amacedo 0 Denunciar post Postado Maio 1, 2010 Olá Pessoal, Estou com um problema, que estou há dias pesquisando em vários foruns, encontrei casos muito parecidos mais não idênticos, por isso achei melhor fazer um post, gostaria muito se um guru pudesse me ajudar. O que está contecendo: C:\Windows\system32 abre sozinha na inicialização do Windows Vista O que eu já fiz: Rodei o MalwareByte AntiMalware, rodei o ComboFIX, Rodei o BankerFIX, examinei o MSCONFIG e o HijackThis, e por fim, graças e esse forum, usei o RunScaner.... A pasta continua abrindo sozinha, vou postar todos os LOGs e agradeço muito a ajuda Obrigado André LOGS: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4052 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 30/04/2010 10:50:43 mbam-log-2010-04-30 (10-50-43).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 278552 Tempo decorrido: 56 minuto(s), 20 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 1 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Runscanner logfile * = signed file - = file not found General info ------------ Computer name : DESKMALU Creation time : 01/05/2010 12:44:16 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 8.0.6001.18904 OS : Windows Vista Ultimate OS Build : 6002 OS SP : Service Pack 2 RunScanner Version : 1.9.0.9 User Language : Português (Brasil) User rights : Administrator Windows folder : C:\Windows Running processes ----------------- * C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) * C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) * C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) * C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) * C:\Windows\system32\wininit.exe (Microsoft Corporation) * C:\Windows\system32\winlogon.exe (Microsoft Corporation) * C:\Windows\system32\services.exe (Microsoft Corporation) * C:\Windows\System32\spoolsv.exe (Microsoft Corporation) * C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) * C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) * C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) * C:\Windows\system32\Dwm.exe (Microsoft Corporation) * C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) * C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) * C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) * C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) * C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) * C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) * C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) * C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) * C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) * C:\Program Files\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.) * C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) * C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) * C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) * C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) * C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation) * C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) * C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) * C:\Windows\system32\audiodg.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) * C:\Windows\system32\taskeng.exe (Microsoft Corporation) * C:\Windows\system32\taskeng.exe (Microsoft Corporation) * C:\Windows\system32\taskeng.exe (Microsoft Corporation) * C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) * C:\Windows\ehome\ehtray.exe (Microsoft Corporation) * C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) * C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) * C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) * C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) * C:\Windows\system32\lsass.exe (Microsoft Corporation) * C:\Windows\system32\rundll32.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\System32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\System32\svchost.exe (Microsoft Corporation) * C:\Windows\System32\svchost.exe (Microsoft Corporation) * C:\Windows\System32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\svchost.exe (Microsoft Corporation) * C:\Windows\system32\csrss.exe (Microsoft Corporation) * C:\Windows\system32\csrss.exe (Microsoft Corporation) * C:\Program Files\CyberLink\Shared Files\RichVideo.exe * C:\Users\Malu\Documents\Downloads\runscanner.exe (Runscanner.net) * C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) * C:\Windows\system32\SLsvc.exe (Microsoft Corporation) * C:\Windows\system32\lsm.exe (Microsoft Corporation) * C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Windows\VPro530.exe (Philips) * C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) * C:\Windows\Explorer.EXE (Microsoft Corporation) * c:\windows\System32\smss.exe (Microsoft Corporation) * C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation) * C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) * C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.) Unrated items ------------- 002 * C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe (ALWIL Software) 002 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) 002 C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) 002 * C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.) 002 * C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) 002 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe 002 C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader) 002 * C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) 002 * C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) 002 * C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) 002 * C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) 002 * C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) 003 * C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) 003 * C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) 003 * C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics) 003 * C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) 005 C:\Windows\VPro530.exe (Philips) 006 C:\Windows\VPro530.exe (Philips) 010 * C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AutoUpater Service Module) 010 * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service) 010 * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service) 010 * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service) 010 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Machine Debug Manager) 010 * C:\Program Files\CyberLink\Shared Files\RichVideo.exe (RichVideo Module) 011 * C:\Windows\system32\drivers\aswFsBlk.sys (avast! File System Access Blocking Driver) 011 * C:\Windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista) 011 * C:\Windows\system32\drivers\aswSP.sys (avast! self protection module) 011 * C:\Windows\system32\drivers\aswTdi.sys (avast! TDI Filter Driver) 011 * C:\Windows\system32\drivers\aswRdr.sys (avast! TDI RDR Driver) 011 * C:\Windows\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver) 011 C:\Windows\system32\DRIVERS\nvlddmkm.sys (nvlddmkm) 035 C:\Windows\system32\soundschemes.exe (Microsoft Corporation) {7070D8E0-650A-46b3-B03C-9497582E6A74} 035 C:\Windows\system32\soundschemes2.exe (Microsoft Corporation) {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} 041 * C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88} 052 * C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} 052 * C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670} 061 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} 073 AWC Startup.job : C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit) 100 Start Page HKCU : http://mystart.incredimail.com/ 100 Start Page HKLM : http://br.yahoo.com 105 E&xportar para o Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 105 Google Sidewiki... : res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html 173 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} 221 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} 223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} 225 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24} 225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} 225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:42:10, on 01/05/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\HiYo\Bin\HiYo.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\VPro530.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\IncrediMail\Bin\ImApp.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Users\Malu\Documents\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT O4 - Global Startup: VPro530.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9184 bytes COMBO FIX: omboFix 10-04-30.03 - Malu 01/05/2010 11:12:53.2.4 - x86 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.55.1046.18.1919.913 [GMT -3:00] Executando de: c:\users\Malu\Documents\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1368 [VPS 100131-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500 c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\BHO.dll c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\program files\Fast Browser Search\IE\FBStoolbar.dll c:\program files\Fast Browser Search\IE\fbstoolbar.jar c:\program files\Fast Browser Search\IE\fbstoolbar.manifest c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\IE3SH.exe c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWB3SH.dll c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\search_br.bmp c:\program files\Fast Browser Search\IE\search_de.bmp c:\program files\Fast Browser Search\IE\search_es.bmp c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchAssistant.dll c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\SGPSA c:\program files\SGPSA\BHO.dll c:\program files\SGPSA\ie3sh.exe c:\program files\SGPSA\mtwb3sh.dll c:\program files\SGPSA\SeARchassistant.dll c:\windows\system32\VB6KO.DLL . (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))) . 2010-05-01 14:19 . 2010-05-01 14:19 -------- d-----w- c:\users\Malu\AppData\Local\temp 2010-05-01 14:19 . 2010-05-01 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-30 10:51 . 2010-04-30 10:52 -------- d-----w- C:\LinhaDefensiva 2010-04-27 14:00 . 2010-04-27 14:00 -------- d-----w- c:\programdata\Alwil Software 2010-04-22 14:46 . 2010-04-22 14:46 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-22 14:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-04-22 14:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-04-22 14:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-04-22 14:41 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2010-04-22 14:41 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2010-04-22 14:41 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2010-04-22 14:41 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2010-04-22 14:41 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2010-04-22 14:41 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2010-04-22 14:41 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2010-04-22 14:41 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2010-04-22 14:41 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2010-04-22 14:41 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll 2010-04-22 14:41 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2010-04-22 14:41 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2010-04-22 14:40 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-04-22 14:40 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-04-22 14:40 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-04-21 22:46 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-04-21 22:46 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-04-21 22:46 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-04-21 14:41 . 2010-04-21 14:41 -------- d-----w- c:\windows\system32\ca-ES 2010-04-21 14:41 . 2010-04-21 14:41 -------- d-----w- c:\windows\system32\eu-ES 2010-04-21 14:41 . 2010-04-21 14:41 -------- d-----w- c:\windows\system32\vi-VN 2010-04-19 22:03 . 2010-04-19 22:03 -------- d-----w- c:\programdata\Philips 2010-04-19 22:01 . 2008-05-07 14:40 88704 ----a-w- c:\windows\system32\drivers\phaudlwr.sys 2010-04-19 22:01 . 2008-04-07 18:05 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2010-04-19 22:00 . 2010-04-19 22:01 -------- d-----w- c:\program files\DIFX 2010-04-19 21:57 . 2008-05-21 17:30 7680 ----a-w- c:\windows\system32\drivers\SPC530m.sys 2010-04-19 21:57 . 2008-05-21 17:30 486912 ----a-w- c:\windows\system32\drivers\SPC530.sys 2010-04-19 21:57 . 2010-04-19 22:03 -------- d-----w- c:\program files\Philips 2010-04-19 21:57 . 2008-02-15 14:49 155648 ----a-w- c:\windows\VPro530.exe 2010-04-19 21:57 . 2010-04-19 21:57 -------- d-----w- c:\program files\Common Files\SPC530NC 2010-04-19 21:57 . 2010-04-19 21:57 -------- d-----w- c:\windows\Philips 2010-04-18 23:45 . 2010-04-18 23:45 -------- d-----w- c:\windows\system32\EventProviders 2010-04-18 22:22 . 2010-04-26 12:30 -------- d-----w- c:\users\Malu\AppData\Roaming\skypePM 2010-04-18 22:20 . 2010-04-27 12:31 -------- d-----w- c:\users\Malu\AppData\Roaming\Skype 2010-04-18 22:20 . 2010-04-18 22:20 -------- d-----w- c:\program files\Common Files\Skype 2010-04-18 22:20 . 2010-04-18 22:20 -------- d-----r- c:\program files\Skype 2010-04-18 22:19 . 2010-04-18 22:20 -------- d-----w- c:\programdata\Skype 2010-04-14 21:36 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 21:36 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 21:36 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 21:36 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 21:36 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 21:36 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 21:36 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-14 21:36 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-14 21:36 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-13 22:54 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-13 22:54 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-12 20:48 . 2010-04-12 20:48 -------- d-----w- c:\programdata\Elaborate Bytes 2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- c:\program files\QuickTime . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 14:03 . 2009-12-03 17:46 634004 ----a-w- c:\windows\system32\prfh0416.dat 2010-05-01 14:03 . 2009-12-03 17:46 121690 ----a-w- c:\windows\system32\prfc0416.dat 2010-04-30 10:50 . 2009-12-04 10:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-30 10:49 . 2009-12-04 10:02 6153352 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-30 10:42 . 2009-12-04 09:48 -------- d-----w- c:\program files\CCleaner 2010-04-29 18:39 . 2009-12-04 10:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 18:39 . 2009-12-04 10:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 14:03 . 2009-12-03 08:28 -------- d-----w- c:\program files\Alwil Software 2010-04-22 14:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-22 14:46 . 2010-04-22 14:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-21 14:47 . 2009-12-03 22:06 -------- d-----w- c:\programdata\NVIDIA 2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar 2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar 2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery 2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal 2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration 2010-04-21 14:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender 2010-04-19 22:11 . 2010-04-19 22:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf 2010-04-19 21:56 . 2009-12-03 21:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-18 22:22 . 2010-04-18 22:22 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-04-18 22:21 . 2009-12-03 08:28 -------- d-----w- c:\program files\Google 2010-04-15 06:05 . 2009-12-03 21:35 -------- d-----w- c:\programdata\Microsoft Help 2010-04-14 16:47 . 2009-12-03 08:28 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-14 16:47 . 2009-12-03 08:28 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-04-14 16:35 . 2009-12-03 08:28 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-04-14 16:35 . 2009-12-03 08:28 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-04-14 16:31 . 2009-12-03 08:28 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-04-14 16:31 . 2009-12-03 08:28 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-04-14 16:31 . 2009-12-03 08:28 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-04-12 20:48 . 2009-12-04 10:29 24 --sh--w- c:\windows\S2E04EC49.tmp 2010-04-12 20:29 . 2010-04-12 20:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-03-22 23:19 . 2010-03-22 23:19 623488 ----a-w- c:\users\Malu\AppData\Roaming\HiYo\Data\hiyo_install.exe 2010-03-02 11:27 . 2009-12-04 10:25 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-26 03:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-02-26 03:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-02-24 13:16 . 2009-12-03 03:50 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-24 06:21 . 2009-12-03 02:07 102120 ----a-w- c:\users\Malu\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-23 06:39 . 2010-04-01 09:46 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-04-01 09:46 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-04-01 09:46 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-04-01 09:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-10 14:10 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-10 14:10 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-10 14:10 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-05 22:27 . 2009-12-04 10:26 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-05 22:27 . 2009-12-04 10:25 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-05 22:27 . 2009-12-04 10:25 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-04-27 353736] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216] "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-18 39408] "Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-01-06 230768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPro530.lnk - c:\windows\VPro530.exe [2010-4-19 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-01-21 16:08 13683232 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-01-21 16:08 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(B):b3,cc,55,7d,61,e1,ca,01 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 133104] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328] R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704] R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [2008-05-21 486912] R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [2008-05-21 7680] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 19:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}] 2008-08-28 12:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe . Conteúdo da pasta 'Tarefas Agendadas' 2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27] 2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27] 2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27] 2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27] 2010-05-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27] 2010-05-01 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-04 17:54] 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 08:28] 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 08:28] 2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{6541D2C4-D2E6-43E7-8B0D-A3E34E83C3DE}.job - c:\windows\system32\msfeedssync.exe [2010-04-01 04:54] . . ------- Scan Suplementar ------- . uStart Page = hxxp://mystart.incredimail.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://br.yahoo.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll FF - ProfilePath - c:\users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\b7erqc6h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://br.search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search= FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - BHO-{B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - (no file) BHO-{D5D33A26-F043-4808-B335-6B10630E04F8} - (no file) HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-01 11:19 Windows 6.0.6002 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run FBSSA = c:\program files\SGPSA\ie3sh.exe?O.dll???????F"?"???c:\program files\SGPSA\mtwb3sh.dll?7 ??????????? Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2010-05-01 11:21:57 ComboFix-quarantined-files.txt 2010-05-01 14:21 Pré-execução: 457.933.611.008 bytes disponíveis Pós execução: 457.861.812.224 bytes disponíveis Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 901125EA9F7D72370F0FDC51947DB283 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 7, 2010 Boa Tarde! amacedo <!> Desinstale: C:\Program Files\IObit\Advanced SystemCare 3 000000000000000000000 ooooooooooooooooooooo <@> Baixe: < OTL > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Clique duplo em: < > <@> Ps: Sigamos,agora,com sua configuração! 1 - Em "Saída",deixe marcado o botão "Resumida". 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit! 3 - Processos: Usar SafeList <-- Marque! 4 - Módulos: Usar SafeList <-- Marque! 5 - Serviços: Usar SafeList <-- Marque! 6 - Drivers: Usar SafeList <-- Marque! 7 - Exame Padrão do Registro: Usar SafeList <-- Marque! 8 - Exame Extra do Registro: Usar SafeList <-- Marque! 9 - Verificação de Arquivos: <!> Data de Criação >> Escolha: 14 dias <!> Marque: Usar WhiteList para Nomes de Companhias <!> Marque: Ignorar Arquivos Microsoft 10 - Arquivos Criados Desde: <!> Marque: Data de Criação 11 - Arquivos Modificados Desde: <!> Marque: Data de Criação <!> Marque as caixas: [] Verificar Lop [] Verificar Purity <@> Ps: Sugiro que imprima estas orientações,para posterior leitura. netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\cngaudit.dll /s /md5%SYSTEMDRIVE%\sceclt.dll /s /md5%SYSTEMDRIVE%\ntelogon.dll /s /md5%SYSTEMDRIVE%\logevent.dll /s /md5%SYSTEMDRIVE%\iaStor.sys /s /md5%SYSTEMDRIVE%\nvstor.sys /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5 <@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções <@> Clique em: Verificar --> Aguarde! <@> Concluindo,poste: <1> OTL.txt <-- <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 10, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
