[Resolvido!] Virus estranho nos navegadores deste pc

[cmax 0]

A varios dias venho notando alguns banners suspeitos em minha maquina, aparecem em todos instante basta abrir o navegador e la esta o banner.

Com muito custo consegui o nome do link e buscando no google cheguei ate o forum: http://content.yieldmanager.edgesuite.net.

 

Espero que com essas infomaçoes voces possam nos ajudar.

 

Agradeço desde ja.

 

Segue abaixo o log gerado pelo hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:06:02, on 17/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Toshiba\IVP\ISM\pinger.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Arquivos de programas\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

C:\Arquivos de programas\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\ltmoh\Ltmoh.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe

C:\Documents and Settings\cmaxsolucoes\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.17\GoogleCrashHandler.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Winamp Remote\bin\Orb.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\msdtc.exe

C:\Toshiba\IVP\ISM\ivpsvmgr.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Hijack_this\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: flvdirect - {514b8507-78a2-ecf2-1b9f-ffd597aa595d} - C:\WINDOWS\system32\Cf43_kKq.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [firewallwindows] C:\WINDOWS\system32\msnmsnmsn.exe

O4 - HKLM\..\Run: [atendimentogratis] C:\Arquivos de programas\Atendimento On-line Grátis\helpdesk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKLM\..\RunOnce: [3telefonica.BlockedAlerts] "C:\Arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" -APPKEY=telesp -WINDOWCONTEXT=telesp -URL=file://C:/Arquivos de programas/Assistente Tecnico Speedy/vendors/telefonica/content/template/driven_dev/BroadBandAsst/SB_Template/modificarRul.html

O4 - HKCU\..\Run: [LtMoh] C:\Arquivos de programas\ltmoh\Ltmoh.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LClock] C:\Arquivos de programas\LClock\LClock.exe

O4 - HKCU\..\Run: [Vista Sidebar] C:\Arquivos de programas\Vista Sidebar\sidebar.exe

O4 - HKCU\..\Run: [ViOrb] C:\Arquivos de programas\ViOrb\ViOrb.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\cmaxsolucoes\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [Orb] "C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Arquivos de programas\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O4 - Global Startup: Iniciar o Office Banking Bradesco Plus.lnk = C:\OBBPLUS\aplicacao\infra\tomcat\bin\obbplusmgr.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.flvdirect.com

O15 - ESC Trusted Zone: http://www.flvdirect.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242842724921

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{218A648A-8B26-4492-B584-462E03F90703}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{CDA62341-BE37-4E29-B0A1-250C6A1873D6}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Arquivos de programas\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 13974 bytes

[wings 22]

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[cmax 0]

*Baixe o MalwareBytes'>http://www.filehippo.com/download_malwarebytes_anti_malware/"]MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Conforme sua indicaçao segue o relatorio:

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3876

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

17/3/2010 15:08:16

mbam-log-2010-03-17 (15-08-16).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 332952

Tempo decorrido: 2 hour(s), 3 minute(s), 23 second(s)

 

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 7

Valores do Registro infectados: 1

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 5

 

Processos da Memória infectados:

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\isrj9dgw_d1q- (Adware.LoudMo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{514b8507-78a2-ecf2-1b9f-ffd597aa595d} (Adware.AdRotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{514b8507-78a2-ecf2-1b9f-ffd597aa595d} (Adware.AdRotator) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\iSrj9DgW_d1q-.exe (Adware.LoudMo) -> Quarantined and deleted successfully.

D:\dowloads\Alcohol 120% RetaiL v1.9.6.5429\crack\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Cf43_kKq.dll (Adware.AdRotator) -> Delete on reboot.

[wings 22]

1.

*Reinicie o PC

 

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

3.

*Desative temporariamente seu antivírus

 

Iniciar > Programas > AVG

Abra a Interface do usuário do AVG

Clique duas vezes na Proteção Residente

Desmarque a opção "Proteção Residente ativa"

Salve as alterações

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[cmax 0]

ComboFix 10-03-17.01 - cmaxsolucoes 17/03/2010 18:37:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3062.2425 [GMT -3:00]

Executando de: d:\dowloads\combofix\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - drivers: deleted 208 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\documents and settings\All Users\Dados de aplicativos\hpe21.dll

c:\windows\system32\AutoRun.inf

c:\windows\system32\Cache

c:\windows\system32\Logsvc.bat

c:\windows\system32\vb6ko.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-17 to 2010-03-17 ))))))))))))))))))))))))))))

.

 

2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Malwarebytes

2010-03-17 13:13 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-03-17 13:13 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 04:02 . 2010-03-17 04:06 -------- d-----w- C:\Hijack_this

2010-03-13 18:20 . 2010-03-13 17:12 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-13 17:13 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-13 17:11 . 2010-03-13 17:11 247120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-03-13 17:11 . 2010-03-13 17:11 6330848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Resources.dll

2010-03-13 17:11 . 2010-03-13 17:11 329048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-03-13 17:11 . 2010-03-13 17:11 94712 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-03-13 17:11 . 2010-03-13 17:11 17480 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll

2010-03-13 17:10 . 2010-03-13 17:10 961984 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-03-13 17:10 . 2010-03-13 17:10 835312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-03-13 17:10 . 2010-03-13 17:10 842992 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-03-13 17:10 . 2010-03-13 17:10 1593320 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-03-13 17:10 . 2010-03-13 17:10 815184 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-03-13 17:10 . 2010-03-13 17:10 1229232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-03-13 17:05 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-03-13 17:05 . 2010-03-13 17:05 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-13 17:04 . 2010-03-13 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2010-03-13 17:04 . 2010-03-13 17:05 -------- d-----w- c:\arquivos de programas\Lavasoft

2010-03-13 15:57 . 2010-03-13 15:57 -------- d-----w- c:\arquivos de programas\spybot

2010-03-10 19:43 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 14:06 . 2010-03-17 19:18 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\FileZilla

2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-03-06 20:44 . 2010-03-06 20:44 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Address Book

2010-03-06 20:39 . 2010-03-06 20:39 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\FindeXer

2010-03-06 20:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-03-06 20:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-03-06 20:31 . 2010-03-06 20:31 -------- d-----w- c:\arquivos de programas\iPod

2010-03-06 20:31 . 2010-03-06 20:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-03-06 20:31 . 2010-03-06 20:32 -------- d-----w- c:\arquivos de programas\iTunes

2010-03-06 20:30 . 2010-03-06 20:30 -------- d-----w- c:\arquivos de programas\QuickTime

2010-03-06 20:28 . 2010-03-06 20:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-03-06 20:19 . 2010-03-06 20:19 161530 ----a-w- c:\windows\BricoPackUninst.cmd

2010-03-06 20:17 . 2010-03-06 20:17 -------- d-----w- c:\arquivos de programas\RK Launcher

2010-03-06 20:17 . 2010-03-10 19:17 -------- d-----w- c:\arquivos de programas\CursorXP

2010-03-06 20:17 . 2010-03-10 19:28 -------- d-----w- c:\arquivos de programas\MacSearch_v.1.4.3

2010-03-06 20:16 . 2010-03-06 20:16 -------- d-----w- c:\arquivos de programas\iColorFolder

2010-03-06 20:14 . 2010-03-06 20:19 8206 ----a-w- c:\windows\BricoPackFoldersDelete.cmd

2010-03-06 20:13 . 2010-03-06 20:13 -------- d-----w- c:\windows\BricoPacks

2010-03-06 19:24 . 2010-03-10 19:15 -------- d-----w- c:\arquivos de programas\RocketDock

2010-02-17 20:40 . 2009-08-25 03:30 13312 ----a-w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Mozilla\Firefox\Profiles\teh6ummf.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

2010-02-17 20:35 . 2009-06-18 19:27 110592 ----a-w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Adobe\Dreamweaver 9\Configuration\JSExtensions\dmxBrowser.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-17 21:43 . 2009-09-03 20:23 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-03-16 19:16 . 2009-06-10 14:39 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Winamp

2010-03-12 12:56 . 2009-09-01 17:49 -------- d-----w- c:\arquivos de programas\Winamp Remote

2010-03-11 15:37 . 2001-10-28 11:07 530942 ----a-w- c:\windows\system32\perfh016.dat

2010-03-11 15:37 . 2001-10-28 11:07 102344 ----a-w- c:\windows\system32\perfc016.dat

2010-03-08 18:22 . 2009-08-08 03:51 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Apple Computer

2010-03-06 20:31 . 2009-05-19 14:18 -------- d-----w- c:\arquivos de programas\Bonjour

2010-02-12 14:15 . 2009-08-25 22:52 -------- d-----w- c:\arquivos de programas\Sony Ericsson

2010-02-12 14:15 . 2009-05-19 00:44 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-08 16:31 . 2010-02-08 16:31 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Motive

2010-02-08 16:31 . 2010-02-08 16:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motive

2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\arquivos de programas\Assistente Tecnico Speedy

2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\arquivos de programas\Common Files

2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\arquivos de programas\Motive

2010-02-08 16:30 . 2010-02-08 16:30 2232 ----a-w- c:\windows\java\Packages\Data\YATVBLVR.DAT

2010-02-08 16:30 . 2010-02-08 16:30 155995 ----a-w- c:\windows\java\Packages\J93HFHJN.ZIP

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\9NL357VN.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\I6FF3DBB.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\F7ZD3H3Z.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\CBRNLVN3.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\7HBDNRZT.DAT

2010-02-08 16:23 . 2010-02-08 16:23 -------- d-----w- c:\arquivos de programas\Telefonica

2010-02-05 13:28 . 2009-06-04 12:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-05 13:20 . 2009-05-28 03:06 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-28 17:27 . 2009-06-01 16:54 -------- d-----w- c:\arquivos de programas\Avanquest update

2010-01-28 13:26 . 2009-07-22 19:03 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-01-22 22:51 . 2010-01-22 22:51 72488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-01-22 14:49 . 2010-01-22 14:49 -------- d-----w- c:\arquivos de programas\CCleaner

2010-01-05 09:56 . 2004-08-03 23:45 832512 ----a-w- c:\windows\system32\Wininet.dll

2010-01-05 09:56 . 2004-08-03 23:45 78336 ------w- c:\windows\system32\ieencode.dll

2010-01-05 09:56 . 2004-08-03 23:45 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2004-08-03 22:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2007-01-05 23:07 . 2010-03-06 20:15 64000 --sha-w- c:\windows\BricoPacks\SysFiles\209_wmplayer.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 7B198D92210D9DA9D4E0DB1E4855B727 . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . FAB7B49D44ED7AA4F505F84B881C2F06 . 3191296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe

[-] 2004-08-03 . 404AF3AB8B6861D9F0088D1D81BFE8EA . 1653760 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-03 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-16 12:29 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LtMoh"="c:\arquivos de programas\ltmoh\Ltmoh.exe" [2007-01-09 191552]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

"Google Update"="c:\documents and settings\cmaxsolucoes\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

"Sony Ericsson PC Suite"="c:\arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]

"Orb"="c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\arquivos de programas\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-12-14 2043160]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 141608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"3telefonica.BlockedAlerts"="c:\arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" [2006-03-15 139264]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2010-2-8 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-16 17:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Iniciar o Office Banking Bradesco Plus.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Iniciar o Office Banking Bradesco Plus.lnk

backup=c:\windows\pss\Iniciar o Office Banking Bradesco Plus.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-04-10 17:29 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OMSI download service"=2 (0x2)

"OBBPLUS"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Lavasoft Ad-Aware Service"=2 (0x2)

"iPod Service"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\EasyPHP1-8\\mysql\\bin\\mysqld.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [3/9/2009 17:23 30504]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/3/2010 14:13 64288]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/5/2009 15:49 685816]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/5/2009 17:52 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/5/2009 17:52 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [16/8/2009 14:19 297752]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [3/9/2009 17:23 53800]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/2/2010 11:15 27632]

S2 fkihujyra;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [3/8/2004 20:45 14336]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2/11/2007 10:47 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [25/8/2009 19:53 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [25/8/2009 19:53 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [25/8/2009 19:54 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [25/8/2009 19:53 100008]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [4/2/2010 12:52 1229232]

S4 OBBPLUS;Office Banking Bradesco Plus;c:\obbplus\aplicacao\infra\tomcat\bin\obbplus.exe [20/3/2008 14:04 120184]

S4 OMSI download service;Sony Ericsson OMSI download service;c:\arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [12/2/2010 11:15 90112]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

fkihujyra

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:10]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: flvdirect.com\www

TCP: {218A648A-8B26-4492-B584-462E03F90703} = 200.204.0.10,200.204.0.138

TCP: {CDA62341-BE37-4E29-B0A1-250C6A1873D6} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Mozilla\Firefox\Profiles\teh6ummf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{73784bcd-ecfa-3b82-fe94-78ee1c5331f4}\components\Z_ZiksTjGtJE2SX.dll

FF - component: c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Mozilla\Firefox\Profiles\teh6ummf.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-LClock - c:\arquivos de programas\LClock\LClock.exe

HKCU-Run-Vista Sidebar - c:\arquivos de programas\Vista Sidebar\sidebar.exe

HKCU-Run-ViOrb - c:\arquivos de programas\ViOrb\ViOrb.exe

HKCU-Run-DriverUpdaterPro - c:\arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe

HKCU-Run-RocketDock - c:\arquivos de programas\RocketDock\RocketDock.exe

HKLM-Run-firewallwindows - c:\windows\system32\msnmsnmsn.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehCef.dll

MSConfigStartUp-atendimentogratis - c:\arquivos de programas\Atendimento On-line Grátis\helpdesk.exe

AddRemove-CVS for Dreamweaver - c:\arquivos de programas\CVS4DW\uninst.exe

 

 

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fkihujyra]

"ServiceDll"="c:\windows\system32\mivdmonl.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1108)

c:\windows\system32\cscui.dll

 

- - - - - - - > 'explorer.exe'(1988)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\arquiv~1\ASSIST~1\SMARTB~1\SBHook.dll

c:\windows\System32\cscui.dll

c:\windows\system32\msi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\toshiba\IVP\ISM\pinger.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\arquivos de programas\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\documents and settings\cmaxsolucoes\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.17\GoogleCrashHandler.exe

c:\arquivos de programas\Winamp Remote\bin\Orb.exe

c:\arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

c:\arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-03-17 18:47:29 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-17 21:47

 

Pré-execução: 14 pasta(s) 11.897.888.768 bytes disponíveis

Pós execução: 16 pasta(s) 11.994.689.536 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - D40B3765071CE26EB2C585950EFF302C

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\mivdmonl.dll

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fkihujyra]

Driver::

fkihujyra

NetSvc::

fkihujyra

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[cmax 0]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\mivdmonl.dll

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fkihujyra]

Driver::

fkihujyra

NetSvc::

fkihujyra

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

 

ComboFix 10-03-17.01 - cmaxsolucoes 18/03/2010 1:16.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3062.2577 [GMT -3:00]

Executando de: c:\documents and settings\cmaxsolucoes\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\cmaxsolucoes\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\windows\system32\mivdmonl.dll"

.

ADS - drivers: deleted 216 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FKIHUJYRA

-------\Service_fkihujyra

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-18 to 2010-03-18 ))))))))))))))))))))))))))))

.

 

2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Malwarebytes

2010-03-17 13:13 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-03-17 13:13 . 2010-03-17 13:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-03-17 13:13 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-17 04:02 . 2010-03-17 04:06 -------- d-----w- C:\Hijack_this

2010-03-13 18:20 . 2010-03-13 17:12 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-03-13 17:13 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-03-13 17:11 . 2010-03-13 17:11 247120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\SBRE.dll

2010-03-13 17:11 . 2010-03-13 17:11 6330848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Resources.dll

2010-03-13 17:11 . 2010-03-13 17:11 329048 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-03-13 17:11 . 2010-03-13 17:11 94712 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-03-13 17:11 . 2010-03-13 17:11 17480 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll

2010-03-13 17:10 . 2010-03-13 17:10 961984 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-03-13 17:10 . 2010-03-13 17:10 835312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-03-13 17:10 . 2010-03-13 17:10 842992 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-03-13 17:10 . 2010-03-13 17:10 1593320 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-03-13 17:10 . 2010-03-13 17:10 815184 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-03-13 17:10 . 2010-03-13 17:10 1229232 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-03-13 17:05 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Dados de aplicativos\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-03-13 17:05 . 2010-03-13 17:05 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-03-13 17:04 . 2010-03-13 17:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2010-03-13 17:04 . 2010-03-13 17:05 -------- d-----w- c:\arquivos de programas\Lavasoft

2010-03-13 15:57 . 2010-03-13 15:57 -------- d-----w- c:\arquivos de programas\spybot

2010-03-10 19:43 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2010-03-09 14:06 . 2010-03-17 19:18 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\FileZilla

2010-03-09 14:06 . 2010-03-09 14:06 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-03-06 20:44 . 2010-03-06 20:44 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Address Book

2010-03-06 20:39 . 2010-03-06 20:39 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\FindeXer

2010-03-06 20:32 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-03-06 20:32 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-03-06 20:31 . 2010-03-06 20:31 -------- d-----w- c:\arquivos de programas\iPod

2010-03-06 20:31 . 2010-03-06 20:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-03-06 20:31 . 2010-03-06 20:32 -------- d-----w- c:\arquivos de programas\iTunes

2010-03-06 20:30 . 2010-03-06 20:30 -------- d-----w- c:\arquivos de programas\QuickTime

2010-03-06 20:28 . 2010-03-06 20:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-03-06 20:19 . 2010-03-06 20:19 161530 ----a-w- c:\windows\BricoPackUninst.cmd

2010-03-06 20:17 . 2010-03-06 20:17 -------- d-----w- c:\arquivos de programas\RK Launcher

2010-03-06 20:17 . 2010-03-10 19:17 -------- d-----w- c:\arquivos de programas\CursorXP

2010-03-06 20:17 . 2010-03-10 19:28 -------- d-----w- c:\arquivos de programas\MacSearch_v.1.4.3

2010-03-06 20:16 . 2010-03-06 20:16 -------- d-----w- c:\arquivos de programas\iColorFolder

2010-03-06 20:14 . 2010-03-06 20:19 8206 ----a-w- c:\windows\BricoPackFoldersDelete.cmd

2010-03-06 20:13 . 2010-03-06 20:13 -------- d-----w- c:\windows\BricoPacks

2010-03-06 19:24 . 2010-03-10 19:15 -------- d-----w- c:\arquivos de programas\RocketDock

2010-02-17 20:40 . 2009-08-25 03:30 13312 ----a-w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Mozilla\Firefox\Profiles\teh6ummf.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

2010-02-17 20:35 . 2009-06-18 19:27 110592 ----a-w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Adobe\Dreamweaver 9\Configuration\JSExtensions\dmxBrowser.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-17 22:14 . 2009-06-10 14:39 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Winamp

2010-03-17 21:43 . 2009-09-03 20:23 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-03-12 12:56 . 2009-09-01 17:49 -------- d-----w- c:\arquivos de programas\Winamp Remote

2010-03-11 15:37 . 2001-10-28 11:07 530942 ----a-w- c:\windows\system32\perfh016.dat

2010-03-11 15:37 . 2001-10-28 11:07 102344 ----a-w- c:\windows\system32\perfc016.dat

2010-03-08 18:22 . 2009-08-08 03:51 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Apple Computer

2010-03-06 20:31 . 2009-05-19 14:18 -------- d-----w- c:\arquivos de programas\Bonjour

2010-02-12 14:15 . 2009-08-25 22:52 -------- d-----w- c:\arquivos de programas\Sony Ericsson

2010-02-12 14:15 . 2009-05-19 00:44 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-08 16:31 . 2010-02-08 16:31 -------- d-----w- c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Motive

2010-02-08 16:31 . 2010-02-08 16:31 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motive

2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\arquivos de programas\Assistente Tecnico Speedy

2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\arquivos de programas\Common Files

2010-02-08 16:30 . 2010-02-08 16:30 -------- d-----w- c:\arquivos de programas\Motive

2010-02-08 16:30 . 2010-02-08 16:30 2232 ----a-w- c:\windows\java\Packages\Data\YATVBLVR.DAT

2010-02-08 16:30 . 2010-02-08 16:30 155995 ----a-w- c:\windows\java\Packages\J93HFHJN.ZIP

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\9NL357VN.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\I6FF3DBB.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\F7ZD3H3Z.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\CBRNLVN3.DAT

2010-02-08 16:29 . 2010-02-08 16:29 2678 ----a-w- c:\windows\java\Packages\Data\7HBDNRZT.DAT

2010-02-08 16:23 . 2010-02-08 16:23 -------- d-----w- c:\arquivos de programas\Telefonica

2010-02-05 13:28 . 2009-06-04 12:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-02-05 13:20 . 2009-05-28 03:06 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-28 17:27 . 2009-06-01 16:54 -------- d-----w- c:\arquivos de programas\Avanquest update

2010-01-28 13:26 . 2009-07-22 19:03 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-01-22 22:51 . 2010-01-22 22:51 72488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-01-22 14:49 . 2010-01-22 14:49 -------- d-----w- c:\arquivos de programas\CCleaner

2010-01-05 09:56 . 2004-08-03 23:45 832512 ------w- c:\windows\system32\Wininet.dll

2010-01-05 09:56 . 2004-08-03 23:45 78336 ------w- c:\windows\system32\ieencode.dll

2010-01-05 09:56 . 2004-08-03 23:45 17408 ------w- c:\windows\system32\corpol.dll

2009-12-31 16:50 . 2004-08-03 22:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2007-01-05 23:07 . 2010-03-06 20:15 64000 --sha-w- c:\windows\BricoPacks\SysFiles\209_wmplayer.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 7B198D92210D9DA9D4E0DB1E4855B727 . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . FAB7B49D44ED7AA4F505F84B881C2F06 . 3191296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\VITrans\explorer.exe

[-] 2004-08-03 . 404AF3AB8B6861D9F0088D1D81BFE8EA . 1653760 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-03 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\explorer.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-03-17_21.43.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-18 04:22 . 2010-03-18 04:22 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat

+ 2009-06-02 22:20 . 2010-03-18 04:22 227456 c:\windows\system32\inetsrv\MetaBase.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-16 12:29 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-16 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LtMoh"="c:\arquivos de programas\ltmoh\Ltmoh.exe" [2007-01-09 191552]

"AlcoholAutomount"="c:\arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

"Google Update"="c:\documents and settings\cmaxsolucoes\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-08-08 133104]

"Sony Ericsson PC Suite"="c:\arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]

"Orb"="c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ITSecMng"="c:\arquivos de programas\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-12-14 2043160]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2010-01-22 141608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"3telefonica.BlockedAlerts"="c:\arquivos de programas\Assistente Tecnico Speedy\bin\AboutBrowser\MotiveBrowser.exe" [2006-03-15 139264]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2010-2-8 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

c:\arquivos de programas\GbPlugin\gbiehCef.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-16 17:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Iniciar o Office Banking Bradesco Plus.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Iniciar o Office Banking Bradesco Plus.lnk

backup=c:\windows\pss\Iniciar o Office Banking Bradesco Plus.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-04-10 17:29 37888 ----a-w- c:\arquivos de programas\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"OMSI download service"=2 (0x2)

"OBBPLUS"=2 (0x2)

"Bonjour Service"=2 (0x2)

"Lavasoft Ad-Aware Service"=2 (0x2)

"iPod Service"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\EasyPHP1-8\\mysql\\bin\\mysqld.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [3/9/2009 17:23 30504]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/3/2010 14:13 64288]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/5/2009 15:49 685816]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/5/2009 17:52 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/5/2009 17:52 108552]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [16/8/2009 14:19 297752]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [3/9/2009 17:23 53800]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/2/2010 11:15 27632]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2/11/2007 10:47 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [25/8/2009 19:53 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [25/8/2009 19:53 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [25/8/2009 19:54 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [25/8/2009 19:53 100008]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe [4/2/2010 12:52 1229232]

S4 OBBPLUS;Office Banking Bradesco Plus;c:\obbplus\aplicacao\infra\tomcat\bin\obbplus.exe [20/3/2008 14:04 120184]

S4 OMSI download service;Sony Ericsson OMSI download service;c:\arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [12/2/2010 11:15 90112]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 17:10]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: flvdirect.com\www

TCP: {218A648A-8B26-4492-B584-462E03F90703} = 200.204.0.10,200.204.0.138

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Mozilla\Firefox\Profiles\teh6ummf.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{73784bcd-ecfa-3b82-fe94-78ee1c5331f4}\components\Z_ZiksTjGtJE2SX.dll

FF - component: c:\documents and settings\cmaxsolucoes\Dados de aplicativos\Mozilla\Firefox\Profiles\teh6ummf.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 01:29

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7401E8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28

\Driver\ACPI -> ACPI.sys @ 0xb9e7dcb8

\Driver\atapi -> atapi.sys @ 0xb9df4b40

\Driver\iaStor -> 0x8a7401e8

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Intel® PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9c36bb0

PacketIndicateHandler -> NDIS.sys @ 0xb9c25a0d

SendHandler -> NDIS.sys @ 0xb9c39b40

Warning: possible MBR rootkit infection !

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1112)

c:\windows\system32\cscui.dll

 

- - - - - - - > 'explorer.exe'(2124)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\WININET.dll

c:\arquiv~1\ASSIST~1\SMARTB~1\SBHook.dll

c:\windows\System32\cscui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\agrsmsvc.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\toshiba\IVP\ISM\pinger.exe

c:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\arquiv~1\AVG\AVG8\avgrsx.exe

c:\arquiv~1\AVG\AVG8\avgnsx.exe

c:\toshiba\IVP\swupdate\swupdtmr.exe

c:\arquivos de programas\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\documents and settings\cmaxsolucoes\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.17\GoogleCrashHandler.exe

c:\arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

c:\arquivos de programas\Winamp Remote\bin\Orb.exe

c:\arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

c:\arquiv~1\Motive\ASSTCO~1\MOTIVE~1.EXE

.

**************************************************************************

.

Tempo para conclusão: 2010-03-18 01:33:34 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-18 04:33

ComboFix2.txt 2010-03-17 21:47

 

Pré-execução: 15 pasta(s) 12.026.421.248 bytes disponíveis

Pós execução: 16 pasta(s) 11.936.051.200 bytes disponíveis

 

- - End Of File - - 1E0D327AEC5AC58B74C6754C625C377B

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe o MBR e salve-o em C:\

*Clique em Iniciar > Executar > digite: c:\mbr.exe -f

*Clique OK. Caso seja perguntado, permita que o programa seja executado. Ele abrirá e fechará rapidamente.

*Duplo clique em C:\mbr.exe

*Cole o relatório criado em C:\mbr.log

[cmax 0]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

[wings 22]

OK....o PC está limpo. :)

 

 

1.

*Delete os arquivos C:\MBR.exe e C:\mbr.log

 

2.

*Baixe o ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner.exe

*Em Main selecione [select all]

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera, também, siga os procedimentos abaixo:

*Em "Firefox" ou em "Opera" clique em [select all] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique [Empty Selected] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique em [Exit] ou no [X] para sair do programa

 

3.

*Baixe e instale o CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.

 

 

Um abraço.

[cmax 0]

Wings bom dia, gostaria de lhe agradecer por sua ajuda.

Estou realmenet muito grato por tudo cara, estou aqui procurando palavras e sinceramente nao encontro, por que no mundo em que vivemos hoje fica dificil de acreditar que existam pessoas como voce, que se preocupam em ajudar as pessoas.

 

Que Deus lhe abençoe em tudo que voce for fazer, nos seus projetos e que ele tambem abençoe sua familia.

 

Agradeço novamente por tudo.

 

Ate mais,

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.