[Resolvido] &nbspNão exclui

Jackson Dias · Janeiro 3, 2011

Pessoal,

Estou aqui com um cartão micro usd 2gb com uns arquivos que não estão excluindo...

Os arquivos (que só aparecem no celular, nao aparecem no computador) são:

jixef.scr

ert.dll

jixefx.exe

x.exe

jixef.exe

Obs.: Antes aparecia vários arquivos *lnk (com os nomes das pastas que já tinham) esses exclui tudo pelo proprio celular depois de escanear com o AVG, não voltaram, mas esses arquivos que citei, não excluem pelo celular e nem aparecem no computador.

Já procurei pelo google, mas até o momento não consegui nenhuma resposta.

Alguem sabe como remover isso?

Abraços,

Jackson

Power Max · Janeiro 3, 2011

:thumbsup: Olá Jackson!

:seta: Siga, por gentileza, as dicas deste tutorial:

Tutorial do USBFix

Poste o log do Usbfix que estará em C:\UsbFix.txt em sua próxima resposta juntamente com um log do Hijackthis e nos diga como está o cartão após este procedimento.

Ficamos no aguardo.

Jackson Dias · Janeiro 3, 2011

Olá Toin! :thumbsup:

Vamos lá:

############################## | UsbFix 7.037 | [supressão]

Usuário: IsaIca (Administrador) # FAMILA-GORAX-E8 [ ]

Atualizado em 03/01/2011 por El Desaparecido / C_XX

Começou em 18:22:26 | 03/01/2011

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

CPU: Intel® Pentium® Dual CPU E2160 @ 1.80GHz

CPU 2: Intel® Pentium® Dual CPU E2160 @ 1.80GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall: Habilitado

Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]

RAM -> 2039 Mb

C:\ (%systemdrive%) -> Disco fixo # 57 Gb (34 Mb livre - 59%) [] # NTFS

D:\ -> Disco fixo # 176 Gb (131 Mb livre - 75%) [Poliana] # NTFS

E:\ -> CD-ROM

G:\ -> Disco removível # 32 Mb (29 Mb livre - 91%) [] # FAT

H:\ -> Disco removível # 2 Gb (1 Mb livre - 77%) [] # FAT

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-1614895754-2025429265-1417001333-1003

Supprimido ! D:\Recycler\S-1-5-21-1614895754-2025429265-1417001333-1003

Supprimido ! D:\Recycler\S-1-5-21-776561741-1677128483-1202660629-500

################## | Registro |

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\F

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0eb09359-137e-11e0-af59-001d927af92c}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{341c7c2a-975e-11df-ac9a-001d927af92c}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{fa0b8633-033d-11e0-aeff-001d927af92c}

################## | Listing |

[14/07/2010 - 12:09:09 | D ] C:\$AVG

[03/01/2011 - 10:43:42 | D ] C:\Arquivos de programas

[18/06/2010 - 14:53:11 | N | 0] C:\AUTOEXEC.BAT

[18/06/2010 - 23:02:48 | N | 211] C:\Boot.bak

[26/12/2010 - 14:50:50 | N | 210] C:\boot.ini

[14/04/2008 - 09:00:00 | N | 4952] C:\Bootfont.bin

[22/07/2010 - 19:09:29 | D ] C:\cmdcons

[03/08/2004 - 23:00:16 | N | 261856] C:\cmldr

[03/01/2011 - 13:32:11 | D ] C:\ComboFix

[22/07/2010 - 19:14:14 | N | 27558] C:\ComboFix.txt

[11/12/2010 - 10:16:53 | D ] C:\Config.Msi

[18/06/2010 - 14:53:11 | N | 0] C:\CONFIG.SYS

[18/06/2010 - 14:57:10 | D ] C:\Documents and Settings

[03/01/2011 - 13:28:17 | D ] C:\HijackThis

[21/10/2010 - 20:32:45 | D ] C:\HJDATILO

[23/11/2010 - 14:26:12 | N | 230424] C:\img2-001.raw

[18/06/2010 - 19:09:54 | D ] C:\Intel

[18/06/2010 - 14:53:11 | N | 0] C:\IO.SYS

[01/10/2010 - 21:50:34 | D ] C:\Level Up! Games

[18/06/2010 - 14:53:11 | N | 0] C:\MSDOS.SYS

[18/06/2010 - 19:29:19 | RD ] C:\MSOCache

[03/01/2011 - 13:36:14 | D ] C:\Norton Security Scan

[14/04/2008 - 09:00:00 | N | 47564] C:\NTDETECT.COM

[14/04/2008 - 09:00:00 | N | 251696] C:\ntldr

[03/01/2011 - 17:33:31 | ASH | 2145386496] C:\pagefile.sys

[25/07/2010 - 13:53:01 | N | 22780] C:\PatchLog.txt

[03/01/2011 - 10:25:03 | D ] C:\PenClean

[03/01/2011 - 13:32:11 | D ] C:\Qoobox

[03/01/2011 - 18:24:56 | SHD ] C:\RECYCLER

[07/07/2010 - 12:24:37 | N | 4096] C:\SHADOW.IDX

[23/07/2010 - 09:21:16 | SHD ] C:\System Volume Information

[17/09/2010 - 22:19:17 | D ] C:\TEMP

[18/06/2010 - 23:02:17 | N | 2448] C:\try.txt

[03/01/2011 - 18:24:56 | D ] C:\UsbFix

[03/01/2011 - 18:24:55 | A | 1002] C:\UsbFix.txt

[31/12/2010 - 03:21:28 | D ] C:\WINDOWS

[19/11/2010 - 16:19:52 | N | 904521] D:\1_gangrena de fournier.pdf

[24/07/2010 - 21:19:01 | N | 2448359424] D:\2958343_MVM_0.tmp

[24/07/2010 - 21:17:54 | N | 0] D:\2958343_MVM_1.tmp

[24/07/2010 - 21:17:54 | N | 0] D:\2958343_MVM_2.tmp

[02/09/2010 - 19:20:09 | D ] D:\93d60677d856e4cce6f33e5c

[27/07/2010 - 21:08:11 | D ] D:\a9ca7665c2591619d940

[27/03/2010 - 14:53:50 | D ] D:\Blocos de Anotações do OneNote

[24/07/2010 - 01:18:30 | D ] D:\c2491652bbc2980c896454

[28/05/2010 - 20:53:29 | D ] D:\Corel User Files

[18/06/2010 - 12:11:01 | ASH | 87] D:\desktop.ini

[07/12/2010 - 12:45:11 | D ] D:\Diversos

[16/07/2010 - 15:54:55 | D ] D:\Downloads

[23/07/2010 - 19:35:03 | D ] D:\fcb70d5479cec1a69ac84aeb0c

[01/01/2011 - 20:11:46 | D ] D:\Imagens

[02/10/2010 - 11:05:37 | D ] D:\LIVROS

[11/07/2010 - 10:24:04 | D ] D:\Meus arquivos recebidos

[20/04/2010 - 12:29:31 | D ] D:\My Weblog Posts

[28/12/2010 - 11:20:37 | D ] D:\Músicas

[04/10/2010 - 11:24:53 | D ] D:\Programas

[03/01/2011 - 18:24:56 | SHD ] D:\RECYCLER

[28/04/2010 - 21:25:20 | N | 480] D:\spider.sav

[15/05/2010 - 23:14:15 | N | 4231] D:\SVCD1.nsd

[18/06/2010 - 16:18:57 | SHD ] D:\System Volume Information

[19/11/2010 - 20:59:48 | ASH | 6144] D:\Thumbs.db

[09/04/2010 - 06:19:55 | N | 8809] D:\VCD1.nrv

[27/07/2010 - 21:00:17 | D ] D:\viagem a Imperatriz

[17/09/2010 - 14:09:38 | D ] D:\Vídeos

################## | Vaccin |

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

################## | Upload |

Favor enviar o arquivo: C:\UsbFix_Upload_Me_FAMILA-GORAX-E8.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

################## | E.O.F |

############################## | UsbFix 7.037 | [Pesquisa]

Usuário: IsaIca (Administrador) # FAMILA-GORAX-E8 [ ]

Atualizado em 03/01/2011 por El Desaparecido / C_XX

Começou em 18:53:09 | 03/01/2011

Site: http://www.teamxscript.org

Contato: eldesaparecido@teamxscript.org

CPU: Intel® Pentium® Dual CPU E2160 @ 1.80GHz

CPU 2: Intel® Pentium® Dual CPU E2160 @ 1.80GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall: Habilitado

Antivirus: AVG Anti-Virus Free 9.0 [Enabled | Updated]

RAM -> 2039 Mb

C:\ (%systemdrive%) -> Disco fixo # 57 Gb (33 Mb livre - 59%) [] # NTFS

D:\ -> Disco fixo # 176 Gb (131 Mb livre - 75%) [Poliana] # NTFS

E:\ -> CD-ROM

G:\ -> Disco removível # 32 Mb (29 Mb livre - 91%) [] # FAT

H:\ -> Disco removível # 2 Gb (1 Mb livre - 77%) [] # FAT

################## | Ficheiros # pastas infeciosos |

################## | Registro |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{fa0b8645-033d-11e0-aeff-001d927af92c}

Shell\AutoRun\Command = G:\LGAutoRun.exe

################## | Vaccin |

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:56:16, on 3/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft....k/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MessengerPlusLive Brazil TB - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\IsaIca\Dados de aplicativos\Mozilla\Firefox\Profiles\bdmic5az.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.87.dll

O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LG Link Air Option - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209

O8 - Extra context menu item: LG Link Air Save to Mobile Document Folder - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210

O8 - Extra context menu item: LG Link Air Save to Mobile Memo - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208

O8 - Extra context menu item: LG Link Air Save to Mobile Photo Album - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206

O8 - Extra context menu item: LG Link Air Set as Mobile Wallpaper - res://C:\Arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zon...S.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail....ol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{64732AC3-BF47-4751-8FBF-CDA0940361E5}: NameServer = 200.220.227.56 200.142.132.32

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANSAV Guard (ANSAVDaemon) - Unknown owner - G:\ANSAV\ansavd.exe (file missing)

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

--

End of file - 8521 bytes

Obs.: Tem alguns arquivos no cartão de memoria que foram de ferramentas que pesquisei de como possivelmente remover/vacinar.

Obs. 2: Os arquivos persistem no cartão ;(

Abraço.

Jackson

Power Max · Janeiro 3, 2011

:) Alguns problemas foram removidos pelo Usbfix.

______________________

:seta: Conecte o cartão de memória e siga esta dica:

Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

Ficamos no aguardo.

Jackson Dias · Janeiro 4, 2011

Segue o log:

ComboFix 11-01-03.01 - IsaIca 04/01/2011 0:19.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1547 [GMT -3:00]

Executando de: c:\documents and settings\IsaIca\desktop\Combofix.exe

Comandos utilizados :: /killall

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\1.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\a.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\b.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\c.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\d.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\e.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\f.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\g.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\h.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\i.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\J.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\k.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\l.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\m.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\n.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\o.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\p.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\q.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\r.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\s.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\t.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\u.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\v.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\w.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\x.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\y.xml

c:\documents and settings\IsaIca\Dados de aplicativos\PriceGong\Data\z.xml

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-12-04 to 2011-01-04 ))))))))))))))))))))))))))))

.

2011-01-03 13:23 . 2011-01-03 13:25 -------- d-----w- C:\PenClean

2010-12-31 23:17 . 2010-12-31 23:17 -------- d-----w- c:\documents and settings\IsaIca\Configurações locais\Dados de aplicativos\MessengerPlusLive_Brazil_TB

2010-12-31 23:17 . 2010-12-31 23:17 -------- d-----w- c:\documents and settings\IsaIca\Configurações locais\Dados de aplicativos\ConduitEngine

2010-12-31 23:17 . 2010-12-31 23:17 -------- d-----w- c:\arquivos de programas\ConduitEngine

2010-12-31 23:17 . 2010-12-31 23:17 -------- d-----w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB

2010-12-26 14:09 . 2011-01-03 16:38 -------- d-----w- c:\arquivos de programas\GamesBar

2010-12-26 14:09 . 2010-12-26 14:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Oberon Media

2010-12-26 14:09 . 2010-12-26 17:22 -------- d-----w- c:\arquivos de programas\3B Software

2010-12-26 13:37 . 2010-12-26 13:37 -------- d-----w- c:\windows\Sun

2010-12-11 13:16 . 2010-12-11 13:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-12-11 13:15 . 2010-12-11 13:15 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-12-11 13:15 . 2010-12-11 13:15 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-11 13:15 . 2010-12-11 13:15 472808 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

2010-12-11 13:15 . 2010-12-11 13:15 -------- d-----w- c:\arquivos de programas\Java

2010-12-09 04:34 . 2010-12-09 04:34 -------- d-----w- c:\documents and settings\IsaIca\Configurações locais\Dados de aplicativos\LG Electronics

2010-12-09 04:33 . 2010-12-09 04:33 -------- d-----w- c:\arquivos de programas\LG Electronics

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-03 21:26 . 2011-01-03 21:25 331121403 ----a-w- C:\UsbFix_Upload_Me_FAMILA-GORAX-E8.zip

2010-11-18 18:15 . 2010-06-18 17:50 86016 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:21 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2008-04-14 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:58 . 2008-04-14 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys

2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

------- Sigcheck -------

[-] 2008-05-19 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-11-14 00:58 3913000 ----a-w- c:\arquivos de programas\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

2010-11-14 00:58 3913000 ----a-w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll" [2010-11-14 3913000]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\arquivos de programas\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C69650DC-9644-4580-AA86-0EA329EE6C60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMess.dll" [2010-11-14 3913000]

[HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-08 18:13 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^forteManager.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\forteManager.lnk

backup=c:\windows\pss\forteManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^IsaIca^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk]

path=c:\documents and settings\IsaIca\Menu Iniciar\Programas\Inicializar\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^IsaIca^Menu Iniciar^Programas^Inicializar^Scheduler.lnk]

path=c:\documents and settings\IsaIca\Menu Iniciar\Programas\Inicializar\Scheduler.lnk

backup=c:\windows\pss\Scheduler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 04:57 35760 -c--a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-05-16 12:27 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-10-05 17:41 136176 ----atw- c:\documents and settings\IsaIca\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2010-06-09 23:55 49208 -c----w- c:\arquivos de programas\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-04-13 09:07 69632 -c--a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]

2010-04-08 08:40 2369384 ----a-w- c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-05-20 18:27 119152 ------w- c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 14:44 248552 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

2010-05-20 18:27 762736 ----a-w- c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Adobe LM Service"=3 (0x3)

"NMIndexingService"=3 (0x3)

"NBService"=3 (0x3)

"MSCamSvc"=2 (0x2)

"idsvc"=3 (0x3)

"avg9wd"=2 (0x2)

"avg9emc"=2 (0x2)

"AVG Security Toolbar Service"=3 (0x3)

"JavaQuickStarterService"=2 (0x2)

"ANSAVDaemon"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Arquivos de programas\\Counter-Strike Source\\hl2.exe"=

"c:\\Documents and Settings\\IsaIca\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/7/2010 15:13 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/7/2010 15:13 243024]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/9/2009 08:11 12160]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/9/2009 08:11 10496]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/9/2009 08:11 12928]

S0 Shadow;Shadow; [x]

S3 LGDDCDevice;LGDDCDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\I2CDriver.sys [18/6/2010 16:20 14336]

S3 LGII2CDevice;LGII2CDevice;c:\arquivos de programas\LG Soft India\forteManager\bin\PII2CDriver.sys [18/6/2010 16:20 13312]

S4 ANSAVDaemon;ANSAV Guard;g:\ansav\ansavd.exe --> g:\ansav\ansavd.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

2011-01-03 c:\windows\Tasks\Windows Codec Update Service.job

- c:\arquivos de programas\Essentials Codec Pack\WECPUpdate.exe [2010-09-27 13:30]

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: LG Link Air Option - c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209

IE: LG Link Air Save to Mobile Document Folder - c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210

IE: LG Link Air Save to Mobile Memo - c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208

IE: LG Link Air Save to Mobile Photo Album - c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206

IE: LG Link Air Set as Mobile Wallpaper - c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205

TCP: {64732AC3-BF47-4751-8FBF-CDA0940361E5} = 200.220.227.56 200.142.132.32

FF - ProfilePath - c:\documents and settings\IsaIca\Dados de aplicativos\Mozilla\Firefox\Profiles\bdmic5az.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2719261&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - MessengerPlusLive Brazil TB Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2719261&SearchSource=13

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Messenger Plus Live Brazil Toolbar: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - %profile%\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adicional de Seguranca CAIXAÂ®: {87F8774F-B485-47E2-A755-A40A8A5E886D} - %profile%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

FF - Ext: SmallringFX DARKBlue: {0471d3b0-a403-11df-981c-0800200c9a66} - %profile%\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}

FF - Ext: Foxdie for Firefox: foxdie_ext_ocelot@foxdie.us - %profile%\extensions\foxdie_ext_ocelot@foxdie.us

FF - Ext: Foxdie (Graphite): FoxdieGraphite@tanjihay.com - %profile%\extensions\FoxdieGraphite@tanjihay.com

FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com

FF - Ext: DeezerMSN: deezermsn@akryus.net - %profile%\extensions\deezermsn@akryus.net

FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de

FF - Ext: Complete YouTube Saver: {AF445D67-154C-4c69-A17B-7F392BCC36A3} - %profile%\extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3}

FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: MessengerPlusLive Brazil TB Community Toolbar: {c69650dc-9644-4580-aa86-0ea329ee6c60} - %profile%\extensions\{c69650dc-9644-4580-aa86-0ea329ee6c60}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: LG Air Sync: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B} - c:\arquivos de programas\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-AVG9_TRAY - c:\arquiv~1\AVG\AVG9\avgtray.exe

MSConfigStartUp-SearchEngineProtection - c:\arquivos de programas\Gamesbar\SearchEngineProtection.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-04 00:25

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\,(**49('F**1E6'F**4H'D**0H *'DB9/)**0H *'D-,)*]

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\,(**49('F**1E6'F**4H'D**0H *'DB9/)**0H *'D-,)*\PTB_Settings\BCGCommandManager]

"CommandsWithoutImages"=hex:00,00

"MenuUserImages"=hex:00,00

[HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\,(**49('F**1E6'F**4H'D**0H *'DB9/)**0H *'D-,)*\PTB_Settings\BCGControlBarVersion]

"Major"=dword:00000008

"Minor"=dword:0000003c

[HKEY_USERS\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\,(**49('F**1E6'F**4H'D**0H *'DB9/)**0H *'D-,)*\PTB_Settings\BCGToolbarParameters]

"Tooltips"=dword:00000001

"ShortcutKeys"=dword:00000001

"LargeIcons"=dword:00000001

"MenuAnimation"=dword:00000000

"RecentlyUsedMenus"=dword:00000001

"MenuShadows"=dword:00000001

"ShowAllMenusAfterDelay"=dword:00000001

"Look2000"=dword:00000001

"CommandsUsage"=hex:00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3460)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Vivo 3G\Vivo 3G.exe

c:\arquivos de programas\Vivo 3G\ejectdisk.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-01-04 00:28:17 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-01-04 03:28

ComboFix2.txt 2010-07-22 22:14

Pré-execução: 16 pasta(s) 35.549.028.352 bytes disponíveis

Pós execução: 17 pasta(s) 36.358.524.928 bytes disponíveis

- - End Of File - - 0CD42B6E99FE03050CAF1DF473605FA5

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:30:40, on 4/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\Arquivos de programas\Vivo 3G\ejectdisk.exe

C:\WINDOWS\system32\notepad.exe

C:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896