[Arquivado] Virus - PC nao desliga e Combofix nao funciona

[DigRam 144]

Bom Dia! esdrasyave

 

<!> Siga,na ordem,estas instruções!

000000000000000000

oooooooooooooooooo

<@> Selecione e copie,o conteúdo que está na área do campo,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RESTORE::c:\windows\system32\vbzlib1.dll

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Concluindo,poste: C:\ComboFix.txt <--

000000000000000000

oooooooooooooooooo

<@> Agende,para o próximo boot,o scandisk.

<@> Vá em Iniciar --> Executar --> Digite: cmd --> Clique: OK

<@> Na janela do prompt,digite: chkdsk /r --> Aperte Enter.

<@> Tecle "S" --> Aperte Enter.

<@> O scandisk foi selecionado para o próximo boot.

<@> Para sair,digite exit --> Aperte Enter.

<@> Reinicie o computador,para que tenha início o scandisk.

 

arquivos e pastas

índices

descritores de segurança

dados de arquivos

espaço disponível

 

<@> Aguarde,pacientemente,a conclusão de todas as verificações.

<@> Ao final,o computador reiniciará automáticamente.

00000000000000000

<!> Ps: Informe se ocorreu,na máquina,alguma mudança.

 

Abraços!

[esdrasyave 0]

Olá, infelizmente nao teve nenhuma mudança aparente. Os programas instalados em arquivos de programa continuam sem aparecer no menu iniciar.

 

ComboFix 10-06-27.03 - lan-04 27/06/2010 19:23:00.21.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.512 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\lan-04\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Thumbs.db

c:\windows\system32\Thumbs.db

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-27 to 2010-06-27 ))))))))))))))))))))))))))))

.

 

2010-06-24 23:48 . 2004-07-17 01:42 176128 ----a-w- C:\TaskbarRepairToolPlus!.exe

2010-06-24 23:07 . 2010-06-24 23:07 73728 -c--a-w- c:\windows\system32\dllcache\vbzlib1.dll

2010-06-23 23:27 . 2010-06-23 23:27 -------- d-----w- c:\arquivos de programas\DCSAurelio

2010-06-23 20:53 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-06-19 15:30 . 2010-06-19 15:30 503808 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcp71.dll

2010-06-19 15:30 . 2010-06-19 15:30 499712 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\jmc.dll

2010-06-19 15:30 . 2010-06-19 15:30 348160 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcr71.dll

2010-06-19 15:29 . 2010-06-19 15:29 61440 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-sse.dll

2010-06-19 15:29 . 2010-06-19 15:29 12800 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-d3d.dll

2010-06-19 15:29 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 21:15 . 2010-06-23 23:09 -------- d-----w- C:\UsbFix

2010-06-18 21:12 . 2010-06-18 21:14 1225123 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-06-17 01:55 . 2010-06-17 01:55 -------- d-----w- C:\Toll Bar

2010-06-12 23:12 . 2010-06-23 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\PriceGong

2010-06-11 22:53 . 2010-06-20 02:58 -------- d-----w- C:\cc9c4f68ee2f300ab00cbff2dd

2010-06-11 21:06 . 2010-06-20 02:58 -------- d-----w- C:\d1cc57b52de34df7644a

2010-06-11 20:59 . 2010-06-18 21:57 -------- d-----w- C:\Pen drive

2010-06-11 20:57 . 2008-08-26 00:39 -------- d-----w- C:\327882R2FWJFW

2010-06-10 22:35 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-27 22:17 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-06-27 16:33 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-06-23 20:54 . 2008-06-28 15:46 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-06-21 22:59 . 2009-03-14 20:23 -------- d-----w- c:\arquivos de programas\a-squared Free

2010-06-20 16:14 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-20 16:14 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-19 15:30 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Java

2010-06-19 15:29 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-19 15:15 . 2008-07-10 20:54 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Image Zone Express

2010-06-19 15:14 . 2009-01-11 15:18 -------- d-----w- c:\arquivos de programas\XviD

2010-06-19 15:14 . 2008-06-28 16:01 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-06-19 15:14 . 2009-03-15 15:23 -------- d-----w- c:\arquivos de programas\TVUPlayer

2010-06-19 15:14 . 2009-04-30 19:11 -------- d-----w- c:\arquivos de programas\PhotoScape

2010-06-19 15:14 . 2008-06-20 17:24 -------- d-----w- c:\arquivos de programas\mobile PhoneTools

2010-06-19 15:14 . 2008-09-23 17:22 -------- d-----w- c:\arquivos de programas\LiveUpdate

2010-06-19 15:14 . 2008-06-29 13:22 -------- d-----w- c:\arquivos de programas\LimeWire

2010-06-19 15:14 . 2008-07-21 22:31 -------- d-----w- c:\arquivos de programas\eMule Acceleration Patch

2010-06-18 00:52 . 2001-10-28 12:07 584300 ----a-w- c:\windows\system32\perfh016.dat

2010-06-18 00:52 . 2001-10-28 12:07 114124 ----a-w- c:\windows\system32\perfc016.dat

2010-06-13 20:41 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Babylon

2010-06-13 20:24 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-06-07 21:27 . 2009-01-07 14:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-06-02 08:00 . 2008-06-12 18:36 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-05-19 21:47 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-05-18 20:51 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-05-18 15:00 . 2009-08-02 14:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-16 21:54 . 2010-05-16 21:48 -------- d-----w- c:\arquivos de programas\TIM Web Banda Larga

2010-05-08 19:29 . 2010-03-10 14:56 -------- d-----w- c:\arquivos de programas\Cool2000

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 19:48 . 2010-05-01 19:33 -------- d-----w- c:\arquivos de programas\Replay Media Catcher

2010-05-01 19:36 . 2010-05-01 19:36 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-01 19:36 . 2010-05-01 19:36 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-01 19:35 . 2010-05-01 19:35 -------- d-----w- c:\arquivos de programas\Applian Director

2010-05-01 19:10 . 2010-05-01 18:57 -------- d-----w- c:\arquivos de programas\Save Flash

2010-04-29 18:39 . 2009-08-02 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-08-02 14:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:31 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-31 01:49 . 2008-06-28 15:47 94208 ----a-w- c:\windows\system32\dpl100.dll

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-06-20_01.36.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-27 22:06 . 2010-06-27 22:06 16384 c:\windows\temp\Perflib_Perfdata_774.dat

+ 2010-06-23 23:27 . 2010-06-23 23:27 45056 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\NewShortcut1.exe

- 2009-01-08 22:48 . 2009-01-08 22:48 45056 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\NewShortcut1.exe

+ 2010-06-23 23:27 . 2010-06-23 23:27 3638 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\ARPPRODUCTICON.exe

- 2009-01-08 22:48 . 2009-01-08 22:48 3638 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\ARPPRODUCTICON.exe

+ 2009-07-12 04:12 . 2009-07-12 04:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

+ 2009-07-12 04:09 . 2009-07-12 04:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

+ 2009-07-12 04:08 . 2009-07-12 04:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll

+ 2008-06-28 15:47 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll

+ 2008-06-28 15:47 . 2009-05-29 21:37 205824 c:\windows\system32\xvidvfw.dll

+ 2008-06-28 15:47 . 2009-05-29 21:31 881664 c:\windows\system32\xvidcore.dll

+ 2008-06-28 15:47 . 2010-06-02 08:00 185920 c:\windows\system32\rmoc3260.dll

+ 2010-06-19 18:06 . 2010-06-24 00:37 319544 c:\windows\system32\FNTCACHE.DAT

- 2010-06-19 18:06 . 2010-06-20 01:02 319544 c:\windows\system32\FNTCACHE.DAT

+ 2008-06-28 15:47 . 2010-02-19 19:27 720384 c:\windows\system32\divx.dll

+ 2010-06-23 20:53 . 2010-06-23 20:53 169472 c:\windows\Installer\4ad8ab.msi

+ 2010-06-23 23:27 . 2010-06-23 23:27 1150464 c:\windows\Installer\d1f44b.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2010-06-17 01:04 2736736 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2010-02-27 654648]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

"Nero PhotoShow Media Manager"="c:\arquiv~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-A7UA6.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-A7UA6.lnk

backup=c:\windows\pss\is-A7UA6.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-D8KDB.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-D8KDB.lnk

backup=c:\windows\pss\is-D8KDB.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-QR2A2.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-QR2A2.lnk

backup=c:\windows\pss\is-QR2A2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-UEHSS.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-UEHSS.lnk

backup=c:\windows\pss\is-UEHSS.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-VD0FU.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-VD0FU.lnk

backup=c:\windows\pss\is-VD0FU.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]

2009-09-22 18:09 156672 ----a-w- c:\arquivos de programas\Replay Media Catcher\FLVSrvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\lan-04\\Meus documentos\\Meus arquivos recebidos\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 1872320]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-27 19:31

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-06-27 19:35:18

ComboFix-quarantined-files.txt 2010-06-27 22:35

ComboFix2.txt 2010-06-25 00:21

ComboFix3.txt 2010-06-23 20:28

ComboFix4.txt 2010-06-21 00:36

ComboFix5.txt 2010-06-27 22:19

 

Pré-execução: 816.029.696 bytes disponíveis

Pós execução: 777.146.368 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - C2E2F1D97631E2DB925D74708A5780FD

[DigRam 144]

Bom Dia! esdrasyave

 

Olá, infelizmente nao teve nenhuma mudança aparente. Os programas instalados em arquivos de programa continuam sem aparecer no menu iniciar.

<!> Mas...os mesmos continuam listados/instalados,corretamente,no Adicionar e remover programas?

<!> Siga,na ordem em que estão dispostas,estas orientações!

0000000000000000000000

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local ©.

<@> Execute-a!E,ao terminar,gerará um relatório: C:\SafeBoot_Repair.txt <-- Não poste-o!

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < DrWebCureIt >

 

<!> < External Mirror 1 > <-- Link indireto!

 

<@> Salve DrWebCureIt.exe em Arquivos de programas!

<@> Reinicie o computador em Modo de Segurança.

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

<@> Ps: Neste modo são verificados os seguintes objetos:

 

<1> Sectores de Arranque de Todos os Discos

<2> Todas as Unidades Removíveis

<3> Todos os Discos Locais

 

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Poste: C:\Documents and Settings\Administrator\DoctorWeb\CureIt.txt <--

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < rktools.exe >

<@> Salve-o em Arquivos de programas e execute-o aí mesmo!

0000000000000000000000

<@> Ps: Estando em "Modo Normal",vá em Iniciar --> Executar --> Digite: sfc /scannow --> Clique OK.

 

< >

 

<@> Poderá ser pedido a colocação do CD-ROM,do Windows XP,no drive.

<@> Será,portanto,acionada a "Proteção de arquivo do Windows".

<@> Aguarde a conclusão do reparo,caso tenha sido executada via CD-ROM.

 

Ps: Aguarde enquanto o Windows verifica se todos os arquivos protegidos do Windows estão intactos e em suas versões originais.

<!> Ps: Como você não possui o CD de instalação do Windows XP,será feita a tentativa de obter recursos com a execução de rktools.

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.