[Resolvido] &nbspAnalise de Log, suspeita de Virus

[jgwerneck 0]

Olá Pessoal, meu computador esta muito estranho, eu to achando que ele ta com mtos virus, vai ai o LOG do Hijackthis.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:13:32, on 21/10/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdateBeta.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Windows\system32\IoctlSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe

C:\Windows\system32\conhost.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A3EB6997-5E24-4674-B565-31CDF73AAFBB} - c:\windows\system32\dlocdfe.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\npwinext.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldpt-br.cab

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (GoogleUpdateBeta) - Google Inc - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdateBeta.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

 

--

End of file - 9714 bytes

 

 

 

Obrigado,

Abraços

[wings 22]

Olá jgwerneck

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

 

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado (geralmente C:\)

*Ao finalizar o scan, clique [sIM] > [OK] > [Mostrar Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado

[jgwerneck 0]

www.malwarebytes.org

 

Versão da Base de Dados: 4905

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

21/10/2010 22:07:13

mbam-log-2010-10-21 (22-07-13).txt

 

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)

Objetos escaneados: 298601

Tempo decorrido: 1 hora(s), 31 minuto(s), 38 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Windows\Temp\pkcf.tmp\setup.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

[wings 22]

1.

*Baixe o SCRP e salve-o no desktop

*Extraia para o desktop

*Execute o SCRP, aguarde e clique [OK]

 

2.

*Desative temporariamente seu antivírus

 

 

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Aguarde a conclusão de todas as etapas

 

 

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

 

*Cole o relatório C:\combofix.txt

[jgwerneck 0]

ComboFix 10-10-22.03 - Joao 22/10/2010 18:26:34.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1790.1084 [GMT -2:00]

Executando de: C:\Users\Joao\Desktop\ComboFix.exe

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Joao\AppData\Roaming\inst.exe

C:\Windows\system32\drivers\drive.sys

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-22 to 2010-10-22 ))))))))))))))))))))))))))))

.

 

2010-10-22 20:36:17 . 2010-10-22 20:36:17 -------- d-----w- C:\Users\Default\AppData\Local\temp

2010-10-22 20:04:44 . 2010-10-22 20:05:49 -------- d-----w- C:\32788R22FWJFW

2010-10-22 20:03:29 . 2010-10-07 23:21:31 6146896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D572B35-B668-4C70-B713-27755BCEE518}\mpengine.dll

2010-10-22 07:11:05 . 2010-10-22 07:11:05 -------- d-----w- C:\Windows\system32\Wat

2010-10-22 03:21:03 . 2010-10-07 23:21:31 6146896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2010-10-22 03:19:36 . 2009-11-25 14:47:34 99176 ----a-w- C:\Windows\system32\PresentationHostProxy.dll

2010-10-22 03:19:36 . 2009-11-25 14:47:34 295264 ----a-w- C:\Windows\system32\PresentationHost.exe

2010-10-22 03:19:35 . 2009-11-25 14:47:34 49472 ----a-w- C:\Windows\system32\netfxperf.dll

2010-10-22 03:19:35 . 2009-11-25 14:47:34 297808 ----a-w- C:\Windows\system32\mscoree.dll

2010-10-22 03:19:35 . 2009-11-25 14:47:34 1130824 ----a-w- C:\Windows\system32\dfshim.dll

2010-10-22 03:08:29 . 2010-10-22 03:08:29 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help

2010-10-21 19:34:17 . 2010-06-29 04:57:58 4247040 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-10-21 19:34:16 . 2010-06-29 05:02:02 1413632 ----a-w- C:\Windows\system32\ole32.dll

2010-10-21 19:34:14 . 2010-06-14 06:12:30 1286016 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2010-10-21 19:32:55 . 2009-12-11 07:44:02 133720 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys

2010-10-21 19:31:43 . 2010-08-27 03:31:30 310784 ----a-w- C:\Windows\system32\drivers\srv.sys

2010-10-21 19:31:43 . 2010-08-27 03:30:47 308736 ----a-w- C:\Windows\system32\drivers\srv2.sys

2010-10-21 19:31:42 . 2010-08-27 05:46:48 168448 ----a-w- C:\Windows\system32\srvsvc.dll

2010-10-21 19:31:42 . 2010-08-27 03:30:40 113664 ----a-w- C:\Windows\system32\drivers\srvnet.sys

2010-10-21 19:31:39 . 2010-08-21 05:36:33 738816 ----a-w- C:\Windows\system32\wmpmde.dll

2010-10-21 19:31:37 . 2010-03-08 21:33:56 427520 ----a-w- C:\Windows\system32\vbscript.dll

2010-10-21 19:31:36 . 2010-05-05 06:46:55 363520 ----a-w- C:\Windows\system32\StructuredQuery.dll

2010-10-21 19:31:33 . 2010-02-27 07:32:26 221696 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys

2010-10-21 19:31:33 . 2010-02-27 07:32:12 95744 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys

2010-10-21 19:31:33 . 2010-02-27 07:32:05 123392 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys

2010-10-21 19:16:49 . 2010-05-27 03:49:37 293888 ----a-w- C:\Windows\system32\atmfd.dll

2010-10-21 19:16:48 . 2010-05-27 07:24:13 34304 ----a-w- C:\Windows\system32\atmlib.dll

2010-10-21 19:13:42 . 2009-12-29 06:55:34 172032 ----a-w- C:\Windows\system32\wintrust.dll

2010-10-21 19:12:41 . 2010-01-09 06:52:59 132608 ----a-w- C:\Windows\system32\cabview.dll

2010-10-13 17:27:34 . 2010-10-13 17:27:43 -------- d-----w- C:\Program Files\Common Files\Adobe

2010-10-08 12:12:00 . 2010-10-08 12:12:00 -------- d-----w- C:\Program Files\iPod

2010-10-08 12:11:59 . 2010-10-08 12:13:12 -------- d-----w- C:\Program Files\iTunes

2010-10-08 12:07:20 . 2010-10-08 12:07:23 -------- d-----w- C:\Program Files\Bonjour

2010-09-30 16:28:45 . 2010-09-30 16:28:45 -------- d-----w- C:\Users\Joao\AppData\Local\Apps

2010-09-27 22:22:21 . 2010-10-08 15:27:22 -------- d-----w- C:\Program Files\Sid Meier's Civilization V

2010-09-26 17:04:40 . 2010-09-26 17:05:08 -------- d-----w- C:\Program Files\Veetle

2010-09-24 14:59:20 . 2010-09-25 13:52:26 -------- d-----w- C:\Program Files\Common Files\Blizzard Entertainment

2010-09-22 21:10:52 . 2010-09-22 21:10:52 103864 ----a-w- C:\Program Files\Internet Explorer\Plugins\nppdf32.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-21 19:11:55 . 2010-06-21 07:21:59 388608 ----a-w- C:\HiJackThis.exe

2010-10-19 20:51:33 . 2010-02-20 00:17:50 222080 ------w- C:\Windows\system32\MpSigStub.exe

2010-10-07 23:21:31 . 2010-08-02 11:54:33 6146896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-29 12:50:34 . 2010-03-06 15:36:12 45472 ----a-w- C:\Windows\system32\drivers\gbpkm.sys

2010-09-19 18:06:36 . 2010-09-19 18:06:36 387584 ----a-w- C:\Windows\system32\drivers\ksvjqpuk.sys

2010-09-12 17:16:10 . 2010-09-12 17:16:10 387584 ----a-w- C:\Windows\system32\drivers\afavsayg.sys

2010-09-12 00:03:50 . 2010-09-12 00:03:35 727040 ----a-w- C:\Windows\system32\dloCDFE.dll

2010-09-12 00:03:35 . 2010-09-12 00:03:35 0 ----a-w- C:\Windows\system32\dloCDFE.tmp

2010-09-08 14:17:46 . 2010-09-08 14:17:46 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx

2010-09-08 14:17:46 . 2010-09-08 14:17:46 69632 ----a-w- C:\Windows\system32\QuickTime.qts

2010-08-09 19:21:49 . 2010-08-09 19:21:49 387584 ----a-w- C:\Windows\system32\drivers\dpuijcmn.sys

2010-08-09 17:16:38 . 2010-08-09 17:16:38 387584 ----a-w- C:\Windows\system32\drivers\paudtbjt.sys

2010-08-08 06:44:22 . 2010-08-08 06:44:22 387584 ----a-w- C:\Windows\system32\drivers\vcrksexv.sys

2010-07-27 21:44:10 . 2010-07-27 21:44:10 91424 ----a-w- C:\Windows\system32\dnssd.dll

2010-07-27 21:44:10 . 2010-07-27 21:44:10 107808 ----a-w- C:\Windows\system32\dns-sd.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

2010-09-12 00:03:50 727040 ----a-w- c:\Windows\System32\dloCDFE.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]

@="{A3EB6997-5E24-4674-B565-31CDF73AAFBB}"

[HKEY_CLASSES_ROOT\CLSID\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

2010-09-12 00:03:50 727040 ----a-w- c:\Windows\System32\dloCDFE.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 11:57:08 369200]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-07 21:12:10 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 19:43:04 288088]

"MSSE"="C:\Program Files\Microsoft Security Essentials\msseces.exe" [2010-09-15 06:34:02 1094224]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 03:28:52 47904]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 14:44:46 248552]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-09-08 14:17:42 421888]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-09-24 05:10:52 421160]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 07:47:04 35760]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 02:07:44 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-09-29 12:49:22 342304 ----a-w- C:\Program Files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-09-22 03:28:52 47904 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]

2010-01-26 19:10:58 243032 ----a-w- C:\Program Files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57:08 369200 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-02-28 19:07:58 1828136 ----a-w- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]

2010-03-03 10:13:20 1824040 ----a-w- C:\Program Files\ManyCam 2.4\ManyCam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-02-18 18:29:02 2221352 ----a-w- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 14:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

 

2;2 qajkhxrt;Bluetooth Serial Communications Monitor;C:\Windows\System32\svchost.exe [x]

R1 MpKsldbf975df;MpKsldbf975df;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA707C7A-DA3B-42F2-B82B-35B775E5ED63}\MpKsldbf975df.sys [x]

R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-07 22:24:55 136176]

R2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2009-07-10 13:54:14 136496]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 23:30:22 42368]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-22 02:59:13 1343400]

R4 sptd;sptd;C:\Windows\system32\Drivers\sptd.sys [2010-03-01 05:35:35 691696]

S0 GbpKm;Gbp KernelMode;C:\Windows\system32\drivers\gbpkm.sys [2010-09-29 12:50:34 45472]

S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [2010-09-29 12:50:20 55072]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 10:06:32 21632]

S3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-04-15 12:13:14 51160]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 22:02:53 347136]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 22:13:45 207360]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 22:13:46 980992]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 22:13:45 661504]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x86.sys [2009-07-13 22:02:53 311296]

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

qajkhxrt

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-22 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-07 22:25:06 . 2010-06-07 22:24:55]

 

2010-10-22 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-07 22:25:06 . 2010-06-07 22:24:55]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-HijackThis - C:\Users\Joao\Downloads\programas de instalaçao\HijackThis.exe

 

 

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(540)

C:\Program Files\Scpad\scpLIB.dll

C:\Program Files\Scpad\scpMIB.dll

C:\Program Files\Scpad\sshib.dll

.

Tempo para conclusão: 2010-10-22 18:40:32

ComboFix-quarantined-files.txt 2010-10-22 20:40:31

 

Pré-execução: 41.080.012.800 bytes disponíveis

Pós execução: 43.502.272.512 bytes disponíveis

 

- - End Of File - - 264C06F286A0773EA4F1F6E93EE0DE41

[wings 22]

Olá jgwerneck

 

 

*Abra o bloco de notas e cole nele o código abaixo:

 

File::

C:\Windows\system32\drivers\ksvjqpuk.sys

C:\Windows\system32\drivers\afavsayg.sys

C:\Windows\system32\dloCDFE.dll

C:\Windows\system32\dloCDFE.tmp

C:\Windows\system32\drivers\dpuijcmn.sys

C:\Windows\system32\drivers\paudtbjt.sys

C:\Windows\system32\drivers\vcrksexv.sys

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório C:\combofix.txt

[jgwerneck 0]

ComboFix 10-10-22.03 - Joao 23/10/2010 16:12:38.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1790.948 [GMT -2:00]

Executando de: c:\users\Joao\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Joao\Desktop\CFScript.txt

 

FILE ::

"c:\windows\system32\dloCDFE.dll"

"c:\windows\system32\dloCDFE.tmp"

"c:\windows\system32\drivers\afavsayg.sys"

"c:\windows\system32\drivers\dpuijcmn.sys"

"c:\windows\system32\drivers\ksvjqpuk.sys"

"c:\windows\system32\drivers\paudtbjt.sys"

"c:\windows\system32\drivers\vcrksexv.sys"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\dloCDFE.dll

c:\windows\system32\dloCDFE.tmp

c:\windows\system32\drivers\afavsayg.sys

c:\windows\system32\drivers\dpuijcmn.sys

c:\windows\system32\drivers\ksvjqpuk.sys

c:\windows\system32\drivers\paudtbjt.sys

c:\windows\system32\drivers\vcrksexv.sys

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-24 to 2010-10-24 ))))))))))))))))))))))))))))

.

 

2010-10-23 18:20 . 2010-10-23 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-23 17:45 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E52952F6-A0CD-47A8-AC64-F355CA6814F8}\mpengine.dll

2010-10-22 07:11 . 2010-10-22 07:11 -------- d-----w- c:\windows\system32\Wat

2010-10-22 03:21 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2010-10-22 03:19 . 2009-11-25 14:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-10-22 03:19 . 2009-11-25 14:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-10-22 03:19 . 2009-11-25 14:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-10-22 03:19 . 2009-11-25 14:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-10-22 03:19 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-10-22 03:08 . 2010-10-22 03:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2010-10-21 19:34 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2010-10-21 19:34 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-10-21 19:34 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-10-21 19:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-10-21 19:31 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-21 19:31 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-21 19:31 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-21 19:31 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-21 19:31 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-21 19:31 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-10-21 19:31 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-10-21 19:31 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-10-21 19:31 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-10-21 19:31 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-10-21 19:16 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-10-21 19:16 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-21 19:13 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-10-21 19:12 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2010-10-13 17:27 . 2010-10-13 17:27 -------- d-----w- c:\program files\Common Files\Adobe

2010-10-08 12:12 . 2010-10-08 12:12 -------- d-----w- c:\program files\iPod

2010-10-08 12:11 . 2010-10-08 12:13 -------- d-----w- c:\program files\iTunes

2010-10-08 12:07 . 2010-10-08 12:07 -------- d-----w- c:\program files\Bonjour

2010-09-30 16:28 . 2010-09-30 16:28 -------- d-----w- c:\users\Joao\AppData\Local\Apps

2010-09-27 22:22 . 2010-10-08 15:27 -------- d-----w- c:\program files\Sid Meier's Civilization V

2010-09-26 17:04 . 2010-09-26 17:05 -------- d-----w- c:\program files\Veetle

2010-09-24 14:59 . 2010-09-25 13:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-21 19:11 . 2010-06-21 07:21 388608 ----a-w- C:\HiJackThis.exe

2010-10-19 20:51 . 2010-02-20 00:17 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-07 23:21 . 2010-08-02 11:54 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-29 12:50 . 2010-03-06 15:36 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-09-08 14:17 . 2010-09-08 14:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 14:17 . 2010-09-08 14:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-07-27 21:44 . 2010-07-27 21:44 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 21:44 . 2010-07-27 21:44 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

2009-07-13 23:11 727040 ----a-w- c:\windows\System32\dlocdfe.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]

@="{A3EB6997-5E24-4674-B565-31CDF73AAFBB}"

[HKEY_CLASSES_ROOT\CLSID\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

2009-07-13 23:11 727040 ----a-w- c:\windows\System32\dlocdfe.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-07 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-09-29 12:49 342304 ----a-w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-09-22 03:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]

2010-01-26 19:10 243032 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-02-28 19:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]

2010-03-03 10:13 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-02-18 18:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 14:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

2;2 qajkhxrt;Bluetooth Serial Communications Monitor;c:\windows\System32\svchost.exe [x]

R1 MpKsldbf975df;MpKsldbf975df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA707C7A-DA3B-42F2-B82B-35B775E5ED63}\MpKsldbf975df.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176]

R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1343400]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-01 691696]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-09-29 45472]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-09-29 55072]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

qajkhxrt

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 22:24]

 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 22:24]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(552)

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

 

- - - - - - - > 'Explorer.exe'(3036)

c:\windows\system32\dlocdfe.dll

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

c:\windows\system32\libssl32.dll

c:\windows\system32\LIBEAY32.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\sppsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\vssvc.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-10-24 02:46:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-10-24 04:46

ComboFix2.txt 2010-10-22 20:40

 

Pré-execução: 43.140.608.000 bytes disponíveis

Pós execução: 46.976.536.576 bytes disponíveis

 

- - End Of File - - 26E7978F715D9C7C915B287B9A3A34C3

[wings 22]

Olá jgwerneck

 

1.

*Baixe o SystemLook e salve-o no desktop

*Execute o SystemLook

*Cole o código no espaço em branco:

:file

c:\windows\System32\dlocdfe.dll

*Clique [Look]

*Cole o relatório SystemLook.txt localizado no desktop

 

2.

*Envie o arquivo abaixo para análise em http://www.virustotal.com.br

c:\windows\System32\dlocdfe.dll

*Cole o link contendo o resultado

[jgwerneck 0]

SystemLook 04.09.10 by jpshortstuff

Log created at 14:56 on 24/10/2010 by Joao

Administrator - Elevation successful

 

========== file ==========

 

c:\windows\System32\dlocdfe.dll - File found and opened.

MD5: E41DD15691B8929384DF6AAA8FD5E45D

Created at 23:11 on 13/07/2009

Modified at 23:11 on 13/07/2009

Size: 727040 bytes

Attributes: --a----

FileDescription: boteebkx DLL

FileVersion: 5.1.2600.5167

ProductVersion: 5.1.2600.5167

OriginalFilename: boteebkx.dll

InternalName: boteebkx

ProductName: Microsoft® Windows® Operating System

CompanyName: srliqmrjzh Corporation

LegalCopyright: © srliqmrjzh Corporation. All rights reserved.

 

-= EOF =-

 

http://www.virustotal.com/file-scan/compact.html?id=cc5b86dcef4b25cb6556b5021c42c3195349217b77102443bc8b426cda7b6355-1287939594

[wings 22]

*Abra o bloco de notas e cole nele o código abaixo:

File::

c:\windows\System32\dlocdfe.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

[-HKEY_CLASSES_ROOT\CLSID\{A3EB6997-5E24-4674-B565-31CDF73AAFBB}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]

Driver::

qajkhxrt

NetSvc::

qajkhxrt

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório C:\combofix.txt

[jgwerneck 0]

ComboFix 10-10-22.03 - Joao 24/10/2010 18:12:08.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1790.1053 [GMT -2:00]

Executando de: c:\users\Joao\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Joao\Desktop\CFScript.txt

 

FILE ::

"c:\windows\System32\dlocdfe.dll"

.

ADS - drivers: deleted 204 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\System32\dlocdfe.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_qajkhxrt

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-09-24 to 2010-10-24 ))))))))))))))))))))))))))))

.

 

2010-10-24 20:19 . 2010-10-24 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-10-24 04:52 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EF83DEA-5FD9-434E-89D9-BA0A0DEA309D}\mpengine.dll

2010-10-22 07:11 . 2010-10-22 07:11 -------- d-----w- c:\windows\system32\Wat

2010-10-22 03:21 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2010-10-22 03:19 . 2009-11-25 14:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-10-22 03:19 . 2009-11-25 14:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-10-22 03:19 . 2009-11-25 14:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-10-22 03:19 . 2009-11-25 14:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-10-22 03:19 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-10-22 03:08 . 2010-10-22 03:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2010-10-21 19:34 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2010-10-21 19:34 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2010-10-21 19:34 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-10-21 19:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-10-21 19:31 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-21 19:31 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-21 19:31 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-21 19:31 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-21 19:31 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-21 19:31 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-10-21 19:31 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-10-21 19:31 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-10-21 19:31 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-10-21 19:31 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-10-21 19:16 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-10-21 19:16 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-10-21 19:13 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-10-21 19:12 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

2010-10-13 17:27 . 2010-10-13 17:27 -------- d-----w- c:\program files\Common Files\Adobe

2010-10-08 12:12 . 2010-10-08 12:12 -------- d-----w- c:\program files\iPod

2010-10-08 12:11 . 2010-10-08 12:13 -------- d-----w- c:\program files\iTunes

2010-10-08 12:07 . 2010-10-08 12:07 -------- d-----w- c:\program files\Bonjour

2010-09-30 16:28 . 2010-09-30 16:28 -------- d-----w- c:\users\Joao\AppData\Local\Apps

2010-09-27 22:22 . 2010-10-08 15:27 -------- d-----w- c:\program files\Sid Meier's Civilization V

2010-09-26 17:04 . 2010-09-26 17:05 -------- d-----w- c:\program files\Veetle

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-21 19:11 . 2010-06-21 07:21 388608 ----a-w- C:\HiJackThis.exe

2010-10-19 20:51 . 2010-02-20 00:17 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-07 23:21 . 2010-08-02 11:54 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-29 12:50 . 2010-03-06 15:36 45472 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-09-08 14:17 . 2010-09-08 14:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 14:17 . 2010-09-08 14:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-07-27 21:44 . 2010-07-27 21:44 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 21:44 . 2010-07-27 21:44 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-07 39408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-09-29 12:49 342304 ----a-w- c:\program files\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-09-22 03:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bing Bar]

2010-01-26 19:10 243032 ----a-w- c:\program files\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-02-28 19:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]

2010-03-03 10:13 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-02-18 18:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 14:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

R1 MpKsldbf975df;MpKsldbf975df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA707C7A-DA3B-42F2-B82B-35B775E5ED63}\MpKsldbf975df.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 136176]

R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-22 1343400]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-01 691696]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-09-29 45472]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-09-29 55072]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 22:24]

 

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-07 22:24]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(552)

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

 

- - - - - - - > 'Explorer.exe'(2572)

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\sppsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-10-24 18:30:26 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-10-24 20:30

ComboFix2.txt 2010-10-24 04:46

ComboFix3.txt 2010-10-22 20:40

 

Pré-execução: 46.735.085.568 bytes disponíveis

Pós execução: 46.477.692.928 bytes disponíveis

 

- - End Of File - - EC55CFC04C25749A618534E92BABF73C

[wings 22]

Olá jgwerneck

 

O log está limpo.

 

 

*Clique em [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

Um abraço.

[jgwerneck 0]

Valeu Wings, então ta tudo limpeza aqui??

abraço

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.