Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

wrongdoer

[Arquivado] &nbspVírus JS:Redirector-CV [Trj] em meus sites

Recommended Posts

Fala galera, beleza?

 

Seguinte quando entro nos meus sites o Avast acusa que tem esse vírus no site o: JS:Redirector-CV [Trj], só que já baixei o site passei dois antivirus Kaspersky e Avast só que não encontraram nada, olhei alguns códigos de algumas páginas que são muitas. Pelo que consegui achar na internet esse vírus é um código malicioso que fica nas páginas em PHP e JavaScript, só que não consigo achar esse bendito código. Como tenho muitos sites, queria saber se tem como achar esse código de forma rápida??

 

PS: Passei antivírus nos dois computadores que trabalho, passei o programa MalwareAnti Bytes, Spybot

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Desculpe-me a demora para responder.

 

Você poderia me passar os links dos seus sites para eu poder analisá-los?

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Desculpe-me a demora para responder.

 

Você poderia me passar os links dos seus sites para eu poder analisá-los?

 

Abraços :D

 

 

Opa, tranquilo, ai vai os links:

 

www.sindasp.org.br

www.policiapenal.com.br

www.apeaprudentina.com.br

www.assdec.com.br

www.cicerofelix.com.br

 

Cara esses são os links que lembro que apareceram os alertas, o resto dos sites é feito em flash somente com um arquivo em HTML, mas mesmo assim se puder, tiver tempo e paciência de me explicar como você faz essa análise, ficarei grato. Estou querendo estudar mais sobre segurança na web e tudo mais.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara esses são os links que lembro que apareceram os alertas, o resto dos sites é feito em flash somente com um arquivo em HTML, mas mesmo assim se puder, tiver tempo e paciência de me explicar como você faz essa análise, ficarei grato. Estou querendo estudar mais sobre segurança na web e tudo mais.

 

@wrongdoer,

 

Esses sites são estáticos ou existe uma aplicação server-side ?

 

Se houver uma aplicação server-side, muito provavelmente, o problema estará relacionado com XSS ou SQL Injection.

 

Veja este tópico, o usuário descreve um problema similar ao seu :seta: http://forum.imasters.com.br/index.php?/topic/393665-problema-com-eval-virus-script/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara esses são os links que lembro que apareceram os alertas, o resto dos sites é feito em flash somente com um arquivo em HTML, mas mesmo assim se puder, tiver tempo e paciência de me explicar como você faz essa análise, ficarei grato. Estou querendo estudar mais sobre segurança na web e tudo mais.

 

@wrongdoer,

 

Esses sites são estáticos ou existe uma aplicação server-side ?

 

Se houver uma aplicação server-side, muito provavelmente, o problema estará relacionado com XSS ou SQL Injection.

 

Veja este tópico, o usuário descreve um problema similar ao seu :seta: http://forum.imasters.com.br/index.php?/topic/393665-problema-com-eval-virus-script/

 

@João Batista Neto,

 

Pelo que estive pesquisando sobre esse vírus, eu acho que trata-se do SQL Injection. Porém achei um página que fala um pouco sobre o vírus, em russo ai eu traduzi para o português:

 

Trojan.JS.Redirector.cv

Tempo de detecção de 11 maio 2010 14:06 BRT

Time Release Update 09 de maio de 2010 21:42 BRT

Descrição publicado 21 junho de 2010 11:38 BRT

 

Detalhes técnicos

atividade destrutiva

Remoção

 

Detalhes técnicos

 

Trojan programa que executa uma ação destrutiva no computador do usuário. É a página HTML contendo uma linguagem de script Java Script. O tamanho de 2.460 bytes.

 

atividade destrutiva

 

Quando você abre uma página infectada, o usuário do navegador, o cavalo de tróia redireciona o link a seguir:

 

http://pb *** 0i.ru/in.cgi?

6 & ab_iframe = 0 & = 0 & ab_badtraffic ab_trash = 1 & antibot_hash bot = & id = 46

 

Além disso, dependendo da localização de um script malicioso na página HTML e tamanho da janela do navegador, o Trojan é executado e gera o link para a sua mensagem:

 

http://pb *** 0i.ru/in.cgi? ab_iframe 6 & = 0 & = 0 & ab_badtraffic antibot_hash

= 939579443 & ur = 1 & HTTP_REFERER = http://pb *** 0i.ru/ts/in.cgi? 181 & id = 46

 

No momento da escrita, os links não estão funcionando.

 

 

Remoção

 

Se o computador não estava protegido por antivírus e infectados com este malware, então excluí-lo, siga estes passos:

 

1. Excluir o arquivo original de Tróia (a sua localização no computador infectado vai depender de como o programa inicialmente penetraram na máquina da vítima).

2. Limpar o diretório de Arquivos Temporários da Internet, que podem conter arquivos infectados (Como faço para excluir os arquivos infectados na pasta Temporary Internet Files?):

 

% Temporary Internet Files%

 

Li atentamente o tópico que me mandou e não descarto a opção ser o script "eval".

Mas preciso de um jeito que eu consiga achar essas linhas de modo rápido e fácil porque os sites tem muitas páginas em PHP e JavaScrip. Para que eu possa fazer a remoção do vírus.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Desculpe a demora para responder.

 

O João batista pediu para que primeiro desinfectássemos seu pc para depois limpar seu site.

 

Por favor, poste um log do HijackThis, seguindo a Regra Nº02 desta seção.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Desculpe a demora para responder.

 

O João batista pediu para que primeiro desinfectássemos seu pc para depois limpar seu site.

 

Por favor, poste um log do HijackThis, seguindo a Regra Nº02 desta seção.

 

 

Abraços :D

 

Log HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:57:00, on 23/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe

C:\Arquivos de programas\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001

C:\hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)

O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

 

--

End of file - 14190 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, a versão do seu hijackthis é antiga. Desinstale o HijackThis usando o Painel de Controle > Adicionar ou Remover Programas e instale a versão 2.0.4, seguindo a regra nº 02.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, a versão do seu hijackthis é antiga. Desinstale o HijackThis usando o Painel de Controle > Adicionar ou Remover Programas e instale a versão 2.0.4, seguindo a regra nº 02.

 

Abraços :D

 

Olá, log Hijack versão 2.0.4, foi mal nem prestei atenção que versão do hijack estava usando no primeiro log.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:01:39, on 23/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001

C:\Arquivos de programas\Ipswitch\WS_FTP 12\wsftpgui.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijack\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)

O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

 

--

End of file - 14513 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga as instruções abaixo, na ordem dada.

 

____________________________________________________

 

<<1>>

 

Abra o HijackThis, Clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

 

____________________________________________________

 

<<2>>

 

Acesse o site 4y6d3b8.gif " Jotti's malware scan "

 

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001
    • C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe1

    [*]Clique no botão 688godt.jpg

    [*]O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde.

    [*]Copie e cole o(s) resultado(s).

 

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

 

____________________________________________________

 

<<3>>

 

Por favor, siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado.

 

Tutorial do Malwarebyte's Anti-Malwaer

 

____________________________________________________

 

<<4>>

 

Poste um novo log do HijackThis.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga as instruções abaixo, na ordem dada.

 

____________________________________________________

 

<<1>>

 

Abra o HijackThis, Clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

 

____________________________________________________

 

<<2>>

 

Acesse o site 4y6d3b8.gif " Jotti's malware scan "

 

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001
    • C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe1

    [*]Clique no botão 688godt.jpg

    [*]O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde.

    [*]Copie e cole o(s) resultado(s).

 

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

 

____________________________________________________

 

<<3>>

 

Por favor, siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado.

 

Tutorial do Malwarebyte's Anti-Malwaer

 

____________________________________________________

 

<<4>>

 

Poste um novo log do HijackThis.

 

 

Abraços :D

 

Virus Scan:

 

Filename: clclean.0001

Status:

Scan finished. 0 out of 19 scanners reported malware.

Scan taken on: Wed 18 Aug 2010 04:13:36 (CET) Permalink

 

O outro arquivo não existe mais no meu computador.

---------------------------------------------------------------------------------------------------------

Log Malware Bites

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4469

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

 

24/5/2010 11:54:41

mbam-log-2010-05-24 (11-54-41).txt

 

Tipo de Verificação: Verificação Completa (C:\|F:\|)

Objetos escaneados: 519360

Tempo decorrido: 2 hora(s), 45 minuto(s), 30 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 22

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Arquivos de programas\WinRAR\patch.exe (Trojan.Patcher) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Fireworks CS3 VLK.exe (RiskWare.Tool.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> No action taken.

C:\Documents and Settings\Administrador\Desktop\corel\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.UsinaVirtual.com\keygen.exe (Trojan.Agent.CK) -> No action taken.

C:\Documents and Settings\Administrador\Desktop\downloads\Portable Sony DVD Architect Studio_v5.0.0.128\Portable Sony DVD Architect Studio v5.0.0.128 by Birungueta\Portable Sony DVD Architect Studio v5.0.0.128.exe (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Administrador\Meus documentos\access.exe (Trojan.Dropper) -> No action taken.

----------------------------------------------------------------------------------------------------------------

 

Novo Log HiJack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:37:33, on 24/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)

O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

 

--

End of file - 13538 bytes

_------------------------------------------------------------------------------------------------------

 

PS.: Suspeito que esse vírus que está atacando meus sites, está pegando o e-mail dos usuários que é do Hotmail e mandando vírus.

 

Tem esse malware que está na quarentena da outra vez que fiz o scan: C:\Documents and Settings\ All Users\ Dados de aplicativos\dkwork.ini

 

Fabricante: Malware.Trace

 

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga as instruções abaixo, na ordem dada.

 

____________________________________________________

 

<<1>>

 

Abra o HijackThis, Clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked:

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

 

____________________________________________________

 

<<2>>

 

Acesse o site 4y6d3b8.gif " Jotti's malware scan "

 

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Adobelm_Cleanup.0001
    • C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe1

    [*]Clique no botão 688godt.jpg

    [*]O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde.

    [*]Copie e cole o(s) resultado(s).

 

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

 

____________________________________________________

 

<<3>>

 

Por favor, siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado.

 

Tutorial do Malwarebyte's Anti-Malwaer

 

____________________________________________________

 

<<4>>

 

Poste um novo log do HijackThis.

 

 

Abraços :D

 

Virus Scan:

 

Filename: clclean.0001

Status:

Scan finished. 0 out of 19 scanners reported malware.

Scan taken on: Wed 18 Aug 2010 04:13:36 (CET) Permalink

 

O outro arquivo não existe mais no meu computador.

---------------------------------------------------------------------------------------------------------

Log Malware Bites

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4469

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

 

24/5/2010 11:54:41

mbam-log-2010-05-24 (11-54-41).txt

 

Tipo de Verificação: Verificação Completa (C:\|F:\|)

Objetos escaneados: 519360

Tempo decorrido: 2 hora(s), 45 minuto(s), 30 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 22

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Arquivos de programas\WinRAR\patch.exe (Trojan.Patcher) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Fireworks CS3 VLK.exe (RiskWare.Tool.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> No action taken.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> No action taken.

C:\Documents and Settings\Administrador\Desktop\corel\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.UsinaVirtual.com\keygen.exe (Trojan.Agent.CK) -> No action taken.

C:\Documents and Settings\Administrador\Desktop\downloads\Portable Sony DVD Architect Studio_v5.0.0.128\Portable Sony DVD Architect Studio v5.0.0.128 by Birungueta\Portable Sony DVD Architect Studio v5.0.0.128.exe (Trojan.Agent) -> No action taken.

C:\Documents and Settings\Administrador\Meus documentos\access.exe (Trojan.Dropper) -> No action taken.

----------------------------------------------------------------------------------------------------------------

 

Novo Log HiJack

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:37:33, on 24/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [bar] C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\OQ2657MF\access[1].exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)

O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

 

--

End of file - 13538 bytes

_------------------------------------------------------------------------------------------------------

 

PS.: Suspeito que esse vírus que está atacando meus sites, está pegando o e-mail dos usuários que é do Hotmail e mandando vírus.

 

Tem esse malware que está na quarentena da outra vez que fiz o scan: C:\Documents and Settings\ All Users\ Dados de aplicativos\dkwork.ini

 

Fabricante: Malware.Trace

 

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Observe:

 

HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken.

 

O Malwarebyte's somente detectou os malwares! Por favor, refaça o scan, seguindo aquele tutorial, e remova todos os malwares encontrados.

 

-> Pode limpar (deletar) todos os malwares da quarentena também, ok?

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Observe:

 

HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> No action taken.

 

O Malwarebyte's somente detectou os malwares! Por favor, refaça o scan, seguindo aquele tutorial, e remova todos os malwares encontrados.

 

-> Pode limpar (deletar) todos os malwares da quarentena também, ok?

 

 

Abraços :D

 

Novo Log MalwareBytes

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4475

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

 

25/5/2010 10:16:13

mbam-log-2010-05-25 (10-16-13).txt

 

Tipo de Verificação: Verificação Completa (C:\|F:\|)

Objetos escaneados: 518899

Tempo decorrido: 1 hora(s), 37 minuto(s), 35 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 18

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Design Premium Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe CS3 Web Premium Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Adobe Web Premium CS3 Keygen + Activation.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\After Effects CS3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Audition 2.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Contribute CS3 VLK.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\DreamWeaver CS3 Keygen + Activation.exe (Trojan.Horst) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3 VLK.exe (Trojan.Crax) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Dreamweaver CS3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Fireworks CS3 VLK.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Flash CS3 Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\GoLive CS3 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\InDesign CS3 VLK.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\PhotoShop CS3 Extended Keygen + Activation.exe (TrojanProxy.Horst) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop CS3 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\Photoshop Extended CS3 Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Cases\programas\CS3_Keygen_Collection\CS3 Keygen Collection\SoundBooth CS3.exe (Trojan.Horst) -> Quarantined and deleted successfully.

 

Novo Log HijackThis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:26:17, on 25/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Document2PDF virtual printer agent] "C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Save Flash - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Arquivos de programas\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Intelliclick Informática - C:\Arquivos de programas\NitroPC\NitroPCService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)

O23 - Service: TwonkyMedia - PacketVideo - C:\Arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

 

--

End of file - 13239 bytes

______________________________________________________________________________

 

Não liga para as datas, é que eu tenho que atrasar as datas para poder usar o CorelDraw.

 

Abraços :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  • Salve o resultado e cole-o no seu tópico.

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  • Salve o resultado e cole-o no seu tópico.

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

 

DDS

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrador at 9:00:29,75 on qua 26/05/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.185 [GMT -3:00]

 

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Document2PDF Sample\d2pdfagent.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\MI3AA1~1\rapimgr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.uol.com.br/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\arquivos de programas\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: IEButton Class: {f81d52bf-f2f1-4f49-bf5f-05664e803039} - c:\arquivos de programas\unh solutions\flash saving plugin\FlashSButton.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [H/PC Connection Agent] "c:\arquivos de programas\microsoft activesync\wcescomm.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [Nokia FastStart] "c:\arquivos de programas\nokia\nokia music\NokiaMusic.exe" /command:faststart

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [Document2PDF virtual printer agent] "c:\arquivos de programas\document2pdf sample\d2pdfagent.exe"

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Save Flash - c:\arquivos de programas\unh solutions\flash saving plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\arquivos de programas\unh solutions\flash saving plugin\FlashSButton.dll/217

IE: Sothink SWF Catcher - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\arquivos de programas\arquivos comuns\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\arquivos de programas\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\wjav1kz9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\arquivos de programas\google\google gears\firefox\lib\ff35\gears.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll

FF - plugin: c:\browserplusplugins\51d0adf9803be42006c60588a80885e0\npybrowserplus_2.4.17.dll

FF - plugin: c:\documents and settings\administrador\dados de aplicativos\mozilla\plugins\npPxPlay.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

============= SERVICES / DRIVERS ===============

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-8-20 45472]

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-2 312912]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-2 165456]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [2010-5-16 3584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-2 17744]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-2 40384]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-8-20 55072]

R2 IS360service;IS360service;c:\arquivos de programas\iobit\iobit security 360\is360srv.exe [2010-1-22 311568]

R2 MailList Controller;MailList Controller;c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe [2009-11-11 1585152]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-12-30 135664]

S2 s;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2009-8-20 55072]

S2 TwonkyMedia;TwonkyMedia;c:\arquivos de programas\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\arquivos de programas\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-2 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-8-2 40384]

S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys [?]

S3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\nitropc\NitroPCService.exe [2009-5-29 847376]

 

=============== Created Last 30 ================

 

2010-08-09 12:30:25 0 d-----w- C:\hijack

2010-08-06 12:56:11 0 d-----w- c:\arquivos de programas\FastStone Image Viewer

2010-08-02 17:43:28 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-08-02 17:40:00 38848 ----a-w- c:\windows\avastSS.scr

2010-08-02 17:24:29 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software

2010-05-30 14:02:08 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-05-30 14:02:08 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-05-30 14:02:00 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-05-30 14:02:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-05-23 13:45:09 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Socusoft

2010-05-23 12:24:47 0 d-----w- c:\arquivos de programas\Ad-Remover

2010-05-23 12:05:49 0 d-----w- c:\arquivos de programas\Ipswitch

2010-05-22 11:18:51 0 d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode)

2010-05-21 20:00:41 0 d-----w- c:\docume~1\admini~1\dadosd~1\LimeWire

2010-05-21 19:59:28 0 d-----w- c:\arquivos de programas\LimeWire

2010-05-21 19:47:53 0 d-----w- c:\arquivos de programas\WinPcap

2010-05-20 13:21:12 0 d-----w- c:\arquivos de programas\CoolSMS

2010-05-19 14:39:31 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2010-05-19 14:39:31 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2010-05-19 14:39:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2010-05-19 14:39:09 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-05-19 14:39:00 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-05-19 11:55:14 0 d-----w- c:\arquivos de programas\arquivos comuns\Apple

2010-05-17 17:47:13 1901 ----a-w- c:\windows\panose.bin

2010-05-16 12:32:15 0 d-----w- c:\docume~1\alluse~1\dadosd~1\IProt

2010-05-16 12:22:10 0 d-----w- c:\windows\iprot

2010-05-16 12:22:07 0 d-----w- c:\docume~1\admini~1\dadosd~1\Bidgood Svcs

2010-05-16 12:22:00 0 d-----w- c:\arquivos de programas\wpcvtr

2010-05-16 12:18:23 36864 ----a-w- c:\windows\system32\d2pdfpm.dll

2010-05-16 12:18:21 0 d-----w- c:\arquivos de programas\Document2PDF Sample

2010-05-16 12:18:11 0 d-----w- c:\docume~1\admini~1\dadosd~1\Two Pilots

2010-05-16 12:18:11 0 d-----w- c:\arquivos de programas\Two Pilots

2010-05-13 17:48:02 0 d-----w- c:\arquivos de programas\arquivos comuns\Vbox

2010-05-13 11:18:40 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2010-05-13 11:18:39 0 d-----w- c:\arquivos de programas\CyberLink DVD Solution

2010-05-12 17:41:31 0 d-----w- c:\arquivos de programas\Xenocode

2010-05-12 17:41:30 0 d-----w- c:\windows\XSxS

2010-05-12 14:31:10 0 d-----w- c:\arquivos de programas\Sony

2010-05-11 13:37:51 0 d-----w- c:\arquivos de programas\Ares

2010-05-11 13:05:22 459264 ----a-w- c:\windows\system32\HTML2PDF.dll

2010-05-10 11:30:57 0 d-----w- c:\arquivos de programas\arquivos comuns\HP

2010-05-10 11:27:24 2828 ------w- c:\windows\hphmdl15.dat

2010-05-10 11:27:24 148006 ----a-w- c:\windows\HPHins15.dat

2010-05-09 18:58:10 267864 ----a-r- c:\windows\system32\hpzids01.dll

2010-05-09 18:58:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll

2010-05-06 13:35:11 0 d-----w- c:\arquivos de programas\Nikon

2010-05-06 13:35:10 0 d-----w- c:\arquivos de programas\arquivos comuns\Nikon

2010-05-02 14:17:10 337 ----a-w- c:\docume~1\alluse~1\dadosd~1\.bat

2010-05-02 14:16:33 192 ----a-w- c:\docume~1\alluse~1\dadosd~1\UpApp32.dll

2010-04-29 13:58:12 4270080 ----a-w- c:\windows\system32\PDFCreatorPilot.dll

 

==================== Find3M ====================

 

2010-05-26 13:48:08 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-05-26 13:12:07 49324 ----a-w- c:\windows\fonts\Murray Hill Bold Regular.ttf

2010-05-25 17:48:22 2568 --sha-w- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys

2010-05-17 13:45:55 482840 ----a-w- c:\windows\fonts\AdobeFnt.lst

2010-05-07 11:09:12 88166 ----a-w- c:\windows\system32\perfc016.dat

2010-05-07 11:09:12 489932 ----a-w- c:\windows\system32\perfh016.dat

2010-04-29 18:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-12 20:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-03-01 20:06:40 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2008-05-05 18:08:25 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

2009-08-25 16:29:55 32768 --sha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009082520090826\index.dat

 

============= FINISH: 9:01:31,81 ===============

____________________________________________________________________________________________________

 

Attach

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/5/2008 14:38:21

System Uptime: 26/5/2010 08:10:23 (1 hours ago)

 

Motherboard: | | K8M800-M2

Processor: AMD Sempron Processor 2600+ | Socket 940 | 1599/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 57,309 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 932 GiB total, 495,336 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia N95 8GB

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia N95 8GB

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

 

==== System Restore Points ===================

 

RP559: 11/5/2010 16:52:42 - Removed Adobe Acrobat 8 Professional - English, Français, Deutsch

RP560: 12/5/2010 08:20:44 - Software Distribution Service 3.0

RP561: 13/5/2010 08:21:29 - Removed Ask Toolbar.

RP562: 13/5/2010 08:25:05 - Removed Watermark

RP563: 14/5/2010 12:31:47 - Ponto de verificação do sistema

RP564: 17/5/2010 08:55:04 - Ponto de verificação do sistema

RP565: 18/5/2010 11:17:31 - Ponto de verificação do sistema

RP566: 19/5/2010 12:18:22 - Ponto de verificação do sistema

RP567: 20/5/2010 12:22:59 - Ponto de verificação do sistema

RP568: 21/5/2010 08:45:15 - Removed Adobe Photoshop Lightroom 2.7.

RP569: 24/5/2010 12:21:25 - Ponto de verificação do sistema

RP570: 25/5/2010 12:22:12 - Ponto de verificação do sistema

RP571: 26/5/2010 12:59:17 - Ponto de verificação do sistema

RP572: 27/5/2010 13:25:12 - Ponto de verificação do sistema

RP573: 28/5/2010 14:35:08 - Ponto de verificação do sistema

RP574: 31/5/2010 12:53:39 - Ponto de verificação do sistema

RP575: 2/2/2010 12:30:35 - Ponto de verificação do sistema

RP576: 3/5/2010 12:19:36 - Ponto de verificação do sistema

RP577: 4/6/2010 12:35:27 - Ponto de verificação do sistema

RP578: 7/5/2010 12:36:34 - Ponto de verificação do sistema

RP579: 8/5/2010 12:52:13 - Ponto de verificação do sistema

RP580: 9/5/2010 16:28:01 - Ponto de verificação do sistema

RP581: 10/5/2010 08:33:14 - Installed HPSU306Stub

RP582: 10/5/2010 15:01:08 - Software Distribution Service 3.0

RP583: 11/5/2010 15:13:47 - Ponto de verificação do sistema

RP584: 14/5/2010 11:11:45 - Ponto de verificação do sistema

RP585: 15/5/2010 11:20:36 - Ponto de verificação do sistema

RP586: 16/5/2010 09:18:07 - Installed Document2PDF Pilot 2.16.100 Trial

RP587: 16/5/2010 09:18:36 - Driver de impressão Document2PDF instalado

RP588: 17/5/2010 11:38:32 - Ponto de verificação do sistema

RP589: 18/5/2010 12:12:55 - Ponto de verificação do sistema

RP590: 21/5/2010 09:00:53 - Ponto de verificação do sistema

RP591: 22/4/2010 12:12:46 - Ponto de verificação do sistema

RP592: 28/5/2010 12:16:16 - Ponto de verificação do sistema

RP593: 29/5/2010 13:17:07 - Ponto de verificação do sistema

RP594: 30/5/2010 16:40:53 - Ponto de verificação do sistema

RP595: 1/5/2010 12:21:32 - Ponto de verificação do sistema

RP596: 29/5/2010 17:26:12 - Ponto de verificação do sistema

RP597: 31/5/2010 09:03:09 - Ponto de verificação do sistema

RP598: 5/4/2010 12:26:18 - Ponto de verificação do sistema

RP599: 5/4/2010 14:01:02 - Installed Java 6 Update 20

RP600: 6/5/2010 12:14:15 - Ponto de verificação do sistema

RP601: 7/5/2010 12:32:45 - Ponto de verificação do sistema

RP602: 8/5/2010 12:56:18 - Ponto de verificação do sistema

RP603: 12/5/2010 16:12:54 - Ponto de verificação do sistema

RP604: 14/5/2010 10:30:31 - Ponto de verificação do sistema

RP605: 15/5/2010 12:25:28 - Ponto de verificação do sistema

RP606: 15/5/2010 15:01:32 - Software Distribution Service 3.0

RP607: 16/5/2010 17:38:34 - Ponto de verificação do sistema

RP608: 19/5/2010 08:55:47 - Instalado QuickTime

RP609: 19/5/2010 11:39:00 - Installed Windows XP Wdf01007.

RP610: 19/5/2010 11:41:04 - Installed Windows XP Wudf01005.

RP611: 19/5/2010 11:54:15 - Removed Nokia Connectivity Cable Driver

RP612: 19/5/2010 11:56:14 - Removed Nokia Flashing Cable Driver

RP613: 20/5/2010 12:22:49 - Ponto de verificação do sistema

RP614: 21/5/2010 10:56:53 - Instalado Microsoft Visual C++ 2005 Redistributable

RP615: 21/5/2010 11:00:56 - Removido Microsoft Visual C++ 2005 Redistributable

RP616: 21/5/2010 11:01:49 - Instalado Microsoft Visual C++ 2005 Redistributable

RP617: 22/5/2010 12:34:43 - Ponto de verificação do sistema

RP618: 23/5/2010 12:59:09 - Ponto de verificação do sistema

RP619: 26/5/2010 12:15:03 - Ponto de verificação do sistema

RP620: 27/5/2010 12:40:32 - Ponto de verificação do sistema

RP621: 28/5/2010 13:02:55 - Ponto de verificação do sistema

RP622: 29/5/2010 13:59:01 - Ponto de verificação do sistema

RP623: 30/4/2010 12:18:45 - Ponto de verificação do sistema

RP624: 30/7/2010 15:16:36 - Ponto de verificação do sistema

RP625: 2/5/2010 09:38:16 - Ponto de verificação do sistema

RP626: 2/8/2010 14:27:07 - avast! Pro Antivirus Setup

RP627: 2/8/2010 14:27:26 - avast! Pro Antivirus Setup

RP628: 2/8/2010 14:38:43 - avast! Pro Antivirus Setup

RP629: 3/8/2010 15:01:55 - Ponto de verificação do sistema

RP630: 6/8/2010 10:35:41 - Ponto de verificação do sistema

RP631: 9/8/2010 12:37:56 - Ponto de verificação do sistema

RP632: 10/5/2010 12:18:16 - Ponto de verificação do sistema

RP633: 11/5/2010 12:19:02 - Ponto de verificação do sistema

RP634: 12/5/2010 11:31:07 - Installed Sony DVD Architect 3.0c

RP635: 12/5/2010 15:12:08 - Software Distribution Service 3.0

RP636: 13/5/2010 15:37:07 - Ponto de verificação do sistema

RP637: 15/5/2010 12:17:07 - Ponto de verificação do sistema

RP638: 16/5/2010 13:11:38 - Ponto de verificação do sistema

RP639: 17/5/2010 13:16:57 - Ponto de verificação do sistema

RP640: 18/5/2010 13:30:57 - Ponto de verificação do sistema

RP641: 20/5/2010 10:57:01 - Ponto de verificação do sistema

RP642: 23/5/2010 09:05:23 - Installed WS_FTP

RP643: 24/8/2010 16:27:21 - Ponto de verificação do sistema

 

==== Installed Programs ======================

 

#1 DVD Ripper 8.1.1

Ad-Remover By C_XX

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Common File Installer

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash CS3

Adobe Flash CS3 Professional

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Center 1.0

Adobe Help Viewer CS3

Adobe Illustrator CS2

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe PageMaker 7.0

Adobe PDF Library Files

Adobe Photoshop CS2

Adobe Reader 8.1.4 - Português

Adobe Setup

Adobe SING CS3

Adobe Stock Photos 1.0

Adobe Stock Photos CS3

Adobe SVG Viewer 3.0

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

ADPHONE3

Advanced SystemCare 3

AiO_Scan

Apple Application Support

Apple Software Update

Ares 2.1.6

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para Windows Internet Explorer 7 (KB947518)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973815)

aTube Catcher

aTube Catcher 1.0

Audacity 1.3.12 (Unicode)

avast! Pro Antivirus

BufferChm

Caricature Studio Green 3.6

CCleaner (remove only)

ConvertXtoDVD 4.0.9.322

CoolSMS 2.06 beta

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang EN

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

CustomerResearchQFolder

CuteFTP 8 Professional

DAEMON Tools Toolbar

DeviceDiscovery

DeviceManagementQFolder

Dg Foto Art Gold Trial(Portuguese)

dj_sf_software

dj_sf_software_req

DM3 Contas a Pagar & Receber for Windows

DM3 Relatórios 6.2

Document2PDF Pilot 2.16.100 Trial

Document2PDF Sample 1.0

DVD Cover Searcher

DVD Shrink 3.2

DVD Solution

EasyPHP 1.6

EAX Unified

eMule

eSupportQFolder

Everest Ultimate Engineer Edition

Extensis Mask Pro 3.0

FastDictionary 2007

FastStone Image Viewer 4.0

Ferramenta de Carregamento do Windows Live

FileZilla Client 3.3.3

Flash Saving Plugin

Flash Slideshow Maker Pro 5.00

FM Screen Capture Codec (Remove Only)

FormatFactory 2.20

GameSpy Comrade

Google Desktop

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

Guia do Dispositivo do MOTO Q gsm

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB943232-v2)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

HP Customer Participation Program 9.0

HP Deskjet Printer Driver Software 9.0

HP Image Zone 4.2

HP Imaging Device Functions 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP PSC & OfficeJet 4.2

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

IncrediMail

Instalação das DLLs no Windows

IObit Security 360

Ipswitch WS_FTP 12

Java Auto Updater

Java 6 Update 20

Java 6 Update 6

K-Lite Mega Codec Pack 4.1.0

LimeWire 4.18.8

Macromedia Dreamweaver MX

Macromedia Extension Manager

Magic ISO Maker v5.4 (build 0256)

MailList Controller 7.2 R3 Free

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.5.11)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

Multimedia Launcher

NEF Codec

Nero 7 Essentials

neroxml

NETEagle

NitroPC

NOD32 FiX v2.1

NOD32 sistema antivírus

Nokia Connectivity Cable Driver

Nokia Home Media Server

Nokia Map Loader

Nokia Music

Nokia Ovi Application Installer

Nokia Ovi Application Installer 6.85.3011

Nokia Ovi Content Copier

Nokia Ovi Content Copier 6.85.3011

Nokia Ovi One Touch Access

Nokia Ovi One Touch Access 6.85.3011

Nokia Ovi Suite

Nokia Ovi System Utilities

Nokia Ovi System Utilities 6.85.3013

Nokia Photos

Nokia Software Updater

NVIDIA PhysX v8.07.11

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

PanoStandAlone

PC Connectivity Solution

PDF Settings

Photo Story Platinum 3.5.0.12

Photodex Presenter

PIXresizer 2.0.4

ProShow Gold

PSSWCORE

QFolder

QuickTime

Realtek AC'97 Audio

ReaWatermark 2.1

RegCure 1.5.1.3

Revo Uninstaller 1.83

Scan

Security Update for 2007 Microsoft Office System (KB2277947)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB980376)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2251419)

Segoe UI

Shine Video To Audio Converter 3.00

Significado do seu nome

SmartFTP Client

SmartFTP Client 3.0 Setup Files (remove only)

SolutionCenter

Sony DVD Architect 3.0c

Sothink SWF Decompiler

Spybot - Search & Destroy

Status

STOPzilla

SUPER © Version 2009.bld.35 (Jan 5, 2009)

SWF Opener

The Sims 2

Toolbox

TrayApp

TwonkyMedia

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (kb2279264)

você 9.0 Runtime

VideoToolkit01

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Warmonger

WebFldrs XP

WebReg

WinAVI Video Converter

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows XP Service Pack 3

WinPcap 4.1.1

Wondershare DVD Slideshow Builder(Build 5.0.1.23)

WordPefect Document Converter 5

Yahoo! BrowserPlus 2.9.8

 

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga o tutorial no link abaixo:

 

#### Como usar o ComboFix ####

 

Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.

 

  • Siga o tutorial e execute o ComboFix.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

 

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

 

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga o tutorial no link abaixo:

 

#### Como usar o ComboFix ####

 

Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.

 

  • Siga o tutorial e execute o ComboFix.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

 

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

 

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

 

 

Abraços :D

 

Log ComboFix

 

ComboFix 10-08-26.04 - Administrador 27/05/2010 14:12:34.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.104 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Execuções precedente -------

.

c:\documents and settings\Administrador\Dados de aplicativos\inst.exe

c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll

c:\windows\My.ini

c:\windows\system32\AutoRun.inf

c:\windows\system32\AVSredirect.dll

c:\windows\system32\vbzlib1.dll

F:\install.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ACPI32

-------\Legacy_ATI64SI

-------\Legacy_I386SI

-------\Legacy_NETSIK

-------\Legacy_NICSK32

-------\Legacy_PORT135SIK

-------\Legacy_SECURENTM

-------\Legacy_SYSTEMNTMI

-------\Legacy_WS2_32SIK

-------\Legacy_NPF

-------\Service_npf

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-27 to 2010-05-27 ))))))))))))))))))))))))))))

.

 

2010-08-09 12:30 . 2010-05-25 13:25 -------- d-----w- C:\hijack

2010-08-06 12:56 . 2010-08-06 12:56 -------- d-----w- c:\arquivos de programas\FastStone Image Viewer

2010-08-04 11:54 . 2010-08-04 11:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla

2010-08-04 11:53 . 2010-08-04 11:54 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-08-02 17:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-02 17:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-02 17:43 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-08-02 17:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-02 17:40 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-02 17:39 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-02 17:24 . 2010-08-02 17:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-05-30 14:02 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-05-30 14:02 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-05-30 14:02 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-05-30 14:02 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-05-27 11:34 . 2010-05-27 11:34 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-23 13:45 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft

2010-05-23 12:24 . 2010-05-23 12:35 -------- d-----w- c:\arquivos de programas\Ad-Remover

2010-05-23 12:06 . 2010-05-23 12:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ipswitch

2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ipswitch

2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\arquivos de programas\Ipswitch

2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2010-05-22 11:19 . 2010-05-22 12:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Audacity

2010-05-22 11:18 . 2010-05-22 11:19 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode)

2010-05-21 20:00 . 2010-05-11 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2010-05-21 19:59 . 2010-05-21 19:59 -------- d-----w- c:\arquivos de programas\LimeWire

2010-05-21 19:47 . 2010-05-21 19:47 -------- d-----w- c:\arquivos de programas\WinPcap

2010-05-21 13:51 . 2010-05-12 17:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony

2010-05-20 13:21 . 2010-05-20 13:21 -------- d-----w- c:\arquivos de programas\CoolSMS

2010-05-19 14:39 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2010-05-19 14:39 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2010-05-19 14:39 . 2008-03-21 16:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-05-19 11:59 . 2010-05-19 11:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\arquivos de programas\Apple Software Update

2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2010-05-17 17:47 . 2010-05-21 11:46 1901 ----a-w- c:\windows\panose.bin

2010-05-16 12:32 . 2010-05-16 12:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IProt

2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\windows\iprot

2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Bidgood Svcs

2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\arquivos de programas\wpcvtr

2010-05-16 12:18 . 2010-01-28 12:42 36864 ----a-w- c:\windows\system32\d2pdfpm.dll

2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Document2PDF Sample

2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Two Pilots

2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Two Pilots

2010-05-13 17:48 . 2010-05-13 17:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Vbox

2010-05-13 11:18 . 2004-10-01 18:00 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2010-05-13 11:18 . 2010-05-13 11:18 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution

2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\arquivos de programas\Xenocode

2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\windows\XSxS

2010-05-12 14:31 . 2010-05-12 14:31 -------- d-----w- c:\arquivos de programas\Sony

2010-05-11 13:37 . 2010-05-11 13:38 -------- d-----w- c:\arquivos de programas\Ares

2010-05-11 13:05 . 2010-05-11 13:05 459264 ----a-w- c:\windows\system32\HTML2PDF.dll

2010-05-10 12:55 . 2010-05-06 14:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-05-10 12:21 . 2010-05-19 11:57 -------- d-----w- c:\arquivos de programas\QuickTime

2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\HPAppData

2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-05-10 11:32 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-05-10 11:30 . 2010-05-10 11:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-05-10 11:27 . 2010-05-10 11:35 148006 ----a-w- c:\windows\HPHins15.dat

2010-05-10 11:27 . 2007-08-28 06:45 2828 ------w- c:\windows\hphmdl15.dat

2010-05-09 18:58 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll

2010-05-09 18:58 . 2007-03-28 16:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll

2010-05-09 18:58 . 2007-03-28 17:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll

2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Nikon

2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nikon

2010-05-02 17:04 . 2010-05-02 17:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2010-04-29 13:58 . 2010-04-29 13:58 4270080 ----a-w- c:\windows\system32\PDFCreatorPilot.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-05 20:02 . 2009-07-24 14:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-08-05 19:56 . 2010-01-22 12:17 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-08-02 17:38 . 2009-11-12 10:56 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-06-28 20:33 . 2009-11-12 10:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2009-11-12 10:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2009-11-12 10:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2009-11-12 10:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-05-28 18:27 . 2009-07-24 14:44 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2010-05-26 17:59 . 2008-12-05 18:44 2568 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-05-26 13:48 . 2009-08-20 13:48 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-05-23 14:16 . 2009-06-19 11:36 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-05-23 13:45 . 2009-12-23 18:29 -------- d-----w- c:\arquivos de programas\Flash Slideshow Maker Professional

2010-05-23 12:05 . 2008-05-05 19:46 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-21 19:47 . 2009-08-18 12:20 -------- d-----w- c:\arquivos de programas\DsNET Corp

2010-05-19 14:56 . 2010-02-10 11:20 -------- d-----w- c:\arquivos de programas\Nokia

2010-05-19 14:43 . 2010-02-10 11:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries

2010-05-19 14:39 . 2010-02-10 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-05-16 12:29 . 2009-07-01 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-05-16 12:28 . 2009-08-20 13:47 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-05-13 19:07 . 2008-06-26 18:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-05-13 17:47 . 2008-05-05 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-05-12 18:39 . 2008-05-05 18:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-12 14:30 . 2009-08-28 17:54 -------- d-----w- c:\arquivos de programas\Sony Setup

2010-05-10 11:34 . 2009-07-14 12:55 -------- d-----w- c:\arquivos de programas\HP

2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ADPHONE

2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\arquivos de programas\ADPHONE3

2010-05-07 11:09 . 2001-10-28 12:07 88166 ----a-w- c:\windows\system32\perfc016.dat

2010-05-07 11:09 . 2001-10-28 12:07 489932 ----a-w- c:\windows\system32\perfh016.dat

2010-05-06 12:03 . 2008-10-17 20:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead

2010-05-02 14:17 . 2010-05-02 14:17 337 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\.bat

2010-04-29 18:39 . 2010-01-22 12:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2010-01-22 12:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-12 20:29 . 2010-04-05 17:01 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-05 17:02 . 2008-06-25 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-04-05 17:01 . 2008-06-25 17:20 -------- d-----w- c:\arquivos de programas\Java

2010-03-01 20:06 . 2009-09-04 12:13 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2006-05-03 10:06 . 2009-12-23 10:49 163328 --sh--r- c:\windows\system32\flvDX.dll

2008-05-05 18:08 . 2008-05-05 18:02 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2007-02-21 11:47 . 2009-12-23 10:49 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-12-23 10:49 216064 --sh--r- c:\windows\system32\nbDX.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-06-28 20:59 153184 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\snxPlugins.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-10-23 90112]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Nokia FastStart"="c:\arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Document2PDF virtual printer agent"="c:\arquivos de programas\Document2PDF Sample\d2pdfagent.exe" [2010-01-28 94208]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

"c:\\Arquivos de programas\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"=

"c:\\Arquivos de programas\\EasyPHP\\apache\\Apache.exe"=

"c:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/8/2009 10:48 45472]

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/5/2009 14:13 61328]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/8/2010 14:43 312912]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/8/2010 14:43 165456]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22 3584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 14:43 17744]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072]

R2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [22/1/2010 08:45 311568]

R2 MailList Controller;MailList Controller;c:\arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52 1585152]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47 135664]

S2 s;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072]

S2 TwonkyMedia;TwonkyMedia;c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/1/2009 15:05 717296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47]

 

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Save Flash - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\lib\ff35\gears.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll

FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npPxPlay.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-27 14:28

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

"haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(680)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(980)

c:\windows\system32\WININET.dll

c:\windows\system32\MSCTF.dll

c:\arquivos de programas\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll

c:\arquivos de programas\FreeTime\FormatFactory\FFModules\Filters\Haali\mkunicode.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll

c:\arquivos de programas\Arquivos comuns\Corel\Shared\Shell Extension\ShellXP.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

.

Tempo para conclusão: 2010-05-27 14:36:47

ComboFix-quarantined-files.txt 2010-05-27 17:36

 

Pré-execução: 31 pasta(s) 59.004.096.512 bytes disponíveis

Pós execução: 32 pasta(s) 58.964.381.696 bytes disponíveis

 

- - End Of File - - 37461D53DF1BA402FA3728268E131AC6

 

Cara voltarei a responder na segunda, porque esse computador que está com problemas é o da empresa onde trabalho e faço a administração dos sites, ok?

 

abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Ok!

 

~> Por favor, execute então novamente o ComboFix.

 

Como o computador é da empresa, creio que os outros computadores (se existirem) estarão infectados. Se esse for o caso (se existirem outros computadores), creio que será melhor contratar um serviço para realizar a remoção, visto que demorará muito para remover todos os malwares na rede.

 

~> Sugiro então, que remova esse computador da rede (que não compartilhe mais pasta alguma com outros pc's, pode estar conectado com internet, mas isolado) para evitarmos uma nova remoção.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Ok!

 

~> Por favor, execute então novamente o ComboFix.

 

Como o computador é da empresa, creio que os outros computadores (se existirem) estarão infectados. Se esse for o caso (se existirem outros computadores), creio que será melhor contratar um serviço para realizar a remoção, visto que demorará muito para remover todos os malwares na rede.

 

~> Sugiro então, que remova esse computador da rede (que não compartilhe mais pasta alguma com outros pc's, pode estar conectado com internet, mas isolado) para evitarmos uma nova remoção.

 

 

Abraços :D

 

Novo Log ComboFix

 

ComboFix 10-08-30.02 - Administrador 31/05/2010 8:22.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.255 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-31 ))))))))))))))))))))))))))))

.

 

2010-08-09 12:30 . 2010-05-25 13:25 -------- d-----w- C:\hijack

2010-08-06 12:56 . 2010-08-06 12:56 -------- d-----w- c:\arquivos de programas\FastStone Image Viewer

2010-08-04 11:54 . 2010-08-04 11:58 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FileZilla

2010-08-04 11:53 . 2010-08-04 11:54 -------- d-----w- c:\arquivos de programas\FileZilla FTP Client

2010-08-02 17:43 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-02 17:43 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-02 17:43 . 2010-06-28 20:39 312912 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2010-08-02 17:43 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-02 17:40 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-02 17:39 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-02 17:24 . 2010-08-02 17:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-05-31 11:21 . 2010-05-31 11:21 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2010-05-30 14:02 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-05-30 14:02 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-05-30 14:02 . 2008-04-13 18:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-05-30 14:02 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-05-27 11:34 . 2010-05-27 11:34 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-23 13:45 . 2010-05-23 13:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Socusoft

2010-05-23 12:24 . 2010-05-23 12:35 -------- d-----w- c:\arquivos de programas\Ad-Remover

2010-05-23 12:06 . 2010-05-23 12:13 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ipswitch

2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ipswitch

2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\arquivos de programas\Ipswitch

2010-05-23 12:05 . 2010-05-23 12:05 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2010-05-22 11:19 . 2010-05-22 12:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Audacity

2010-05-22 11:18 . 2010-05-22 11:19 -------- d-----w- c:\arquivos de programas\Audacity 1.3 Beta (Unicode)

2010-05-21 20:00 . 2010-05-11 13:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\LimeWire

2010-05-21 19:59 . 2010-05-21 19:59 -------- d-----w- c:\arquivos de programas\LimeWire

2010-05-21 19:47 . 2010-05-21 19:47 -------- d-----w- c:\arquivos de programas\WinPcap

2010-05-21 13:51 . 2010-05-12 17:38 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony

2010-05-20 13:21 . 2010-05-20 13:21 -------- d-----w- c:\arquivos de programas\CoolSMS

2010-05-19 14:39 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys

2010-05-19 14:39 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2010-05-19 14:39 . 2008-03-21 16:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-05-19 11:59 . 2010-05-19 11:59 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-05-19 11:55 . 2010-05-19 11:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\arquivos de programas\Apple Software Update

2010-05-19 11:54 . 2010-05-19 11:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2010-05-17 17:47 . 2010-05-21 11:46 1901 ----a-w- c:\windows\panose.bin

2010-05-16 12:32 . 2010-05-16 12:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\IProt

2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\windows\iprot

2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Bidgood Svcs

2010-05-16 12:22 . 2010-05-16 12:22 -------- d-----w- c:\arquivos de programas\wpcvtr

2010-05-16 12:18 . 2010-01-28 12:42 36864 ----a-w- c:\windows\system32\d2pdfpm.dll

2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Document2PDF Sample

2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Two Pilots

2010-05-16 12:18 . 2010-05-16 12:18 -------- d-----w- c:\arquivos de programas\Two Pilots

2010-05-13 17:48 . 2010-05-13 17:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Vbox

2010-05-13 11:18 . 2004-10-01 18:00 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2010-05-13 11:18 . 2010-05-13 11:18 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution

2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\arquivos de programas\Xenocode

2010-05-12 17:41 . 2010-05-12 17:41 -------- d-----w- c:\windows\XSxS

2010-05-12 14:31 . 2010-05-12 14:31 -------- d-----w- c:\arquivos de programas\Sony

2010-05-11 13:37 . 2010-05-11 13:38 -------- d-----w- c:\arquivos de programas\Ares

2010-05-11 13:05 . 2010-05-11 13:05 459264 ----a-w- c:\windows\system32\HTML2PDF.dll

2010-05-10 12:55 . 2010-05-06 14:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-05-10 12:21 . 2010-05-19 11:57 -------- d-----w- c:\arquivos de programas\QuickTime

2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\HPAppData

2010-05-10 11:34 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HPSSUPPLY

2010-05-10 11:32 . 2010-05-10 11:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-05-10 11:32 . 2010-05-10 11:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-05-10 11:30 . 2010-05-10 11:30 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-05-10 11:27 . 2010-05-10 11:35 148006 ----a-w- c:\windows\HPHins15.dat

2010-05-10 11:27 . 2007-08-28 06:45 2828 ------w- c:\windows\hphmdl15.dat

2010-05-09 18:58 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll

2010-05-09 18:58 . 2007-03-28 16:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll

2010-05-09 18:58 . 2007-03-28 17:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll

2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Nikon

2010-05-06 13:35 . 2010-05-06 13:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nikon

2010-05-02 17:04 . 2010-05-02 17:04 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-05 20:02 . 2009-07-24 14:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2010-08-05 19:56 . 2010-01-22 12:17 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-08-02 17:38 . 2009-11-12 10:56 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-06-28 20:33 . 2009-11-12 10:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2009-11-12 10:57 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-06-28 20:32 . 2009-11-12 10:57 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-06-28 20:32 . 2009-11-12 10:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-05-28 18:27 . 2009-07-24 14:44 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2010-05-26 17:59 . 2008-12-05 18:44 2568 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-05-26 13:48 . 2009-08-20 13:48 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-05-23 14:16 . 2009-06-19 11:36 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-05-23 13:45 . 2009-12-23 18:29 -------- d-----w- c:\arquivos de programas\Flash Slideshow Maker Professional

2010-05-23 12:05 . 2008-05-05 19:46 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-05-21 19:47 . 2009-08-18 12:20 -------- d-----w- c:\arquivos de programas\DsNET Corp

2010-05-19 14:56 . 2010-02-10 11:20 -------- d-----w- c:\arquivos de programas\Nokia

2010-05-19 14:43 . 2010-02-10 11:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nseries

2010-05-19 14:39 . 2010-02-10 11:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2010-05-19 14:39 . 2010-05-19 14:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2010-05-16 12:29 . 2009-07-01 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2010-05-16 12:28 . 2009-08-20 13:47 -------- d-----w- c:\arquivos de programas\GbPlugin

2010-05-13 19:07 . 2008-06-26 18:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2010-05-13 17:47 . 2008-05-05 18:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-05-12 18:39 . 2008-05-05 18:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-12 14:30 . 2009-08-28 17:54 -------- d-----w- c:\arquivos de programas\Sony Setup

2010-05-10 11:34 . 2009-07-14 12:55 -------- d-----w- c:\arquivos de programas\HP

2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\ADPHONE

2010-05-07 17:24 . 2008-12-19 18:26 -------- d-----w- c:\arquivos de programas\ADPHONE3

2010-05-07 11:09 . 2001-10-28 12:07 88166 ----a-w- c:\windows\system32\perfc016.dat

2010-05-07 11:09 . 2001-10-28 12:07 489932 ----a-w- c:\windows\system32\perfh016.dat

2010-05-06 12:03 . 2008-10-17 20:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead

2010-05-02 14:17 . 2010-05-02 14:17 337 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\.bat

2010-04-29 18:39 . 2010-01-22 12:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2010-01-22 12:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-29 13:58 . 2010-04-29 13:58 4270080 ----a-w- c:\windows\system32\PDFCreatorPilot.dll

2010-04-12 20:29 . 2010-04-05 17:01 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-05 17:02 . 2008-06-25 17:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-04-05 17:01 . 2008-06-25 17:20 -------- d-----w- c:\arquivos de programas\Java

2006-05-03 10:06 . 2009-12-23 10:49 163328 --sh--r- c:\windows\system32\flvDX.dll

2008-05-05 18:08 . 2008-05-05 18:02 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2007-02-21 11:47 . 2009-12-23 10:49 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 . 2009-12-23 10:49 216064 --sh--r- c:\windows\system32\nbDX.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-05-27_17.28.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-31 11:12 . 2010-05-31 11:12 16384 c:\windows\Temp\Perflib_Perfdata_a14.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-06-28 20:59 153184 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\snxPlugins.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-10-23 90112]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Nokia FastStart"="c:\arquivos de programas\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Document2PDF virtual printer agent"="c:\arquivos de programas\Document2PDF Sample\d2pdfagent.exe" [2010-01-28 94208]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2010-03-18 421888]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-05-26 13:47 335136 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= c:\arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

"c:\\Arquivos de programas\\EasyPHP\\mysql\\bin\\mysqld-nt.exe"=

"c:\\Arquivos de programas\\EasyPHP\\apache\\Apache.exe"=

"c:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [20/8/2009 10:48 45472]

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/5/2009 14:13 61328]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/8/2010 14:43 312912]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/8/2010 14:43 165456]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22 3584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/8/2010 14:43 17744]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072]

R2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [22/1/2010 08:45 311568]

R2 MailList Controller;MailList Controller;c:\arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52 1585152]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47 135664]

S2 s;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [20/8/2009 10:48 55072]

S2 TwonkyMedia;TwonkyMedia;c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\arquivos de programas\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 NitroPCSrv;NitroPC Service;c:\arquivos de programas\NitroPC\NitroPCService.exe [29/5/2009 23:29 847376]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/1/2009 15:05 717296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47]

 

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Save Flash - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\arquivos de programas\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

IE: Sothink SWF Catcher - c:\arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\arquivos de programas\Google\Google Gears\Firefox\lib\ff35\gears.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll

FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\plugins\npPxPlay.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-31 08:38

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

"haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(688)

c:\arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(3960)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-05-31 08:46:59

ComboFix-quarantined-files.txt 2010-05-31 11:46

ComboFix2.txt 2010-05-27 17:36

 

Pré-execução: 31 pasta(s) 57.774.710.784 bytes disponíveis

Pós execução: 32 pasta(s) 57.776.582.656 bytes disponíveis

 

- - End Of File - - 7ABE7A804F6CC6EF84434963D34ABF61

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.