\Installer\9facaa.msp

c:\windows\Installer\a13ede.msp

c:\windows\Installer\a13ee2.msp

c:\windows\Installer\a13ee3.msp

c:\windows\Installer\a4efd0.msp

c:\windows\Installer\a4efd1.msp

c:\windows\Installer\a4efd5.msp

c:\windows\Installer\a65ed2.msp

c:\windows\Installer\a65ed6.msp

c:\windows\Installer\a65ed7.msp

c:\windows\Installer\b74991.msp

c:\windows\Installer\b74995.msp

c:\windows\Installer\b74996.msp

c:\windows\Installer\b99798.msp

c:\windows\Installer\b9979c.msp

c:\windows\Installer\b9979d.msp

c:\windows\Installer\c32a7e.msp

c:\windows\Installer\c32a82.msp

c:\windows\Installer\c32a83.msp

c:\windows\Installer\dfba79.msp

c:\windows\Installer\dfba7d.msp

c:\windows\Installer\dfba7e.msp

c:\windows\Installer\f073a.msp

c:\windows\Installer\f073b.msp

 

----- BITS: Sites possivelmente infectados -----

 

hxxp://download.yimg.com

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-21 to 2009-09-21 ))))))))))))))))))))))))))))

.

 

2009-09-18 21:16 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-18 21:16 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-18 21:16 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-18 21:15 . 2009-09-18 21:15 -------- d-----w- c:\arquivos de programas\Avira

2009-09-03 14:14 . 2009-09-03 14:15 -------- d-----w- C:\LinhaDefensiva

2009-08-23 05:26 . 2009-09-11 22:32 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-18 21:15 . 2009-02-08 03:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-17 00:01 . 2009-07-13 22:59 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-12 15:48 . 2008-12-17 00:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-09-10 20:21 . 2009-07-03 22:10 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-10 17:54 . 2009-07-13 22:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 17:53 . 2009-07-13 22:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-23 05:25 . 2009-03-26 03:49 -------- d-----w- c:\arquivos de programas\Windows Live

2009-08-14 15:44 . 2009-07-17 05:03 331844 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-14 15:44 . 2009-07-17 05:03 28225568 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-05 09:00 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-28 19:33 . 2009-05-16 18:08 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-17 19:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- c:\windows\WLXPGSS.SCR

2009-07-05 05:00 . 2009-07-05 04:58 170131 ----a-w- c:\windows\hpqins00.dat

2009-07-03 16:59 . 2008-04-14 12:00 915456 ------w- c:\windows\system32\wininet.dll

2009-06-25 08:27 . 2008-04-14 12:00 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2008-04-14 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2008-04-14 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2008-04-14 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2008-04-14 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-03-29 10:47 . 2008-12-27 12:04 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 68856]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-05-06 405504]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 210520]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\PESSOAL\\Desktop\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/9/2009 18:16 108289]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-21 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

 

2009-09-21 c:\windows\Tasks\User_Feed_Synchronization-{321242C9-02ED-41AB-82F2-C9285E06EE17}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {277F5272-1C4B-4CA5-9BC3-1A7071CEC0E6} = 200.223.0.83 200.223.0.84

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-21 19:51

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-09-21 19:53

ComboFix-quarantined-files.txt 2009-09-21 22:53

ComboFix2.txt 2009-08-30 20:13

 

Pré-execução: 3.358.699.520 bytes disponíveis

Pós execução: 3.593.228.288 bytes disponíveis

 

306 --- E O F --- 2009-09-21 10:30

[jgarcia 1]

Opa hanah,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

c:\windows\system32\OGAAddin.dll

c:\windows\system32\OGAEXEC.exe

c:\windows\system32\KGyGaAvL.sys

c:\windows\Tasks\OGALogon.job

c:\windows\WLXPGSS.SCR

RegLock::

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

RegNull::

[HKEY_USERS\S-1-5-21-1220945662-2052111302-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

 

2. Salve o arquivo como CFScript.txt;

 

3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.

 

4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[hanah 0]

Olá jgarcia!

 

Agradeço a assistencia dada durante todo esse tempo, mas resolvir formatar o pc de uma vez pra começar do zero.

Gostaria de saber como encerro esse topico!

 

Um abraço!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.