Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

marcoantonio51

[Resolvido!] Análise HiJack this

Recommended Posts

Boa noite,

preciso de uma ajuda com meu note infectado. A ampulheta não pára de piscar e toda hora aparece a msg de Alerta de Prevenção de Execução de dados.

o log do Hijack é o seguinte:

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 21:09:47, on 18/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/?ocid=iehp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {BFD16BFB-E9C0-4444-B24E-938C42AB8D6C} - C:\WINDOWS\system32\javaw.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.lop.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9890 bytes

 

Grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Marco!

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

___________________________________

 

:seta: Vá no menu: Iniciar > Painel de Controle > Opções de Pasta

Selecione a aba Modo de exibição

Selecione o botão Mostrar pastas e arquivos ocultos

Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado)

Clique em OK.

 

Acesse o site http://virscan.org/ e envie este arquivo destacado em vermelho abaixo para ser analizado, aguarde a conclusão da análise e copie o link que aparecerá na barra de endereços de seu navegador e cole este link na sua próxima resposta:

 

C:\WINDOWS\system32\javaw.dll

 

Caso o site VirScan esteja com algum problema ou congestionado, envie os arquivos arquivos para serem analisados nos sites abaixo:

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

 

E depois poste o resultado desta análise.

 

Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis e o resultado da análise do arquivo e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

valeu pela dica. Passei o malwarebytes e o problema foi corrigido. Quanto à 2ª parte, não havia o arquivo "javaw.dll" na pasta system32.

Aí vão os logs:

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3599

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

19/01/2010 20:09:32

mbam-log-2010-01-19 (20-09-32).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 238219

Tempo decorrido: 1 hour(s), 56 minute(s), 14 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 0

Ítens do Registro infectados: 3

Pastas infectadas: 0

Arquivos infectados: 4

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfd16bfb-e9c0-4444-b24e-938c42ab8d6c} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\BitDownload (Trojan.Swizzor) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\javaw.dll (Trojan.Banker) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-839522115-1343024091-682003330-1005\Dc3.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-839522115-1343024091-682003330-1005\Dc4.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\WINDOWS\Media\lsass.cpl (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

HIJACK:

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 21:10:45, on 19/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/?ocid=iehp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.lop.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9776 bytes

 

Muitíssimo obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

B) Vários problemas foram removidos do seu PC.

_________________________________

 

:seta: Baixe e execute este programa no site abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_________________________________

 

:seta: Faça o download desta ferramenta abaixo:

http://lop.com/new_uninstall.exe

 

Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro.

 

Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando.

__________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

___________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-bankerfix.html"]Tutorial do Bankerfix

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

___________________________________

 

:seta: Na sua próxima resposta poste o conteúdo do relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt juntamente com o log que estará em C:\Ad-Report-CLEAN[1].log, o log que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

mais uma vez obrigado e parabéns pelos excelentes tutoriais. Aqui vão os logs:

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2010-01-21 - 21:57

-------------------------------------------------------

Lista de Definição: 2010-01-14-1 | CORE: 2010-01-14-1

=======================================================

 

 

 

----- Fim -------------------------

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 22:53:02, on 21/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.lop.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9588 bytes

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_I | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 21.01.2010 at 9:13

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 22:23:10, 21/01/2010 | Normal Boot | Option: CLEAN

Executed from: C:\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: ACER | Current user: Marco

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\Documents and Settings\Jandira\Application Data\Office Genuine Advantage

C:\Documents and Settings\Marina\Application Data\Office Genuine Advantage

 

(!) -- Temp files deleted.

 

.

HKCU\software\appdatalow\AskBarDis

HKLM\software\classes\DiscoveryHelper.iMesh6Discovery

HKLM\software\classes\DiscoveryHelper.iMesh6Discovery.1

HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870E}

HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7D}

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.7 [pt-BR] *

.

ProfilePath: o7mfxt4p.default (Marco)

.

.

.

* Internet Explorer Version 8.0.6001.18702 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Enable Browser Extensions: yes

Do404Search: 01000000

Local Page: C:\WINDOWS\system32\blank.htm

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Start Page Redirect Cache: hxxp://br.msn.com/?ocid=iehp

Start Page Redirect Cache_TIMESTAMP: a495e7e2944fca01

Start Page Redirect Cache AcceptLangs: pt-br

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

Search page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Marco\Meus documentos\Drivers USB\patches\Q307271_WxP_SP1_x86_enu_MID57834.exe

C:\Documents and Settings\Marco\Meus documentos\Drivers USB\patches\Q307271_WxP_SP1_x86_ENU_MID58293.exe

C:\Documents and Settings\Marco\Meus documentos\torrents\Divx.Conventer.Serial.Number.NoNeedToDL.XenifiX.3712120.TPB.torrent

.

===================================

.

2747 Byte(s) - C:\Ad-Report-CLEAN[1].log

2762 Byte(s) - C:\Ad-Report-SCAN[1].log

.

11 File(s) - C:\DOCUME~1\Marco\CONFIG~1\Temp

4 File(s) - C:\WINDOWS\Temp

0 File(s) - C:\WINDOWS\Prefetch

.

18 File(s) - C:\Ad-Remover\BACKUP

2 File(s) - C:\Ad-Remover\QUARANTINE

.

End at: 22:37:18 | 21/01/2010 - CLEAN[1]

.

============== E.O.F ==============

.

 

Boa noite e obrigado.

 

 

 

 

 

 

B) Vários problemas foram removidos do seu PC.

_________________________________

 

:seta: Baixe e execute este programa no site abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):

http://download.gizmo5.com/jasmine/TurnOffBonjour.exe

_________________________________

 

:seta: Faça o download desta ferramenta abaixo:

http://lop.com/new_uninstall.exe

 

Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro.

 

Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando.

__________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

___________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-bankerfix.html"]Tutorial do Bankerfix

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

 

'>http://dicasetutoriaisparapc.blogspot.com/2008/09/tutorial-do-antivirus-nod32-online.html"]Tutorial do antivirus Nod32 Online

___________________________________

 

:seta: Na sua próxima resposta poste o conteúdo do relatorio.txt do BankerFix que estará em C:\LinhaDefensiva\relatorio.txt juntamente com o log que estará em C:\Ad-Report-CLEAN[1].log, o log que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt e um novo log do Hijackthis e nos diga como está o seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Outros problemas foram removidos do seu Pc.

_______________________________

 

:!: Mas você se esqueceu de postar o log do Nod32 Online. Se você tiver feito o escaneamento com ele, poste o log que está em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt para que possamos analisá-lo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

segue o log do Nod32:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=b66bb6286c278643af660cf8bcc5a335

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-22 01:01:07

# local_time=2010-01-21 11:01:07 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775141 100 98 0 199488749 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1525

# found=0

# cleaned=0

# scan_time=76

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=b66bb6286c278643af660cf8bcc5a335

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-22 09:29:42

# local_time=2010-01-22 07:29:42 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775141 100 98 0 199559023 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=97988

# found=6

# cleaned=6

# scan_time=3515

C:\Documents and Settings\Jandira\Configurações locais\Temp\AbsAPdsAOcr7.exe Win32/PSWTool.MailPassView.138 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jandira\Configurações locais\Temp\ChyEVl3IZo4J.exe Win32/PSWTool.MailPassView.138 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jandira\Configurações locais\Temp\T7UrBXqBUqAR.exe Win32/PSWTool.MailPassView.138 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Marco\Meus documentos\Meus arquivos recebidos\frostwire-4.13.5.windows.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Marco\Meus documentos\Meus arquivos recebidos\frostwire-4.17.0.windows.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\tqXLFGp6vU4vew7.vbs VBS/Disabler.NAB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

Grato,

 

 

:) Outros problemas foram removidos do seu Pc.

_______________________________

 

:!: Mas você se esqueceu de postar o log do Nod32 Online. Se você tiver feito o escaneamento com ele, poste o log que está em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt para que possamos analisá-lo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio.

O PC está rodando bem. Não tive mais problemas.

Aí vão os logs:

 

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/01/24 21:21:17

 

Norman Scanner Engine Version: 6.04.03

Nvcbin.def Version: 6.04.00, Date: 2010/01/24 21:21:17, Variants: 4817705

 

Scan started: 25/01/2010 17:35:09

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: ACER\Marco

 

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 15ms

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 5116

Number of processes/threads scanned: 5116

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 32s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/root.img (Error whilst scanning file: I/O Error (0x0022000A))

C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

 

C:\Documents and Settings\Marco\Meus documentos\GPS\GarminMobileXT_4.10.80_S60_MultiLanguage_By_DeFconX.rar/Keygen.rar/Keygen\IMEI converter.exe (Infected with Suspicious_Gen.DBRO)

Deleted file

 

C:\Documents and Settings\Marco\Meus documentos\Meus arquivos recebidos\Corel Draw 11 Portable.rar/Corel Draw 11 Portable\Corel Draw 11 Portable\portable\reg.exe (Infected with Zlob.ARSZ)

Deleted file

 

C:\Documents and Settings\Marco\Meus documentos\Meus arquivos recebidos\Corel Draw 11 Portable.rar/Corel Draw 11 Portable\Corel Draw 11 Portable\portable\regpath.exe (Infected with Zlob.ARSY)

Deleted file

 

C:\Documents and Settings\Marco\Meus documentos\Meus arquivos recebidos\GarminMobileXT_4.10.80_S60_MultiLanguage_By_DeFconX.rar/Keygen.rar/Keygen\IMEI converter.exe (Infected with Suspicious_Gen.DBRO)

Deleted file

 

C:\LinhaDefensiva\exec\download.exe (Infected with Suspicious_Gen.CQSA)

Deleted file

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

 

Number of files found: 264218

Number of archives unpacked: 2040

Number of files scanned: 264215

Number of files not scanned: 3

Number of files skipped due to exclude list: 0

Number of infected files found: 6

Number of infected files repaired/deleted: 5

Number of infections removed: 5

Total scanning time: 1h 44m 39s

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 19:31:00, on 25/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\RunOnce: [ GbPluginBb] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbieh.dll,Gbieh

O4 - HKLM\..\RunOnce: [ GbPluginIsg] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehIsg.dll,Gbieh

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://*.lop.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10186 bytes

 

Grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Vários outros problemas foram removidos pelo Norman.

___________________________________

 

:!: É muito importante desinstalar qualquer programa ou item crackeado ou pirateado que possa estar em seu PC, pois a enorme maioria destes itens vem com virus e/ou malwares embutidos neles, além de poderem conter brechas de segurança que facilitam a invasão de seu computador.

___________________________________

 

:seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

Eu tentei várias vezes fazer o scan completo com o spyware doctor, mas ele sempre trava e dá muito trabalho para rodar de novo: não desinstala, e trava todo o sistema. No intelliscan todas as ameaças foram removidas. Segue o novo log do hijack.

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 18:53:16, on 27/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Spyware Doctor\pctsGui.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10361 bytes

 

Grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites
Eu tentei várias vezes fazer o scan completo com o spyware doctor, mas ele sempre trava

:seta: Tente fazer a Verificação Completa com o Spyware Doctor no '>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro e veja se é possível. Caso seja possível, poste o log dele para analisarmos.

________________________________

 

:seta: A versão do Avast que você está usando já está desatualizada. Desinstale-o e baixe o novo '>http://freedownloads2000.blogspot.com/2008/10/antivirus.html"]Avast 5 free.

 

Para instalá-lo, configurá-lo e usá-lo corretamente siga as dicas destes tutoriais:

 

http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-edicao-gratuita.html '>Tutorial do Avast 5 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2010/01/tutorial-do-avast-5-free-como-usa-lo.html"]Tutorial do Avast 5 free (como usá-lo corretamente)

 

Depois de instalá-lo e configurá-lo seguindo as dicas acima, atualize-o (faça um update) e faça uma verificação completa com ele > E caso seja encontrado algum virus e/ou malware durante este escaneamento e o Avast te perguntar sobre qual destino deve ser dado aos arquivos infectados, é importante escolher sempre a opção de Reparar o arquivo (que é o mesmo que desinfectá-lo) > quando não for possível a opção de Reparar, escolha a opção de enviar o arquivo contaminado para a Quarentena > e caso o envio do arquivo para a quarentena também falhe, escolha a opção de Excluí-lo.

______________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis e o log do Spyware Doctor (se for possível) e nos diga se o Avast 5 removeu algum arquivo contaminado em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

Instalei o avast e fiz o scan conforme o tutorial. Demorou 4 horas!!! Mas acho q corrigiu outros problemas. Só não teve jeito com o spyware doctor.

Os demais logs vão aí:

ComboFix 10-02-01.02 - Marco 01/02/2010 18:16:18.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1581 [GMT -2:00]

Executando de: C:\Documents and Settings\Marco\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 304 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))

.

 

2010-02-01 19:55:09 . 2009-04-03 13:18:26 130936 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys

2010-02-01 19:55:09 . 2008-12-18 14:16:56 73840 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys

2010-02-01 19:54:32 . 2010-02-01 20:03:27 -------- d-----w- C:\Arquivos de programas\Spyware Doctor

2010-01-29 20:55:53 . 2010-01-29 20:55:53 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2010-01-26 23:29:33 . 2010-02-01 20:03:27 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\PC Tools

2010-01-22 00:48:55 . 2010-01-22 00:48:55 -------- d-----w- C:\Arquivos de programas\ESET

2010-01-22 00:01:12 . 2010-01-22 00:37:18 -------- d-----w- C:\Ad-Remover

2010-01-21 23:56:47 . 2010-01-21 23:57:43 -------- d-----w- C:\LinhaDefensiva

2010-01-19 20:06:45 . 2010-01-19 20:06:45 -------- d-----w- C:\Documents and Settings\Marco\Dados de aplicativos\Malwarebytes

2010-01-19 20:06:40 . 2010-01-07 18:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-19 20:06:38 . 2010-01-19 20:06:38 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-19 20:06:37 . 2010-01-07 18:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-01-19 20:06:36 . 2010-01-19 20:06:44 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-01-16 12:12:11 . 2010-01-16 12:12:11 388096 ----a-r- C:\Documents and Settings\Marco\Dados de aplicativos\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-16 12:12:09 . 2010-01-16 12:12:09 -------- d-----w- C:\Arquivos de programas\TrendMicro

2010-01-16 12:06:51 . 2010-01-16 12:06:52 -------- d-----w- C:\Arquivos de programas\CCleaner

2010-01-15 11:02:37 . 2009-11-21 15:58:49 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 20:01:53 . 2010-02-01 20:01:53 691712 ----a-w- C:\WINDOWS\isRS-000.tmp

2010-02-01 20:01:38 . 2008-01-30 19:02:03 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2010-01-29 20:58:59 . 2008-12-22 20:31:21 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-01-29 20:58:53 . 2008-02-20 20:45:40 -------- d-----w- C:\Arquivos de programas\Alwil Software

2010-01-28 23:26:56 . 2009-03-03 19:51:49 -------- d-----w- C:\Arquivos de programas\GbPlugin

2010-01-28 22:09:46 . 2009-03-03 18:55:01 38848 ----a-w- C:\WINDOWS\system32\avastSS.scr

2010-01-28 22:09:26 . 2009-03-03 18:54:43 152672 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2010-01-28 21:57:55 . 2009-03-03 18:55:04 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2010-01-28 21:57:34 . 2009-03-03 18:55:01 163280 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2010-01-28 21:54:42 . 2009-03-03 18:55:05 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2010-01-28 21:54:16 . 2009-03-03 18:55:01 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2010-01-28 21:54:12 . 2009-03-03 18:55:01 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2010-01-28 21:54:05 . 2009-03-03 18:55:01 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010-01-28 21:53:50 . 2009-03-03 18:55:03 28240 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2010-01-19 22:53:14 . 2009-04-02 20:58:28 -------- d-----w- C:\Arquivos de programas\Microsoft Silverlight

2010-01-15 18:48:41 . 2008-02-14 21:58:24 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-30 12:59:36 . 2009-03-03 19:51:49 30752 ----a-w- C:\WINDOWS\system32\drivers\GbpKm.sys

2009-12-29 20:09:13 . 2008-04-28 18:32:32 -------- d-----w- C:\Documents and Settings\Jandira\Dados de aplicativos\PC Suite

2009-12-29 20:09:08 . 2008-12-12 22:52:08 -------- d-----w- C:\Documents and Settings\Jandira\Dados de aplicativos\Nokia

2009-12-25 18:15:07 . 2009-12-25 18:15:07 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-12-25 18:15:02 . 2009-12-25 18:15:02 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_user_01_07_00.Wdf

2009-12-25 18:02:03 . 2009-12-25 18:02:03 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-12-25 18:02:02 . 2009-12-25 18:02:02 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-12-23 19:39:11 . 2009-12-20 02:04:30 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\AlawarWrapper

2009-12-21 19:08:00 . 2004-08-04 02:45:28 916480 ------w- C:\WINDOWS\system32\wininet.dll

2009-12-20 02:04:40 . 2009-12-20 02:04:40 -------- d-----w- C:\Documents and Settings\Marco\Dados de aplicativos\Shape games

2009-12-20 02:04:08 . 2009-12-20 02:04:08 -------- d-----w- C:\Arquivos de programas\Alawar

2009-12-16 19:06:43 . 2001-10-28 18:07:18 84086 ----a-w- C:\WINDOWS\system32\perfc016.dat

2009-12-16 19:06:43 . 2001-10-28 18:07:18 479942 ----a-w- C:\WINDOWS\system32\perfh016.dat

2009-12-14 18:40:34 . 2008-02-10 20:50:57 -------- d-----w- C:\Arquivos de programas\DivX

2009-12-13 11:53:35 . 2009-12-05 20:45:02 -------- d-----w- C:\Arquivos de programas\WebFormDesigner

2009-12-13 11:52:09 . 2009-04-26 22:06:08 -------- d-----w- C:\Arquivos de programas\Boilsoft MOV Converter

2009-12-13 11:51:24 . 2008-02-18 20:01:49 -------- d-----w- C:\Arquivos de programas\Free FLV Converter

2009-12-13 11:51:00 . 2008-01-26 01:21:55 -------- d-----w- C:\Arquivos de programas\CyberLink

2009-12-13 11:51:00 . 2008-01-26 00:39:09 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

2009-12-05 21:06:42 . 2009-12-05 21:06:42 -------- d-----w- C:\Arquivos de programas\Firebird

2009-12-04 12:03:16 . 2009-12-04 12:03:16 251376 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Plugins\npgoogletalk.dll

2009-11-21 20:13:39 . 2009-11-21 20:13:39 95232 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2009-11-21 20:13:39 . 2009-11-21 20:13:39 8192 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-21 20:13:39 . 2009-11-21 20:13:39 61440 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-21 20:13:39 . 2009-11-21 20:13:39 10240 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-21 20:13:17 . 2009-11-21 20:14:07 33734648 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_por_br.exe

2009-11-21 15:58:49 . 2004-08-04 02:45:22 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll

2009-11-09 23:03:11 . 2009-11-09 23:03:11 95232 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe

2009-11-09 23:03:11 . 2009-11-09 23:03:11 8192 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-09 23:03:11 . 2009-11-09 23:03:11 61440 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-09 23:03:11 . 2009-11-09 23:03:11 10240 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-09 23:02:55 . 2009-11-09 23:03:42 33930272 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_por_br.exe

2008-08-01 01:09:36 . 2008-08-01 01:00:51 63530280 ----a-w- C:\Arquivos de programas\iTunesSetup.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-11 14:01:51 198160]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 04:54:42 417792]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 01:46:24 57344]

"avast5"="C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 22:09:31 2757512]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

 

C:\Documents and Settings\Jandira\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

C:\Documents and Settings\Marina\Menu Iniciar\Programas\Inicializar\

Microsoft Office Groove.lnk - C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE [2009-2-14 337264]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58:48 318240 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

C:\ARQUIV~1\GbPlugin\gbiehisg.dll [bU]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 03:04:34 39792 ----a-w- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20:54 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 04:54:42 417792 ----a-w- C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-10-11 14:01:51 198160 ----a-w- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"C:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"C:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\BearShare Applications\\BearShare\\BearShare.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Documents and Settings\\Marco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"C:\\Documents and Settings\\Marco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Arquivos de programas\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"=

 

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\GbpKm.sys [03/03/2009 17:51:49 30752]

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [01/02/2010 17:55:09 130936]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [03/03/2009 16:55:01 163280]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [03/03/2009 16:55:01 19024]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [03/03/2009 17:51:48 54048]

R3 hidshim;Service for HID-KMDF Shim layer;C:\WINDOWS\system32\drivers\hidshim.sys [25/01/2008 22:39:06 5632]

R3 winbondhidcir;Winbond HID CIR Receiver;C:\WINDOWS\system32\drivers\winbondhidcir.sys [25/01/2008 22:39:06 21504]

S2 bsaspi32;bsaspi32; [x]

S2 gupdate1ca4a7b1977afec;Google Update Service (gupdate1ca4a7b1977afec);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/10/2009 11:59:48 133104]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\drivers\s916bus.sys [16/11/2008 19:39:01 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s916mdfl.sys [16/11/2008 19:39:01 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s916mdm.sys [16/11/2008 19:39:01 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s916mgmt.sys [16/11/2008 19:39:01 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s916obex.sys [16/11/2008 19:39:01 100008]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - PCTCORE

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34:12 . 2008-07-30 15:34:12]

 

2010-02-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-11 13:59:48 . 2009-10-11 13:59:43]

 

2010-02-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-11 13:59:48 . 2009-10-11 13:59:43]

 

2009-12-13 C:\WINDOWS\Tasks\Limpeza de disco.job

- C:\WINDOWS\system32\cleanmgr.exe [2004-08-04 02:45:30 . 2008-04-14 02:20:51]

 

2010-02-01 C:\WINDOWS\Tasks\OGALogon.job

- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 18:07:42 . 2009-08-03 18:07:42]

 

2010-02-01 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1009E90B-BF92-450B-87B7-094EB20D4A2D}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2009-03-08 07:31:54]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\

FF - prefs.js: browser.startup.homepage - hxxp://mail.live.com/default.aspx?wa=wsignin1.0|http://www.bb.com.br/portalbb/home23,116,116,1,1,1,1.bb|http://g1.globo.com/|http://workspace.office.live.com/#marcoantonio51/Documents|http://translate.google.com/#

FF - component: C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\components\cooliris.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\plugins\npcoolirisplugin.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 18:21:54

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1260)

C:\Arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(2444)

C:\WINDOWS\system32\WININET.dll

C:\Arquivos de programas\GbPlugin\gbieh.dll

C:\WINDOWS\system32\webcheck.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\WINDOWS\system32\PortableDeviceTypes.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-02-01 18:23:55

ComboFix-quarantined-files.txt 2010-02-01 20:23:52

ComboFix2.txt 2010-01-28 23:33:49

 

Pré-execução: 27 pasta(s) 39.231.901.696 bytes disponíveis

Pós execução: 29 pasta(s) 39.377.412.096 bytes disponíveis

 

- - End Of File - - 0337F82A5312D2065F5D8412DE66DA0E

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 20:56:58, on 01/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9090 bytes

 

Grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

Tutorial do Findykill

 

Tutorial do Kaspersky Virus Removal Tool

______________________________

 

:seta: Na sua próxima resposta poste o log do Kaspersky Virus Removal Tool juntamente com o log que estará em Na sua próxima resposta poste o log do Findykill que estará em C:\FindyKill.txt e um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

Seguem os logs do Findkill e o do Hijack. O Kasperski travou e não deu pra salvar o log. Após a trava, o computador apresentou lentidão e alguns erros.

 

 

############################## | FindyKill V5.031 |

 

# User : Marco (Administradores) # ACER

# Update on 03/02/2010 by El Desaparecido

# Start at: 20:50:28 | 04/02/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Intel® Pentium® Dual CPU T2310 @ 1.46GHz

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Enabled

# AV : avast! Antivirus 5.0.83886476 [ Enabled | Updated ]

 

# C:\ # Disco fixo local # 111,78 Go (36,28 Go free) # NTFS

# D:\ # Disco CD-ROM

 

############################## | Processos ativos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Alwil Software\Avast5\setup\avast.setup

C:\WINDOWS\Explorer.EXE

 

################## | C: |

 

 

################## | C:\WINDOWS |

 

 

################## | C:\WINDOWS\Prefetch |

 

Supprimido ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-2D513C93.pf

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\Marco\Dados de aplicativos |

 

 

################## | Supressão Outros ... |

 

 

################## | Zip File ... |

 

################## | Temporary Internet Files |

 

 

################## | Registro |

 

 

################## | Estado |

 

# Safe mode : OK

 

 

# Affichagem dos arquivos ocultos : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | PEH |

 

 

################## | Upload |

 

Favor enviar o arquivo : C:\FindyKill_Upload_Me_ACER.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # FindyKill V5.031 ! |

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 21:30:27, on 04/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: _uninst_Karpesky.cmd.exe.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{465BFF32-C4DB-4481-9C93-F91E283C27C4}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9497 bytes

 

Grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá Marco Antonio! Desculpe-me pela demora, é que estive muito ocupado nestes dias com a escola e com o trabalho.

_________________________________

 

Seguem os logs do Findkill e o do Hijack. O Kasperski travou e não deu pra salvar o log. Após a trava, o computador apresentou lentidão e alguns erros.

:seta: Siga então, por gentileza, as dicas destes tutoriais:

 

Tutorial do Dr. Web CureIt

 

Tutorial do antivírus BitDefender Online

______________________________________

 

:seta: Na sua próxima resposta poste o log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis e o log do Dr. Web CureIt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

O note está rodando bem, só está demorando pra abrir o firefox.

Seguem os logs:

 

 

BitDefender QuickScan Beta 32-bit v0.9.9.0

------------------------------------------

 

Scan date: Sun Feb 07 19:31:04 2010

Machine ID: F0EAEC54

 

 

 

No infection found.

---------------------

 

 

Processes

---------

<unsigned> Adobe Photoshop Album Starter Edition 3164 C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

<unsigned> HP PML 256 C:\WINDOWS\system32\HPZipm12.exe

<unsigned> RichVideo Module 732 C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

<verified> Agere Soft Modem Call Progress Service 1692 C:\WINDOWS\system32\agrsmsvc.exe

<verified> Apple Mobile Device Service 1696 C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

<verified> avast! Antivirus 328 C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

<verified> avast! Antivirus 1308 C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

<verified> Bluetooth Software 2228 C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

<verified> Cisco Systems VPN Client 1740 C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

<verified> Firefox 3356 C:\Arquivos de programas\Mozilla Firefox\firefox.exe

<verified> Gbp Service 1476 C:\Arquivos de programas\GbPlugin\gbpsv.exe

<verified> Java Platform SE 6 U10 2032 C:\Arquivos de programas\Java\jre6\bin\jqs.exe

<verified> Microsoft® Visual Studio .NET 196 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

<verified> Microsoft® Windows® Operating System 3492 C:\WINDOWS\System32\alg.exe

<verified> Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\csrss.exe

<verified> Microsoft® Windows® Operating System 3588 C:\WINDOWS\system32\ctfmon.exe

<verified> Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\lsass.exe

<verified> Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\spoolsv.exe

<verified> Microsoft® Windows® Operating System 1672 C:\WINDOWS\System32\svchost.exe

<verified> Microsoft® Windows® Operating System 1632 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1760 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1836 C:\WINDOWS\System32\svchost.exe

<verified> Microsoft® Windows® Operating System 1908 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1932 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1576 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 1524 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 2684 C:\WINDOWS\system32\svchost.exe

<verified> Microsoft® Windows® Operating System 2488 C:\WINDOWS\system32\wscntfy.exe

<verified> Nero AG incdsrv 2000 C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

<verified> RealPlayer (32-bit) 912 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

<verified> Sistema operacional Microsoft® Windows® 1904 C:\WINDOWS\Explorer.EXE

<verified> Sistema operacional Microsoft® Windows® 1304 C:\WINDOWS\system32\services.exe

<verified> Sistema Operacional Microsoft® Windows® 1144 C:\WINDOWS\System32\smss.exe

<verified> Sistema operacional Microsoft® Windows® 2288 C:\WINDOWS\system32\wbem\wmiapsrv.exe

<verified> Sistema operacional Microsoft® Windows® 1260 C:\WINDOWS\system32\winlogon.exe

 

 

Network activity

----------------

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.191

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.45.139

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 64.233.163.104

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 64.233.163.100

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 64.233.163.104

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.118

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.118

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.118

Process AvastSvc.exe (328) connected on port 80 (HTTP) - bs-in-f100.1e100.net

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 187.59.4.17

Process AvastSvc.exe (328) connected on port 80 (HTTP) - gx-in-f118.1e100.net

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 187.59.4.25

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.132

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 72.21.207.241

Process AvastSvc.exe (328) connected on port 80 (HTTP) - gx-in-f118.1e100.net

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 72.247.1.115

Process AvastSvc.exe (328) connected on port 80 (HTTP) - gx-in-f118.1e100.net

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 66.235.143.54

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.103

Process AvastSvc.exe (328) connected on port 80 (HTTP) - 74.125.65.113

Process AvastSvc.exe (328) connected on port 80 (HTTP) - gx-in-f191.1e100.net

Process firefox.exe (3356) connected on port 21 (FTP) - 81.176.67.170

Process firefox.exe (3356) connected on port 65304 - 81.176.67.170

Process alg.exe (3492) connected on port 21 (FTP) - 81.176.67.170

Process alg.exe (3492) connected on port 1781 - acer.Marco8018

 

Process svchost.exe (1632) listens on ports: 135 (RPC)

 

 

Autoruns and critical files

---------------------------

<unsigned> Adobe Photoshop Album Starter Edition C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

<unsigned> QuickTime C:\Arquivos de programas\QuickTime\QTTask.exe

 

<verified> Apple Software Update C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

<verified> avast! Antivirus C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

<verified> Banco do Brasil Gbieh C:\Arquivos de programas\GbPlugin\gbieh.dll

<verified> Google Update C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

<verified> GrooveShellExtensions Module C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

<verified> Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

<verified> OGAEXEC.exe C:\WINDOWS\system32\OGAEXEC.exe

<verified> Programa de Vantagens do Windows Original C:\WINDOWS\system32\WgaLogon.dll

<verified> RealPlayer (32-bit) C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\browseui.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\cleanmgr.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\crypt32.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\cscdll.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\logonui.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\sclgntfy.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\shell32.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\stobject.dll

<verified> Sistema operacional Microsoft® Windows® c:\windows\system32\userinit.exe

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\wlnotify.dll

<verified> Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe

<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

 

 

Browser plugins

---------------

<unsigned> Bonjour C:\Arquivos de programas\Bonjour\mdnsNSP.dll

<unsigned> Cooliris for Firefox C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com-trash\components\cooliris.dll

<unsigned> Cooliris for Firefox C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\libs\cooliris190.dll

<unsigned> Cooliris for Firefox C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

<unsigned> coolirisstub.dll C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

<unsigned> Java Platform SE 6 U10 c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

<unsigned> Java Platform SE 6 U10 c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

<unsigned> LaunchCooliris.exe C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

<unsigned> npcoolirisplugin.dll C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

<unsigned> PicLensHelper.exe C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

<unsigned> Pixomatic C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin2.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin3.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin4.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin5.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin6.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Internet Explorer\plugins\npqtplugin7.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin6.dll

<unsigned> QuickTime Plug-in 7.6.4 C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin7.dll

<unsigned> RealJukebox NS Plugin C:\Arquivos de programas\Mozilla Firefox\plugins\nprjplug.dll

<unsigned> RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll

<unsigned> RealPlayer Version Plugin C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

<unsigned> RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll

<unsigned> Shockwave for Director C:\Arquivos de programas\Mozilla Firefox\plugins\np32dsw.dll

<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

 

<verified> 2007 Microsoft Office system C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL

<verified> AcroIEHelper Library c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelper.dll

<verified> Adobe Acrobat C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

<verified> Banco do Brasil Gbieh C:\Arquivos de programas\GbPlugin\gbieh.dll

<verified> Banco do Brasil GbMzh C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

<verified> BitDefender QuickScan C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

<verified> BitDefender QuickScan C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles/o7mfxt4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

<verified> Google Update C:\Arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

<verified> GrooveShellExtensions Module C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

<verified> Java Platform SE 6 U10 c:\arquivos de programas\java\jre6\bin\ssv.dll

<verified> Java Platform SE 6 U10 C:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

<verified> Messenger C:\Arquivos de programas\Messenger\msmsgs.exe

<verified> Microsoft® Windows Live Login Helper c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\windowslivelogin.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll

<verified> Mozilla Default Plug-in C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

<verified> npitunes.dll C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

<verified> Picasa C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

<verified> RealPlayer Download and Record Plugin c:\program files\real\realplayer\rpbrowserrecordplugin.dll

<verified> RealPlayer G2 LiveConnect-Enabled Plug-In (32- C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

<verified> RealPlayer G2 LiveConnect-Enabled Plug-In (32- c:\program files\real\realplayer\Netscape6\nppl3260.dll

<verified> Silverlight Plug-In c:\Arquivos de programas\Microsoft Silverlight\3.0.50106.0\npctrl.dll

<verified> Sistema operacional Microsoft® Windows® C:\WINDOWS\system32\mswsock.dll

<verified> Windows Live Call Click-to-Call BHO c:\arquivos de programas\windows live\messenger\wlchtc.dll

<verified> Windows Live® Photo Gallery C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

 

 

Missing files

-------------

File not found: C:\ARQUIV~1\GbPlugin\gbiehisg.dll

referenced in: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginIsg\"DllName"

 

File not found: C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

referenced in: HKLM\System\CurrentControlSet\Services\sdauxservice\"ImagePath"

 

File not found: C:\DOCUME~1\Marco\CONFIG~1\Temp\catchme.sys

referenced in: HKLM\System\CurrentControlSet\Services\catchme\"ImagePath"

 

File not found: c:\arquiv~1\gbplugin\gbiehisg.dll

referenced in: HKCR\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540015}\InprocServer32\(default)

 

 

Scan

----

 

No file uploaded.

 

Scan finished - communication took 8 sec

Total traffic - 0.06 MB sent, 2.85 KB recvd

Scanned 1147 files and modules - 111 seconds

 

 

log do DrWeb

uninstall.exe C:\Documents and Settings\Marco\Meus documentos\Meus arquivos recebidos Trojan.Swizzor.based Eliminado.

gbieh.dll c:\arquivos de programas\gbplugin Provavelmente BACKDOOR.Trojan Incurável.Será eliminado após reiniciar o sistema.

ADR_00.bat C:\Ad-Remover Provavelmente BATCH.Virus Incurável.Movido.

gbieh.dll C:\Arquivos de programas\GbPlugin Provavelmente BACKDOOR.Trojan

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 18:47:52, on 08/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{465BFF32-C4DB-4481-9C93-F91E283C27C4}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - Invalid registry found

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9272 bytes

 

Grato,

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

 

O20 - Winlogon Notify: GbPluginBb - Invalid registry found

 

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

_________________________________

 

:seta: Selecione o texto destacado em vermelho abaixo e copie para o Bloco de notas. Salve-o no Desktop (área de trabalho) com o nome de CFScript.txt

 

File::

C:\WINDOWS\isRS-000.tmp

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000000

 

Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

 

CFScript.gif

 

Se solicitado pressione "Enter" para iniciar o processo de remoção;

 

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt

 

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

_________________________________

 

:seta: Há ainda alguns programas desnecessários iniciando com o seu Windows, que são estes abaixo:

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

 

Para desabilitar a iniciação automática deles é só seguir as dicas '>http://dicasetutoriaisparapc.blogspot.com/2008/10/escolhendo-programas-que-iniciam-com-o.html"]daquele tutorial que tinha te passado.

________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

MV RegClean

 

Auslogics Disk Defrag

 

SpywareBlaster

 

Siga também as dicas deste tutorial:

 

Dicas para deixar seu computador mais rápido e eficiente

_______________________________

 

:seta: Depois disto poste um novo log do Hijackthis juntamente com o log que estará em C:\ComboFix.txt e nos diga como está seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Antonio,

O note melhorou muito. Sou-lhe bastante grato por tudo.

Seguem os logs:

ComboFix 10-02-16.02 - Marco 17/02/2010 10:18:45.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2038.1334 [GMT -2:00]

Executando de: C:\Documents and Settings\Marco\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Marco\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"C:\WINDOWS\isRS-000.tmp"

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 216 bytes in 2 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-17 to 2010-02-17 ))))))))))))))))))))))))))))

.

 

2010-02-12 18:23:39 . 2010-01-06 14:08:08 4726272 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\libs\cooliris190.dll

2010-02-12 18:23:38 . 2010-01-06 14:08:08 103424 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-02-12 18:23:37 . 2010-01-06 14:08:08 57856 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-02-12 18:23:37 . 2010-01-06 14:08:08 545280 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-02-12 18:23:37 . 2010-01-06 14:08:08 4725760 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2010-02-12 18:23:37 . 2010-01-06 14:08:08 344064 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-02-12 18:23:37 . 2010-01-06 14:08:08 153600 ----a-w- C:\Documents and Settings\Marina\Dados de aplicativos\Mozilla\Firefox\Profiles\n5gfcxb6.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-02-07 21:38:25 . 2010-02-07 21:38:25 -------- d-----w- C:\Documents and Settings\Marco\DoctorWeb

2010-02-07 21:30:37 . 2010-02-07 21:32:55 -------- d-----w- C:\Documents and Settings\Marco\Dados de aplicativos\QuickScan

2010-02-07 21:30:14 . 2010-01-11 19:33:00 789320 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

2010-02-07 21:30:14 . 2010-01-11 19:32:58 698184 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

2010-02-07 00:06:20 . 2010-01-06 14:08:08 4726272 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\libs\cooliris190.dll

2010-02-07 00:06:20 . 2010-01-06 14:08:08 103424 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-02-07 00:06:19 . 2010-01-06 14:08:08 57856 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-02-07 00:06:19 . 2010-01-06 14:08:08 545280 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-02-07 00:06:19 . 2010-01-06 14:08:08 4725760 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2010-02-07 00:06:19 . 2010-01-06 14:08:08 153600 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-02-07 00:06:18 . 2010-01-06 14:08:08 344064 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-02-03 21:36:10 . 2010-02-04 23:20:35 1190 ----a-w- C:\FindyKill_Upload_Me_ACER.zip

2010-02-03 21:14:11 . 2010-02-04 23:24:26 -------- d-----w- C:\FyK

2010-02-01 19:55:09 . 2009-04-03 13:18:26 130936 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys

2010-02-01 19:55:09 . 2008-12-18 14:16:56 73840 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys

2010-02-01 19:54:32 . 2010-02-01 20:03:27 -------- d-----w- C:\Arquivos de programas\Spyware Doctor

2010-01-29 20:55:53 . 2010-01-29 20:55:53 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2010-01-26 23:29:33 . 2010-02-01 20:03:27 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\PC Tools

2010-01-22 00:48:55 . 2010-01-22 00:48:55 -------- d-----w- C:\Arquivos de programas\ESET

2010-01-22 00:01:12 . 2010-02-08 01:11:27 -------- d-----w- C:\Ad-Remover

2010-01-21 23:56:47 . 2010-01-21 23:57:43 -------- d-----w- C:\LinhaDefensiva

2010-01-19 20:06:45 . 2010-01-19 20:06:45 -------- d-----w- C:\Documents and Settings\Marco\Dados de aplicativos\Malwarebytes

2010-01-19 20:06:40 . 2010-01-07 18:07:14 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-19 20:06:38 . 2010-01-19 20:06:38 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-19 20:06:37 . 2010-01-07 18:07:04 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2010-01-19 20:06:36 . 2010-01-19 20:06:44 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-15 12:34:43 . 2008-12-22 20:31:21 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-02-15 12:05:59 . 2009-03-03 19:51:49 -------- d-----w- C:\Arquivos de programas\GbPlugin

2010-02-12 19:47:47 . 2010-02-12 19:47:47 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2010-02-11 18:53:57 . 2009-03-03 18:55:01 38848 ----a-w- C:\WINDOWS\system32\avastSS.scr

2010-02-11 18:53:36 . 2009-03-03 18:54:43 153184 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2010-02-11 18:42:34 . 2009-03-03 18:55:04 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2010-02-11 18:42:13 . 2009-03-03 18:55:01 162512 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2010-02-11 18:39:01 . 2009-03-03 18:55:05 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2010-02-11 18:38:34 . 2009-03-03 18:55:01 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2010-02-11 18:38:31 . 2009-03-03 18:55:01 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2010-02-11 18:38:23 . 2009-03-03 18:55:01 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010-02-11 18:38:07 . 2009-03-03 18:55:03 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2010-02-10 23:16:45 . 2008-02-14 21:58:24 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-02-08 21:00:21 . 2001-10-28 18:07:18 84086 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-02-08 21:00:21 . 2001-10-28 18:07:18 479942 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-02-01 20:01:38 . 2008-01-30 19:02:03 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2010-01-29 20:58:53 . 2008-02-20 20:45:40 -------- d-----w- C:\Arquivos de programas\Alwil Software

2010-01-19 22:53:14 . 2009-04-02 20:58:28 -------- d-----w- C:\Arquivos de programas\Microsoft Silverlight

2010-01-16 12:12:11 . 2010-01-16 12:12:11 388096 ----a-r- C:\Documents and Settings\Marco\Dados de aplicativos\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-01-16 12:12:09 . 2010-01-16 12:12:09 -------- d-----w- C:\Arquivos de programas\TrendMicro

2010-01-16 12:06:52 . 2010-01-16 12:06:51 -------- d-----w- C:\Arquivos de programas\CCleaner

2009-12-31 16:50:03 . 2004-08-04 01:14:46 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys

2009-12-30 12:59:36 . 2009-03-03 19:51:49 30752 ----a-w- C:\WINDOWS\system32\drivers\GbpKm.sys

2009-12-29 20:09:13 . 2008-04-28 18:32:32 -------- d-----w- C:\Documents and Settings\Jandira\Dados de aplicativos\PC Suite

2009-12-29 20:09:08 . 2008-12-12 22:52:08 -------- d-----w- C:\Documents and Settings\Jandira\Dados de aplicativos\Nokia

2009-12-25 18:15:07 . 2009-12-25 18:15:07 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf

2009-12-25 18:15:02 . 2009-12-25 18:15:02 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_user_01_07_00.Wdf

2009-12-25 18:02:03 . 2009-12-25 18:02:03 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-12-25 18:02:02 . 2009-12-25 18:02:02 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-12-23 19:39:11 . 2009-12-20 02:04:30 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\AlawarWrapper

2009-12-21 19:08:00 . 2004-08-04 02:45:28 916480 ------w- C:\WINDOWS\system32\wininet.dll

2009-12-20 02:04:40 . 2009-12-20 02:04:40 -------- d-----w- C:\Documents and Settings\Marco\Dados de aplicativos\Shape games

2009-12-20 02:04:08 . 2009-12-20 02:04:08 -------- d-----w- C:\Arquivos de programas\Alawar

2009-12-17 07:41:40 . 2008-01-26 00:10:27 345600 ----a-w- C:\WINDOWS\system32\mspaint.exe

2009-12-14 07:09:23 . 2004-08-04 02:45:22 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll

2009-12-04 18:22:22 . 2004-08-04 01:15:18 455424 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys

2009-12-04 12:03:16 . 2009-12-04 12:03:16 251376 ----a-w- C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Plugins\npgoogletalk.dll

2009-11-27 17:13:11 . 2004-08-04 02:45:26 1296384 ----a-w- C:\WINDOWS\system32\quartz.dll

2009-11-27 17:13:11 . 2004-08-04 00:45:26 17920 ----a-w- C:\WINDOWS\system32\msyuv.dll

2009-11-27 16:08:45 . 2001-09-05 23:50:24 8704 ----a-w- C:\WINDOWS\system32\tsbyuv.dll

2009-11-27 16:08:44 . 2004-08-04 02:45:26 11264 ----a-w- C:\WINDOWS\system32\msrle32.dll

2009-11-27 16:08:44 . 2004-08-04 02:45:22 85504 ----a-w- C:\WINDOWS\system32\avifil32.dll

2009-11-27 16:08:44 . 2004-08-04 00:45:24 48128 ----a-w- C:\WINDOWS\system32\iyuv_32.dll

2009-11-27 16:08:44 . 2001-10-28 18:07:06 28672 ----a-w- C:\WINDOWS\system32\msvidc32.dll

2009-11-21 20:13:39 . 2009-11-21 20:13:39 95232 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe

2009-11-21 20:13:39 . 2009-11-21 20:13:39 8192 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe

2009-11-21 20:13:39 . 2009-11-21 20:13:39 61440 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-11-21 20:13:39 . 2009-11-21 20:13:39 10240 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe

2009-11-21 20:13:17 . 2009-11-21 20:14:07 33734648 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_por_br.exe

2009-11-21 15:58:49 . 2004-08-04 02:45:22 471552 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll

2008-08-01 01:09:36 . 2008-08-01 01:00:51 63530280 ----a-w- C:\Arquivos de programas\iTunesSetup.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2010-02-01_20.21.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-17 12:03:25 . 2010-02-17 12:03:25 16384 C:\WINDOWS\Temp\Perflib_Perfdata_e4.dat

+ 2001-10-28 18:07:18 . 2010-02-08 21:00:21 72180 C:\WINDOWS\system32\perfc009.dat

- 2001-10-28 18:07:18 . 2009-12-16 19:06:42 72180 C:\WINDOWS\system32\perfc009.dat

+ 2008-07-21 21:56:11 . 2010-02-15 22:29:29 84661 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-07-21 21:56:11 . 2009-10-03 20:17:53 84661 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-11-27 17:13:11 . 2009-11-27 17:13:11 17920 C:\WINDOWS\system32\dllcache\msyuv.dll

+ 2001-10-28 18:07:06 . 2009-11-27 16:08:44 28672 C:\WINDOWS\system32\dllcache\msvidc32.dll

+ 2009-11-27 16:08:44 . 2009-11-27 16:08:44 11264 C:\WINDOWS\system32\dllcache\msrle32.dll

+ 2009-11-27 16:08:44 . 2009-11-27 16:08:44 48128 C:\WINDOWS\system32\dllcache\iyuv_32.dll

+ 2009-12-14 07:09:23 . 2009-12-14 07:09:23 33280 C:\WINDOWS\system32\dllcache\csrsrv.dll

- 2009-06-10 14:14:43 . 2009-06-10 14:14:43 85504 C:\WINDOWS\system32\dllcache\avifil32.dll

+ 2009-06-10 14:14:43 . 2009-11-27 16:08:44 85504 C:\WINDOWS\system32\dllcache\avifil32.dll

- 2008-02-14 22:07:15 . 2010-01-15 18:48:39 35088 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:42 35088 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:41 18704 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 18704 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 20240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:41 20240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-11-27 17:13:11 . 2009-11-27 17:13:11 17920 C:\WINDOWS\Driver Cache\i386\msyuv.dll

+ 2009-11-27 16:08:44 . 2009-11-27 16:08:44 48128 C:\WINDOWS\Driver Cache\i386\iyuv_32.dll

+ 2009-11-27 16:08:45 . 2009-11-27 16:08:45 8704 C:\WINDOWS\system32\dllcache\tsbyuv.dll

+ 2009-11-27 16:08:45 . 2009-11-27 16:08:45 8704 C:\WINDOWS\Driver Cache\i386\tsbyuv.dll

+ 2004-08-04 02:45:28 . 2009-12-08 09:24:25 474112 C:\WINDOWS\system32\shlwapi.dll

- 2004-08-04 02:45:28 . 2008-04-14 02:20:40 474112 C:\WINDOWS\system32\shlwapi.dll

+ 2001-10-28 18:07:18 . 2010-02-08 21:00:21 443922 C:\WINDOWS\system32\perfh009.dat

- 2001-10-28 18:07:18 . 2009-12-16 19:06:43 443922 C:\WINDOWS\system32\perfh009.dat

+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32 256280 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-10-15 10:51:22 . 2009-12-31 16:50:03 353792 C:\WINDOWS\system32\dllcache\srv.sys

- 2009-01-07 21:21:34 . 2009-01-07 21:21:34 474112 C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2009-01-07 21:21:34 . 2009-12-08 09:24:25 474112 C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2009-12-17 07:41:40 . 2009-12-17 07:41:40 345600 C:\WINDOWS\system32\dllcache\mspaint.exe

+ 2008-11-12 11:05:19 . 2009-12-04 18:22:22 455424 C:\WINDOWS\system32\dllcache\mrxsmb.sys

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 888080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:41 888080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 272648 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:41 272648 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:41 922384 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 922384 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 845584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:40 845584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 217864 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:41 217864 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 184080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:40 184080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 159504 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:40 159504 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-12 11:05:19 . 2009-12-04 18:22:22 455424 C:\WINDOWS\Driver Cache\i386\mrxsmb.sys

+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32 3884312 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-05-07 05:11:33 . 2009-11-27 17:13:11 1296384 C:\WINDOWS\system32\dllcache\quartz.dll

+ 2010-01-14 23:26:08 . 2010-01-14 23:26:08 5027840 C:\WINDOWS\Installer\eda62.msp

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:40 1172240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 1172240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-02-14 22:07:15 . 2010-02-10 23:16:39 1165584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-02-14 22:07:15 . 2010-01-15 18:48:38 1165584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-02-11 12:59:03 . 2010-02-01 19:26:20 30364104 C:\WINDOWS\system32\MRT.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-11 14:01:51 198160]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 04:54:42 417792]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 01:46:24 57344]

"avast5"="C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 18:53:42 2756488]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

 

C:\Documents and Settings\Jandira\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

C:\Documents and Settings\Marina\Menu Iniciar\Programas\Inicializar\

Microsoft Office Groove.lnk - C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE [2009-2-14 337264]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-12-30 12:58:48 318240 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginIsg]

C:\ARQUIV~1\GbPlugin\gbiehisg.dll [bU]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 03:04:34 39792 ----a-w- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20:54 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-05 04:54:42 417792 ----a-w- C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-10-11 14:01:51 198160 ----a-w- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=

"C:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=

"C:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\BearShare Applications\\BearShare\\BearShare.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Documents and Settings\\Marco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"C:\\Documents and Settings\\Marco\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"C:\\Arquivos de programas\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"=

 

R0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [01/02/2010 17:55:09 130936]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [03/03/2009 16:55:01 162512]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [03/03/2009 16:55:01 19024]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [03/03/2009 17:51:48 54048]

R3 hidshim;Service for HID-KMDF Shim layer;C:\WINDOWS\system32\drivers\hidshim.sys [25/01/2008 22:39:06 5632]

R3 winbondhidcir;Winbond HID CIR Receiver;C:\WINDOWS\system32\drivers\winbondhidcir.sys [25/01/2008 22:39:06 21504]

S0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\GbpKm.sys [03/03/2009 17:51:49 30752]

S2 bsaspi32;bsaspi32; [x]

S2 gupdate1ca4a7b1977afec;Google Update Service (gupdate1ca4a7b1977afec);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [11/10/2009 11:59:48 133104]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\WINDOWS\system32\drivers\s916bus.sys [16/11/2008 19:39:01 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s916mdfl.sys [16/11/2008 19:39:01 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s916mdm.sys [16/11/2008 19:39:01 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s916mgmt.sys [16/11/2008 19:39:01 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s916obex.sys [16/11/2008 19:39:01 100008]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34:12 . 2008-07-30 15:34:12]

 

2010-02-17 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-11 13:59:48 . 2009-10-11 13:59:43]

 

2010-02-16 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-10-11 13:59:48 . 2009-10-11 13:59:43]

 

2009-12-13 C:\WINDOWS\Tasks\Limpeza de disco.job

- C:\WINDOWS\system32\cleanmgr.exe [2004-08-04 02:45:30 . 2008-04-14 02:20:51]

 

2010-02-17 C:\WINDOWS\Tasks\OGALogon.job

- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 18:07:42 . 2009-08-03 18:07:42]

 

2010-02-17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{1009E90B-BF92-450B-87B7-094EB20D4A2D}.job

- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 21:36:40 . 2009-03-08 07:31:54]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: {465BFF32-C4DB-4481-9C93-F91E283C27C4} = 200.175.182.139,200.175.5.139

FF - ProfilePath - C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\

FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1266090615&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fwa%3Dwsignin1.0&lc=1046&id=64855&mkt=pt-br|http://www.bb.com.br/portalbb/home23,116,116,1,1,1,1.bb|http://g1.globo.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1266090615&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fworkspace.office.live.com%2F&lc=1046&id=252699|http://translate.google.com/#en|http://dictionary.reference.com/

FF - component: C:\Arquivos de programas\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - component: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll

FF - component: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\Firefox\Profiles\o7mfxt4p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\plugins\npcoolirisplugin.dll

FF - plugin: C:\Documents and Settings\Marco\Dados de aplicativos\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-17 10:26:24

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1264)

C:\Arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(3972)

C:\WINDOWS\system32\WININET.dll

C:\Arquivos de programas\GbPlugin\gbieh.dll

C:\WINDOWS\system32\webcheck.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\WINDOWS\system32\PortableDeviceTypes.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-02-17 10:30:11

ComboFix-quarantined-files.txt 2010-02-17 12:30:08

ComboFix2.txt 2010-01-28 23:33:49

 

Pré-execução: 28 pasta(s) 38.393.053.184 bytes disponíveis

Pós execução: 30 pasta(s) 39.010.574.336 bytes disponíveis

 

- - End Of File - - 07E617D1F801FB41E9C43D7B15FCC8E4

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 19:16:37, on 17/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para Bluetooth - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{465BFF32-C4DB-4481-9C93-F91E283C27C4}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Arquivos de programas\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca4a7b1977afec) (gupdate1ca4a7b1977afec) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8743 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Vá em Iniciar --> Executar --> Digite (ou copie e cole) Combofix /uninstall --> Clique OK.

 

92674490.jpg

 

* Abrir-se-á a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

* Clique em Executar --> Aguarde!

* Surgirá, finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

* Caso encontre, apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

* Ou, vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

* Clique OK.

______________________________________

 

:seta: Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:

 

Tutorial do ToolsCleaner

______________________________________

 

:seta: Para evitar que os problemas voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

 

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

______________________________________

 

:seta: Foi um prazer ajudar. Conte sempre conosco!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.