[Resolvido] &nbsppc infectado

[Edvan 30]

Amigos esse log é de uma amiga, ela veio ate mim com o pc muito infectado, eu nao conseguia entrar no msconfig, nao conseguia deletar nada, em fim bloqueava tudo, daí rodei o combofix em modo seguro, daí melhorou 50%, ja estou conseguindo mexer no notebook dela, porem creio que ainda tem vestigios de virus ainda..

 

ComboFix 11-02-12.02 - Administrador 15/02/2011 22:31:24.2.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.958.772 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ferramentas\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Zwangi

c:\documents and settings\All Users\Dados de aplicativos\kCgCjPc17702

c:\documents and settings\All Users\Dados de aplicativos\kCgCjPc17702\kCgCjPc17702

c:\documents and settings\All Users\Dados de aplicativos\kCgCjPc17702\kCgCjPc17702.exe

c:\documents and settings\All Users\Dados de aplicativos\Zwangi

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-16 to 2011-02-16 ))))))))))))))))))))))))))))

.

 

2011-02-16 00:27 . 2011-02-16 00:27 -------- d-----w- C:\LinhaDefensiva

2011-02-15 23:53 . 2011-02-15 23:53 -------- d-----w- c:\documents and settings\Administrador

2011-01-26 22:10 . 2011-01-26 22:10 83765096 ----a-w- c:\arquivos de programas\Arquivos comuns\Windows Live\.cache\wlc19.tmp

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

 

------- Sigcheck -------

 

[-] 2008-07-03 . E5B29D36CCEE2370812E5FC5965BD07B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 00:44 1400712 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2009-05-20 17:36 1258808 ----a-w- c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^DRIVER PNP Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\DRIVER PNP Monitor.lnk

backup=c:\windows\pss\DRIVER PNP Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^casa^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=c:\documents and settings\casa\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 16:08 209153 ----a-w- c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2005-10-28 19:25 94208 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 09:00 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2007-08-24 09:00 33648 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2007-10-12 17:16 794624 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2010-03-12 21:41 119152 ----a-w- c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 00:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

2008-07-02 21:48 176128 ----a-w- c:\windows\system32\S3Trayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-11-22 10:31 630784 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 14:43 248040 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

2009-05-20 18:11 111928 ----a-r- c:\arquivos de programas\SweetIM\Messenger\SweetIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC]

2008-08-29 20:27 143360 ----a-w- c:\arquivos de programas\Vimicro Corporation\VMUVC\VMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2008-07-02 21:48 53248 ----a-w- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

2010-03-12 21:41 762736 ----a-w- c:\windows\vVX1000.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [7/8/2009 12:44 108289]

S2 gupdate1ca93f9c7a93398;Google Update Service (gupdate1ca93f9c7a93398);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/1/2010 00:40 133104]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 14:33 50704]

S2 TeamViewer5;TeamViewer 5;c:\arquivos de programas\TeamViewer\Version5\TeamViewer_Service.exe [8/12/2009 08:46 185640]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2/7/2008 20:41 194304]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys [15/2/2010 09:21 260992]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys [15/2/2010 09:22 337408]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys [15/2/2010 09:21 14976]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys [15/2/2010 09:21 380672]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys [15/2/2010 09:21 343680]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys [15/2/2010 09:22 24960]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys [15/2/2010 09:22 344064]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys [15/2/2010 09:22 337408]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys [15/2/2010 09:21 17408]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\sesc.sys [15/2/2010 09:22 12672]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2/7/2008 20:23 205184]

S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [7/8/2009 22:26 256512]

S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [7/8/2009 22:26 398720]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-13 02:40]

 

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-01-13 02:40]

 

2011-02-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\arquivos de programas\Ask.com\UpdateTask.exe [2010-09-29 00:44]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-Advanced SystemCare 3 - c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

MSConfigStartUp-ares - c:\arquivos de programas\Ares\Ares.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-15 22:37

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2011-02-15 22:39:33

ComboFix-quarantined-files.txt 2011-02-16 00:39

 

Pré-execução: 7 pasta(s) 29.579.534.336 bytes disponíveis

Pós execução: 8 pasta(s) 30.958.911.488 bytes disponíveis

 

- - End Of File - - 7795D2ED12ED8D68312AAF3AC32C5A35

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:55:44, on 15/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\TeamViewer\Version5\TeamViewer_Service.exe

C:\Arquivos de programas\TeamViewer\Version5\TeamViewer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Arquivos de programas\CCleaner\CCleaner.exe

C:\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate1ca93f9c7a93398) (gupdate1ca93f9c7a93398) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version5\TeamViewer_Service.exe

 

--

End of file - 8324 bytes

[wings 22]

Olá Edvan

 

 

1.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

[Edvan 30]

======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 16/02/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:04:56 on 16/02/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

casa@CASA-A2A7F400F8 ( )

 

============== ACTION(S) ==============

 

 

 

(!) -- Temporary files deleted.

 

 

Key deleted: HKLM\Software\Freeze.com

Key deleted: HKCU\Software\Freeze.com

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}

 

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Internet Explorer Version [7.0.5730.11] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype add-on for Internet Explorer" (C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\icon.ico)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{02478D38-C3F9-4efb-9B51-7695ECA05670} (?)

BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Facilitador de Leitor de Link Adobe PDF" (C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype add-on for Internet Explorer" (C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)

BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 12 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 16/02/2011 23:05:22 (1923 Byte(s))

 

End at: 23:06:29, 16/02/2011

 

============== E.O.F ==============

[wings 22]

OK...o PC está limpo.

 

 

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

 

Um abraço.

[Edvan 30]

feito..

 

OBG..

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.