[Resolvido!] Suspeita de contaminação por cavalo de troia

Manain · Março 20, 2010

Ola Boa tarde.

Antivirus Mcafee limpou varios cavalo de troia, porem suspeito de que alguma coisa não esta correto, pois o Internet Explorer trava, e o mozilla firefox funciona normalmente. Ao ligar a maquina algums vezes tem que acessar a tecla F1.

Log gerado para analise.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:47, on 20/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\folhawin\atualizador\atualizador.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPUsageTracking] C:\Arquivos de programas\HP\HP UT\bin\hppusg.exe "C:\Arquivos de programas\HP\HP UT\"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\herss.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Atualizador Automatico - Folhamatic.lnk = C:\folhawin\atualizador\atualizador.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9C9AC92C-5DDC-4BF1-B2A5-A36A9691EBB4} (BrowserPrint.clsWebPrint) - http://sistemas.anatel.gov.br/Apoio_Sitarweb/Includes/Impressao/BrowserPrint.CAB

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--

End of file - 10770 bytes

Power Max · Março 20, 2010

:) Olá Manain!

:seta: Siga, por gentileza, as dicas deste tutorial:

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-usbfix.html"]Tutorial do USBFix

O log do Usbfix estará em C:\UsbFix.txt

__________________________________

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log que estará em C:\UsbFix.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

Ficamos no aguardo.

Manain · Março 23, 2010

Bom dia

Durante a execução do ComboFix apresentou uma mensagen de que era necessario checar acesso a internet, foi confirmado, (antes da execução da recuperação do console), iniciou um download e deu erro, porem o ComboFix continuou a efetuar a trabalhar. A maquina reiniciou com este erro:

Programa Error

Allowed do nesting or expression evaluntion leel exceeded .

Lfunção ins not objet

Ignore repet cancel

foi utilizado o comando ignore, o combofix continuou trabalhando e gerou o log abaixo.

ComboFix 10-03-22.03 - Administrador 23/03/2010 7:33.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1247.840 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\desktop\combofix.exe

Comandos utilizados :: /killall

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 266 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\GbPlugin\gbiehcef.dll

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon

c:\documents and settings\Administrador\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\system32\kernel.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-23 to 2010-03-23 ))))))))))))))))))))))))))))

.

2010-03-23 10:31 . 2010-03-23 10:32 -------- d-----w- C:\32788R22FWJFW

2010-03-23 10:17 . 2010-03-23 10:17 184462 ----a-w- C:\UsbFix_Upload_Me_SERVIDORLOG.zip

2010-03-22 01:12 . 2010-03-23 10:17 -------- d-----w- C:\UsbFix

2010-03-19 16:58 . 2010-03-19 17:14 118898 ----a-w- c:\windows\hpoins11.dat

2010-03-19 13:51 . 2010-03-19 14:09 -------- d-----w- c:\arquivos de programas\Cursos RFB

2010-03-18 11:48 . 2009-09-18 19:56 57344 ----a-w- c:\windows\signet32.dll

2010-03-18 11:48 . 2010-03-18 12:11 -------- d-----w- c:\arquivos de programas\CNPJ2010

2010-03-15 11:30 . 2009-03-09 19:44 1445888 ----a-w- c:\windows\system32\chilkatftp2.dll

2010-03-15 10:53 . 2009-11-30 13:52 466211 ------w- C:\desinsta.exe

2010-03-15 10:30 . 2010-03-22 16:20 -------- d-----w- C:\folhawin

2010-03-15 10:24 . 2010-03-16 19:52 -------- d-----w- C:\GDRais2009

2010-03-15 10:24 . 2004-08-30 12:24 139264 ----a-w- c:\windows\system32\Hlsoft32.dll

2010-03-15 10:24 . 2004-08-30 12:24 76800 ----a-w- c:\windows\system32\Hl_enc32.dll

2010-03-15 10:24 . 2004-08-30 12:24 31744 ----a-w- c:\windows\system32\Hl_med32.dll

2010-03-15 10:23 . 2008-01-14 11:37 61440 ----a-w- c:\windows\system32\RaisVal.dll

2010-03-15 10:23 . 2004-08-30 12:30 40960 ----a-w- c:\windows\system32\PKWIN32.DLL

2010-03-15 10:23 . 2004-08-30 12:30 20480 ----a-w- c:\windows\system32\selar32.dll

2010-03-15 10:23 . 2004-12-27 16:38 49152 ----a-w- c:\windows\system32\INETWH32.dll

2010-03-15 10:23 . 2010-03-15 10:23 -------- d-----w- C:\RaisNet2009

2010-03-10 12:19 . 2008-04-28 09:14 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL

2010-03-06 20:29 . 2010-03-06 20:29 -------- d-----w- c:\windows\system32\XPSViewer

2010-03-06 20:29 . 2010-03-06 20:29 -------- d-----w- c:\arquivos de programas\MSBuild

2010-03-06 20:28 . 2010-03-06 20:28 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-03-06 20:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-03-06 20:28 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-03-06 20:28 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-03-06 20:28 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-03-06 20:28 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-03-06 20:28 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-03-06 20:28 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-03-06 20:28 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-03-06 20:28 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-03-06 20:28 . 2010-03-06 20:28 -------- d-----w- C:\d5f39facdf29ca8536756db8f794

2010-03-06 20:21 . 2010-03-06 20:21 -------- d-----w- c:\arquivos de programas\MSXML 6.0

2010-03-04 10:55 . 2010-03-04 10:55 -------- d-----w- c:\windows\ServicePackFiles

2010-03-04 10:50 . 2010-03-04 10:50 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2010-03-03 12:04 . 2010-03-03 13:11 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-03-03 11:29 . 2008-06-14 17:59 272384 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-03-03 11:29 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-03-03 11:04 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-03-03 10:52 . 2009-12-09 10:27 2140160 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-03-03 10:52 . 2009-12-09 10:27 2061952 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-03-03 10:52 . 2009-12-09 10:27 2184576 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2010-03-03 10:52 . 2009-12-09 10:26 2019840 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-02-27 14:01 . 2009-11-04 19:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-02-27 14:01 . 2009-11-04 19:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2010-02-27 14:01 . 2009-11-04 19:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-02-27 14:01 . 2009-07-16 15:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2010-02-27 14:01 . 2010-02-27 14:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\McAfee

2010-02-27 14:01 . 2010-02-27 14:01 -------- d-----w- c:\arquivos de programas\McAfee.com

2010-02-27 14:01 . 2010-03-03 10:31 -------- d-----w- c:\arquivos de programas\McAfee

2010-02-26 11:09 . 2010-03-18 12:08 -------- d-----w- C:\Recnet

2010-02-22 20:15 . 2010-02-22 20:15 -------- d-----w- c:\windows\Sun

2010-02-22 10:20 . 2009-11-04 19:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-23 10:43 . 2009-02-20 10:33 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-03-18 21:53 . 2009-07-22 11:26 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2010-03-18 11:05 . 2009-07-22 11:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-03-13 18:53 . 2009-02-25 12:49 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-03-11 18:22 . 2009-03-06 10:51 69632 ----a-w- c:\windows\system32\MSJCE.dll

2010-03-08 20:04 . 2001-10-28 18:07 83728 ----a-w- c:\windows\system32\perfc016.dat

2010-03-08 20:04 . 2001-10-28 18:07 479790 ----a-w- c:\windows\system32\perfh016.dat

2010-03-05 10:08 . 2009-04-17 16:41 -------- d--h--w- c:\arquivos de programas\Avago-HP

2010-03-04 14:15 . 2009-02-20 08:53 -------- d-----w- c:\arquivos de programas\HP

2010-02-27 14:50 . 2010-01-13 10:17 -------- d-----w- c:\arquivos de programas\Cirle Developement

2010-02-27 14:08 . 2009-11-11 13:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee

2010-02-25 20:37 . 2009-05-05 11:47 -------- d-----w- c:\arquivos de programas\SEFAZ

2010-02-25 20:37 . 2009-02-18 16:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-02-19 18:28 . 2009-02-18 11:05 90112 ----a-w- c:\windows\DUMP3c9b.tmp

2010-02-19 18:16 . 2009-02-18 11:05 90112 ----a-w- c:\windows\DUMP4df1.tmp

2010-02-13 13:17 . 2009-10-11 15:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Software Informer

2010-02-13 13:15 . 2010-01-28 11:33 -------- d-----w- c:\arquivos de programas\Agenda Telefonica (SIC) 4.5

2010-02-13 12:27 . 2010-02-13 12:27 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony

2010-02-13 12:07 . 2010-02-13 12:06 23510720 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe

2010-02-13 12:06 . 2010-02-13 12:05 2585872 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sony Setup\CF356349-4782-4F9D-AE42-7E3C6AD74B9C\WindowsInstaller-KB893803-v2-x86.exe

2010-02-13 12:06 . 2010-02-13 12:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony Setup

2010-02-13 12:05 . 2010-02-13 12:05 -------- d-----w- c:\arquivos de programas\Sony Setup

2010-02-11 22:01 . 2010-02-11 22:01 54624 ----a-w- c:\windows\system32\52e4D.sys

2010-02-11 21:48 . 2010-02-11 21:48 128352 ----a-w- c:\windows\system32\e4939.dll

2010-02-10 10:35 . 2009-06-19 20:59 -------- d-----w- c:\arquivos de programas\Google

2010-02-07 19:20 . 2009-02-18 16:08 -------- d-----w- c:\arquivos de programas\Discador itelefonica

2010-02-06 21:14 . 2010-02-06 21:14 -------- d-----w- c:\arquivos de programas\Motive

2010-02-06 21:14 . 2010-02-06 21:14 -------- d-----w- c:\arquivos de programas\Assistente Tecnico Speedy

2010-02-06 21:14 . 2010-02-06 21:14 2232 ----a-w- c:\windows\Java\Packages\Data\RJL7N7NL.DAT

2010-02-06 21:14 . 2010-02-06 21:14 155995 ----a-w- c:\windows\Java\Packages\LBRHJDJX.ZIP

2010-02-06 21:14 . 2010-02-06 21:14 2678 ----a-w- c:\windows\Java\Packages\Data\QSVVZTBT.DAT

2010-02-06 21:14 . 2010-02-06 21:14 2678 ----a-w- c:\windows\Java\Packages\Data\ZFXNPV1B.DAT

2010-02-06 21:14 . 2010-02-06 21:14 2678 ----a-w- c:\windows\Java\Packages\Data\IPRBDRVT.DAT

2010-02-06 21:14 . 2010-02-06 21:14 2678 ----a-w- c:\windows\Java\Packages\Data\FNVVH35F.DAT

2010-02-06 21:14 . 2010-02-06 21:14 2678 ----a-w- c:\windows\Java\Packages\Data\2MQA2APZ.DAT

2010-02-03 10:19 . 2009-02-18 16:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-02-02 14:42 . 2009-10-11 15:58 -------- d-----w- c:\arquivos de programas\Free Download Manager

2010-01-28 18:08 . 2009-02-20 10:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-01-26 16:48 . 2009-06-03 18:01 -------- d-----w- c:\arquivos de programas\CNPJ2009

2010-01-12 05:29 . 2010-01-12 05:29 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-12 05:28 . 2010-01-12 05:28 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-05 21:04 . 2010-01-05 21:04 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-01-05 09:56 . 2004-08-04 03:45 832512 ----a-w- c:\windows\system32\wininet.dll

2010-01-05 09:56 . 2009-06-03 20:54 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-01-05 09:56 . 2004-08-04 03:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-12-31 16:14 . 2004-08-04 02:14 352640 ----a-w- c:\windows\system32\drivers\srv.sys

2007-06-28 13:33 . 2010-03-19 14:09 12034 ----a-w- c:\arquivos de programas\formatacao.css

2007-06-28 13:22 . 2010-03-19 14:09 4529 ----a-w- c:\arquivos de programas\ie-hack.css

2007-06-27 19:33 . 2010-03-19 14:09 604 ----a-w- c:\arquivos de programas\inicio.htm

2007-06-22 12:34 . 2010-03-19 14:09 3325 ----a-w- c:\arquivos de programas\topo.htm

2007-06-20 14:13 . 2010-03-19 14:09 6303 ----a-w- c:\arquivos de programas\comportamento.js

2007-06-14 23:11 . 2010-03-19 14:09 332 ----a-w- c:\arquivos de programas\flash_abertura.asp.htm

2007-06-12 23:02 . 2010-03-19 14:09 5120 ----a-w- c:\arquivos de programas\Thumbs.db

2001-03-06 07:49 . 2010-03-19 14:09 49 ----a-w- c:\arquivos de programas\blank.gif

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2009-02-18 577536]

"SiSPower"="SiSPower.dll" [2009-02-18 53248]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"PCTVOICE"="pctspk.exe" [2003-01-07 176128]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]

"nwiz"="nwiz.exe" [2007-04-19 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"HPUsageTracking"="c:\arquivos de programas\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"mcagent_exe"="c:\arquivos de programas\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Atualizador Automatico - Folhamatic.lnk - c:\folhawin\atualizador\atualizador.exe [2010-3-15 1398572]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-2-18 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"\\\\Kelow\\C\\folhawin\\folha\\folha.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\MNA\\McNASvc.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/02/2009 07:35 30504]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/02/2009 12:25 53800]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquiv~1\mcafee\SITEAD~1\mcsacore.exe [27/02/2010 11:05 93320]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/02/2010 07:36 135664]

S3 52e4D;52e4D;c:\windows\system32\52e4D.sys [11/02/2010 19:01 54624]

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [18/02/2009 14:34 185344]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-10 10:35]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-10 10:35]

2010-02-27 c:\windows\Tasks\McDefragTask.job

- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-02-27 15:22]

2010-03-01 c:\windows\Tasks\McQcTask.job

- c:\arquiv~1\mcafee\mqc\QcConsol.exe [2010-02-27 15:22]

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{267C6F5B-0A40-422E-8909-3ED218C8A417}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 21:36]

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {9C9AC92C-5DDC-4BF1-B2A5-A36A9691EBB4} - hxxp://sistemas.anatel.gov.br/Apoio_Sitarweb/Includes/Impressao/BrowserPrint.CAB

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\9yxusbhc.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - component: c:\arquivos de programas\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehcef.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-23 07:45

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2344)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquiv~1\McAfee\MSC\mcmscsvc.exe

c:\arquiv~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\arquiv~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

c:\arquiv~1\McAfee\VIRUSS~1\mcshield.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\McAfee\MPF\MPFSrv.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquiv~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\wscntfy.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\pctspk.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-23 07:52:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-23 10:52

Pré-execução: 23 pasta(s) 67.341.381.632 bytes disponíveis

Pós execução: 27 pasta(s) 67.649.454.080 bytes disponíveis

- - End Of File - - 93073AAD6854F05C1A22C46D2C60B4C7

Segue Log USBfix

############################## | UsbFix V6.100 |

User : Administrador (Administradores) # SERVIDORLOG

Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8

Start at: 07:10:36 | 23/03/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

AMD Athlon XP

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 7.0.5730.13

Windows Firewall Status : Enabled

AV : McAfee VirusScan [ (!) Disabled | Updated ]

FW : McAfee Personal Firewall[ Enabled ]

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 74,52 Go (62,77 Go free) # NTFS

D:\ -> Disco fixo local # 37,26 Go (14,6 Go free) # NTFS

E:\ -> Disco CD-ROM

F:\ -> Disco removível # 7,44 Go (4,8 Go free) [KINGSTON] # FAT32

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-1659004503-1770027372-1801674531-500

Supprimido ! D:\Recycler\S-1-5-21-1659004503-1770027372-1801674531-500

F:\autorun.inf -> ficheiro chamado : "F:\fk.exe" ( Ausente ! )

Supprimido ! F:\autorun.inf

Supprimido ! F:\bveijo.exe

Supprimido ! F:\k1d.exe

################## | Registro |

################## | Mountpoints2 |

################## | Listing |

[18/02/2009 11:24|--a------|0] C:\AUTOEXEC.001

[22/02/2010 07:25|--a------|2] C:\AUTOEXEC.BAT

[18/02/2009 11:17|--ahs----|211] C:\boot.ini

[28/10/2001 15:06|-rahs----|4952] C:\Bootfont.bin

[14/10/2009 13:42|--a------|24064] C:\CLIQUE AQUI.doc

[14/10/2009 14:24|--a------|3718] C:\CLIQUE AQUI.htm

[18/02/2009 11:24|--a------|0] C:\CONFIG.001

[03/06/2009 15:01|--a------|3031] C:\CONFIG.002

[16/11/2009 08:55|--a------|3031] C:\CONFIG.003

[18/03/2010 08:48|--a------|2982] C:\CONFIG.SYS

[30/11/2009 10:52|---------|466211] C:\desinsta.exe

[21/06/2009 08:34|--a------|11372696] C:\DX80brz.exe

[18/02/2009 11:24|-rahs----|0] C:\IO.SYS

[18/02/2009 11:24|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM

[03/08/2004 22:59|-rahs----|251168] C:\ntldr

[?|?|?] C:\pagefile.sys

[18/03/2010 14:58|--a------|13030] C:\PDOXUSRS.NET

[18/02/2009 13:50|--a------|3153920] C:\secsetup.sdb

[23/03/2010 07:17|--a------|2204] C:\UsbFix.txt

[22/03/2010 07:49|--a------|3994] C:\UsbFix_Upload_Me_SERVIDORLOG.zip

[18/02/2010 11:13|-rahs----|0] D:\khp

[21/01/2010 12:38|--ah-----|114] F:\.~lock.NOVO.docx#

[29/01/2010 08:34|--ah-----|116] F:\.~lock.poderes para procura‡Æo2.odt#

[13/02/2010 20:00|--ah-----|116] F:\.~lock.Cerimonia Casamento.odt#

[04/08/2004 12:38|-rahs----|672354] F:\tgutpq.exe

################## | Vaccinação |

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# D:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# F:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | Upload |

Favor enviar o arquivo : C:\UsbFix_Upload_Me_SERVIDORLOG.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

################## | ! Fim do relatório # UsbFix V6.100 ! |

Power Max · Março 23, 2010

:) Vários problemas foram removidos do seu Pc.

____________________________

:seta: Siga, por gentileza, as dicas dos tutoriais abaixo:

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

Tutorial do Norman Malware Cleaner

______________________________

:seta: Na sua próxima resposta poste o log do Malwarebytes juntamente com um novo log do Hijackthis e o log do Norman Malware Cleaner e nos diga como está o seu PC após estes procedimentos.

Ficamos no aguardo.

Manain · Março 24, 2010

Apos toda estas operações ja consigo navegar através no Internet Explorer e a maquina ganhou mais velocidade. Esta tudo OK.

Segue Log do Norman Malware Cleaner

Norman Malware Cleaner

Version 1.6.2

Norman Scanner Engine Version: 6.04.08

Nvcbin.def Version: 6.04.00, Date: 2010/03/22 20:25:13, Variants: 5779955

Scan started: 23/03/2010 16:33:21

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: SERVIDORLOG\Administrador

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning bootsectors...

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

Scanning running processes and process memory...

Number of processes/threads found: 4847

Number of processes/threads scanned: 4847

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 4m 16s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Ardamax.LSM)

Deleted file

C:\Documents and Settings\Administrador\Desktop\combofix.exe (Error opening file: Not found)

C:\UsbFix\Quarantine\F\bveijo.exe.UsbFix (Error opening file: Not found)

C:\UsbFix_Upload_Me_SERVIDORLOG.zip/UsbFix_Upload_Me/bveijo.exe.UsbFix (Infected with W32/Frethog.AB)

Deleted file

C:\UsbFix_Upload_Me_SERVIDORLOG.zip/UsbFix_Upload_Me/k1d.exe.UsbFix (Infected with W32/Zbot.PLG)

Deleted file

Scanning: D:\*.*

D:\Log_fev09\Unidade E\Escritorio\Download\discador.exe (Infected with Suspicious_Gen2.QNCN)

Deleted file

D:\Log_fev09\Unidade E\hdsuelene\Meus documentos\ipchanger8.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

D:\System Volume Information\_restore{83DF3B9C-789B-4945-A0CC-2841F3209D4A}\RP360\A0068441.exe (Infected with Suspicious_Gen2.QNCN)

Deleted file

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 355884

Number of archives unpacked: 3403

Number of files scanned: 355880

Number of files not scanned: 4

Number of files skipped due to exclude list: 0

Number of infected files found: 5

Number of infected files repaired/deleted: 5

Number of infections removed: 5

Total scanning time: 3h 5m 52s

Segue Log do Malwarebytes - Anti Malware

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3905

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 7.0.5730.13

23/03/2010 16:25:25

mbam-log-2010-03-23 (16-25-25).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 263199

Tempo decorrido: 1 hour(s), 35 minute(s), 55 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 3

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Arquivos de programas\Programas RFB\IRPF2008windows\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Arquivos de programas\Programas SRF\IRPF2007\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\UsbFix\Quarantine\F\k1d.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Segue novo Log do Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54:30, on 23/03/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\ARQUIV~1\mcafee\SITEAD~1\mcsacore.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\pctspk.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\folhawin\atualizador\atualizador.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/