Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

amacedo

[Arquivado] C:\Windows\system32 abrindo sozinha ao inic

Recommended Posts

Olá Pessoal,

 

Estou com um problema, que estou há dias pesquisando em vários foruns, encontrei casos muito parecidos mais não idênticos, por isso achei melhor fazer um post, gostaria muito se um guru pudesse me ajudar.

 

O que está contecendo: C:\Windows\system32 abre sozinha na inicialização do Windows Vista

 

O que eu já fiz: Rodei o MalwareByte AntiMalware, rodei o ComboFIX, Rodei o BankerFIX, examinei o MSCONFIG e o HijackThis, e por fim, graças e esse forum, usei o RunScaner....

 

A pasta continua abrindo sozinha, vou postar todos os LOGs e agradeço muito a ajuda

 

Obrigado

 

André

 

LOGS:

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4052

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

 

30/04/2010 10:50:43

mbam-log-2010-04-30 (10-50-43).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 278552

Tempo decorrido: 56 minuto(s), 20 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

 

 

 

Runscanner logfile

 

* = signed file

- = file not found

 

General info

------------

Computer name : DESKMALU

Creation time : 01/05/2010 12:44:16

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 8.0.6001.18904

OS : Windows Vista Ultimate

OS Build : 6002

OS SP : Service Pack 2

RunScanner Version : 1.9.0.9

User Language : Português (Brasil)

User rights : Administrator

Windows folder : C:\Windows

 

Running processes

-----------------

* C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

* C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

* C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

* C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

* C:\Windows\system32\wininit.exe (Microsoft Corporation)

* C:\Windows\system32\winlogon.exe (Microsoft Corporation)

* C:\Windows\system32\services.exe (Microsoft Corporation)

* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)

* C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

* C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

* C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

* C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)

* C:\Windows\system32\Dwm.exe (Microsoft Corporation)

* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

* C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

* C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

* C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

* C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)

* C:\Program Files\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.)

* C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)

* C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

* C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)

* C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)

* C:\Windows\system32\SearchIndexer.exe (Microsoft Corporation)

* C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

* C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

* C:\Windows\system32\audiodg.exe (Microsoft Corporation)

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)

* C:\Windows\system32\taskeng.exe (Microsoft Corporation)

* C:\Windows\system32\taskeng.exe (Microsoft Corporation)

* C:\Windows\system32\taskeng.exe (Microsoft Corporation)

* C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)

* C:\Windows\ehome\ehtray.exe (Microsoft Corporation)

* C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

* C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation)

* C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

* C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

* C:\Windows\system32\lsass.exe (Microsoft Corporation)

* C:\Windows\system32\rundll32.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\svchost.exe (Microsoft Corporation)

* C:\Windows\system32\csrss.exe (Microsoft Corporation)

* C:\Windows\system32\csrss.exe (Microsoft Corporation)

* C:\Program Files\CyberLink\Shared Files\RichVideo.exe

* C:\Users\Malu\Documents\Downloads\runscanner.exe (Runscanner.net)

* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

* C:\Windows\system32\SLsvc.exe (Microsoft Corporation)

* C:\Windows\system32\lsm.exe (Microsoft Corporation)

* C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)

C:\Windows\VPro530.exe (Philips)

* C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

* C:\Windows\Explorer.EXE (Microsoft Corporation)

* c:\windows\System32\smss.exe (Microsoft Corporation)

* C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)

* C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

* C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)

 

Unrated items

-------------

002 * C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe (ALWIL Software)

002 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

002 C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

002 * C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)

002 * C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

002 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

002 C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)

002 * C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

002 * C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

002 * C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

002 * C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

002 * C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

003 * C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

003 * C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

003 * C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)

003 * C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

005 C:\Windows\VPro530.exe (Philips)

006 C:\Windows\VPro530.exe (Philips)

010 * C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AutoUpater Service Module)

010 * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service)

010 * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service)

010 * C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service)

010 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Machine Debug Manager)

010 * C:\Program Files\CyberLink\Shared Files\RichVideo.exe (RichVideo Module)

011 * C:\Windows\system32\drivers\aswFsBlk.sys (avast! File System Access Blocking Driver)

011 * C:\Windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista)

011 * C:\Windows\system32\drivers\aswSP.sys (avast! self protection module)

011 * C:\Windows\system32\drivers\aswTdi.sys (avast! TDI Filter Driver)

011 * C:\Windows\system32\drivers\aswRdr.sys (avast! TDI RDR Driver)

011 * C:\Windows\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver)

011 C:\Windows\system32\DRIVERS\nvlddmkm.sys (nvlddmkm)

035 C:\Windows\system32\soundschemes.exe (Microsoft Corporation) {7070D8E0-650A-46b3-B03C-9497582E6A74}

035 C:\Windows\system32\soundschemes2.exe (Microsoft Corporation) {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}

041 * C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

052 * C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

052 * C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670}

061 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

073 AWC Startup.job : C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

100 Start Page HKCU : http://mystart.incredimail.com/

100 Start Page HKLM : http://br.yahoo.com

105 E&xportar para o Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

105 Google Sidewiki... : res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

173 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

221 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

223 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

225 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

225 C:\Program Files\Alwil Software\Avast5\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}

225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

225 * C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:42:10, on 01/05/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\HiYo\Bin\HiYo.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\VPro530.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Users\Malu\Documents\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT

O4 - Global Startup: VPro530.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 9184 bytes

 

 

 

 

 

COMBO FIX:

 

omboFix 10-04-30.03 - Malu 01/05/2010 11:12:53.2.4 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.55.1046.18.1919.913 [GMT -3:00]

Executando de: c:\users\Malu\Documents\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1368 [VPS 100131-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\program files\Fast Browser Search

c:\program files\Fast Browser Search\IE\1.bat

c:\program files\Fast Browser Search\IE\about.html

c:\program files\Fast Browser Search\IE\affid.dat

c:\program files\Fast Browser Search\IE\basis.xml

c:\program files\Fast Browser Search\IE\basis_br.xml

c:\program files\Fast Browser Search\IE\basis_de.xml

c:\program files\Fast Browser Search\IE\basis_en.xml

c:\program files\Fast Browser Search\IE\basis_es.xml

c:\program files\Fast Browser Search\IE\basis_fr.xml

c:\program files\Fast Browser Search\IE\basis_it.xml

c:\program files\Fast Browser Search\IE\basis_nr.xml

c:\program files\Fast Browser Search\IE\basis_pt.xml

c:\program files\Fast Browser Search\IE\basis_ru.xml

c:\program files\Fast Browser Search\IE\basis_tr.xml

c:\program files\Fast Browser Search\IE\BHO.dll

c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe

c:\program files\Fast Browser Search\IE\error.html

c:\program files\Fast Browser Search\IE\fbsProtection.xml

c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml

c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe

c:\program files\Fast Browser Search\IE\FBStoolbar.dll

c:\program files\Fast Browser Search\IE\fbstoolbar.jar

c:\program files\Fast Browser Search\IE\fbstoolbar.manifest

c:\program files\Fast Browser Search\IE\icons.bmp

c:\program files\Fast Browser Search\IE\IE3SH.exe

c:\program files\Fast Browser Search\IE\info.txt

c:\program files\Fast Browser Search\IE\local.xml

c:\program files\Fast Browser Search\IE\logobg.bmp

c:\program files\Fast Browser Search\IE\MTWB3SH.dll

c:\program files\Fast Browser Search\IE\MTWBtoolbar.html

c:\program files\Fast Browser Search\IE\search.bmp

c:\program files\Fast Browser Search\IE\search_br.bmp

c:\program files\Fast Browser Search\IE\search_de.bmp

c:\program files\Fast Browser Search\IE\search_es.bmp

c:\program files\Fast Browser Search\IE\search_fr.bmp

c:\program files\Fast Browser Search\IE\search_it.bmp

c:\program files\Fast Browser Search\IE\search_pt.bmp

c:\program files\Fast Browser Search\IE\search_ru.bmp

c:\program files\Fast Browser Search\IE\SearchAssistant.dll

c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe

c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico

c:\program files\Fast Browser Search\IE\SGPU.ico

c:\program files\Fast Browser Search\IE\sgpUpdater.exe

c:\program files\Fast Browser Search\IE\sgpUpdater.xml

c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe

c:\program files\Fast Browser Search\IE\tbhelper.dll

c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js

c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js

c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js

c:\program files\Fast Browser Search\IE\Toolbar Help.htm

c:\program files\Fast Browser Search\IE\uninstall.exe

c:\program files\Fast Browser Search\IE\uninstalSGP.exe

c:\program files\Fast Browser Search\IE\uninstalSGPU.exe

c:\program files\Fast Browser Search\IE\update.exe

c:\program files\Fast Browser Search\IE\version.txt

c:\program files\SGPSA

c:\program files\SGPSA\BHO.dll

c:\program files\SGPSA\ie3sh.exe

c:\program files\SGPSA\mtwb3sh.dll

c:\program files\SGPSA\SeARchassistant.dll

c:\windows\system32\VB6KO.DLL

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-01 to 2010-05-01 ))))))))))))))))))))))))))))

.

 

2010-05-01 14:19 . 2010-05-01 14:19 -------- d-----w- c:\users\Malu\AppData\Local\temp

2010-05-01 14:19 . 2010-05-01 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-04-30 10:51 . 2010-04-30 10:52 -------- d-----w- C:\LinhaDefensiva

2010-04-27 14:00 . 2010-04-27 14:00 -------- d-----w- c:\programdata\Alwil Software

2010-04-22 14:46 . 2010-04-22 14:46 -------- d-----w- c:\program files\Windows Portable Devices

2010-04-22 14:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-04-22 14:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2010-04-22 14:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2010-04-22 14:41 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2010-04-22 14:41 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2010-04-22 14:41 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2010-04-22 14:41 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2010-04-22 14:41 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2010-04-22 14:41 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-04-22 14:41 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2010-04-22 14:41 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2010-04-22 14:41 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2010-04-22 14:41 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2010-04-22 14:41 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2010-04-22 14:41 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2010-04-22 14:40 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2010-04-22 14:40 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2010-04-22 14:40 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2010-04-21 22:46 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-04-21 22:46 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-04-21 22:46 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-04-21 14:41 . 2010-04-21 14:41 -------- d-----w- c:\windows\system32\ca-ES

2010-04-21 14:41 . 2010-04-21 14:41 -------- d-----w- c:\windows\system32\eu-ES

2010-04-21 14:41 . 2010-04-21 14:41 -------- d-----w- c:\windows\system32\vi-VN

2010-04-19 22:03 . 2010-04-19 22:03 -------- d-----w- c:\programdata\Philips

2010-04-19 22:01 . 2008-05-07 14:40 88704 ----a-w- c:\windows\system32\drivers\phaudlwr.sys

2010-04-19 22:01 . 2008-04-07 18:05 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll

2010-04-19 22:00 . 2010-04-19 22:01 -------- d-----w- c:\program files\DIFX

2010-04-19 21:57 . 2008-05-21 17:30 7680 ----a-w- c:\windows\system32\drivers\SPC530m.sys

2010-04-19 21:57 . 2008-05-21 17:30 486912 ----a-w- c:\windows\system32\drivers\SPC530.sys

2010-04-19 21:57 . 2010-04-19 22:03 -------- d-----w- c:\program files\Philips

2010-04-19 21:57 . 2008-02-15 14:49 155648 ----a-w- c:\windows\VPro530.exe

2010-04-19 21:57 . 2010-04-19 21:57 -------- d-----w- c:\program files\Common Files\SPC530NC

2010-04-19 21:57 . 2010-04-19 21:57 -------- d-----w- c:\windows\Philips

2010-04-18 23:45 . 2010-04-18 23:45 -------- d-----w- c:\windows\system32\EventProviders

2010-04-18 22:22 . 2010-04-26 12:30 -------- d-----w- c:\users\Malu\AppData\Roaming\skypePM

2010-04-18 22:20 . 2010-04-27 12:31 -------- d-----w- c:\users\Malu\AppData\Roaming\Skype

2010-04-18 22:20 . 2010-04-18 22:20 -------- d-----w- c:\program files\Common Files\Skype

2010-04-18 22:20 . 2010-04-18 22:20 -------- d-----r- c:\program files\Skype

2010-04-18 22:19 . 2010-04-18 22:20 -------- d-----w- c:\programdata\Skype

2010-04-14 21:36 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-14 21:36 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-14 21:36 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-14 21:36 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-14 21:36 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-14 21:36 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-14 21:36 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-14 21:36 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-14 21:36 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-13 22:54 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-13 22:54 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-12 20:48 . 2010-04-12 20:48 -------- d-----w- c:\programdata\Elaborate Bytes

2010-04-08 10:07 . 2010-04-08 10:07 -------- d-----w- c:\program files\QuickTime

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-01 14:03 . 2009-12-03 17:46 634004 ----a-w- c:\windows\system32\prfh0416.dat

2010-05-01 14:03 . 2009-12-03 17:46 121690 ----a-w- c:\windows\system32\prfc0416.dat

2010-04-30 10:50 . 2009-12-04 10:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-30 10:49 . 2009-12-04 10:02 6153352 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-04-30 10:42 . 2009-12-04 09:48 -------- d-----w- c:\program files\CCleaner

2010-04-29 18:39 . 2009-12-04 10:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-12-04 10:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 14:03 . 2009-12-03 08:28 -------- d-----w- c:\program files\Alwil Software

2010-04-22 14:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-04-22 14:46 . 2010-04-22 14:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-04-21 14:47 . 2009-12-03 22:06 -------- d-----w- c:\programdata\NVIDIA

2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal

2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2010-04-21 14:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-04-21 14:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2010-04-19 22:11 . 2010-04-19 22:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf

2010-04-19 21:56 . 2009-12-03 21:57 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-04-18 22:22 . 2010-04-18 22:22 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-04-18 22:21 . 2009-12-03 08:28 -------- d-----w- c:\program files\Google

2010-04-15 06:05 . 2009-12-03 21:35 -------- d-----w- c:\programdata\Microsoft Help

2010-04-14 16:47 . 2009-12-03 08:28 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-04-14 16:47 . 2009-12-03 08:28 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-04-14 16:35 . 2009-12-03 08:28 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-04-14 16:35 . 2009-12-03 08:28 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-04-14 16:31 . 2009-12-03 08:28 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-04-14 16:31 . 2009-12-03 08:28 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-04-14 16:31 . 2009-12-03 08:28 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-04-12 20:48 . 2009-12-04 10:29 24 --sh--w- c:\windows\S2E04EC49.tmp

2010-04-12 20:29 . 2010-04-12 20:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2010-03-22 23:19 . 2010-03-22 23:19 623488 ----a-w- c:\users\Malu\AppData\Roaming\HiYo\Data\hiyo_install.exe

2010-03-02 11:27 . 2009-12-04 10:25 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-26 03:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2010-02-26 03:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2010-02-24 13:16 . 2009-12-03 03:50 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-24 06:21 . 2009-12-03 02:07 102120 ----a-w- c:\users\Malu\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-23 06:39 . 2010-04-01 09:46 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-04-01 09:46 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33 . 2010-04-01 09:46 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55 . 2010-04-01 09:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-20 23:06 . 2010-03-10 14:10 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05 . 2010-03-10 14:10 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 20:53 . 2010-03-10 14:10 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-05 22:27 . 2009-12-04 10:26 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-05 22:27 . 2009-12-04 10:25 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-05 22:27 . 2009-12-04 10:25 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-04-27 353736]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-18 39408]

"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-12-03 557056]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]

"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"Hiyo"="c:\program files\HiYo\bin\HiYo.exe" [2010-01-06 230768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPro530.lnk - c:\windows\VPro530.exe [2010-4-19 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2009-01-21 16:08 13683232 ----a-w- c:\windows\System32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-01-21 16:08 92704 ----a-w- c:\windows\System32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):b3,cc,55,7d,61,e1,ca,01

 

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 133104]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]

R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2008-05-07 88704]

R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [2008-05-21 486912]

R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [2008-05-21 7680]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 19:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 12:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27]

 

2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27]

 

2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27]

 

2010-05-01 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27]

 

2010-05-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:27]

 

2010-05-01 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-04 17:54]

 

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 08:28]

 

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-03 08:28]

 

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{6541D2C4-D2E6-43E7-8B0D-A3E34E83C3DE}.job

- c:\windows\system32\msfeedssync.exe [2010-04-01 04:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://mystart.incredimail.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://br.yahoo.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

FF - ProfilePath - c:\users\Malu\AppData\Roaming\Mozilla\Firefox\Profiles\b7erqc6h.default\

FF - prefs.js: browser.search.defaulturl - hxxp://br.search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

 

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - (no file)

BHO-{D5D33A26-F043-4808-B335-6B10630E04F8} - (no file)

HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-01 11:19

Windows 6.0.6002 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

FBSSA = c:\program files\SGPSA\ie3sh.exe?O.dll???????F"?"???c:\program files\SGPSA\mtwb3sh.dll?7 ???????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-05-01 11:21:57

ComboFix-quarantined-files.txt 2010-05-01 14:21

 

Pré-execução: 457.933.611.008 bytes disponíveis

Pós execução: 457.861.812.224 bytes disponíveis

 

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 901125EA9F7D72370F0FDC51947DB283

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! amacedo

 

<!> Desinstale: C:\Program Files\IObit\Advanced SystemCare 3

000000000000000000000

ooooooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < otlDesktopIcon.png >

<@> Ps: Sigamos,agora,com sua configuração!

 

1 - Em "Saída",deixe marcado o botão "Resumida".

2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

3 - Processos: Usar SafeList <-- Marque!

4 - Módulos: Usar SafeList <-- Marque!

5 - Serviços: Usar SafeList <-- Marque!

6 - Drivers: Usar SafeList <-- Marque!

7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

8 - Exame Extra do Registro: Usar SafeList <-- Marque!

9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\cngaudit.dll /s /md5%SYSTEMDRIVE%\sceclt.dll /s /md5%SYSTEMDRIVE%\ntelogon.dll /s /md5%SYSTEMDRIVE%\logevent.dll /s /md5%SYSTEMDRIVE%\iaStor.sys /s /md5%SYSTEMDRIVE%\nvstor.sys /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.