Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Working System

[Arquivado] &nbspÁnalise de Log

Recommended Posts

Bom,

 

To precisando que analisem o log retirado hoje via HijackThis, meu computador ta meio lerdo e quando abro o Internet Explorer abre duas vezes o processo e a mesma coisa anda acontecendo com o Chrome (só o Firefox que to usando).

Estou usando o Kaspersky PURE 9.1.0.124 e não esta adiantando...

 

Segue Log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:17:27, on 19/2/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 109.123.70.47:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

O8 - Extra context menu item: Advanced Email Extractor - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Scan link with AEE - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html

O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe

O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

--

End of file - 8290 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Seja bem vindo à seção de Remoção de Malwares do Imasters Fórums!

 

Por favor, siga as instruções abaixo:

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  • Salve o resultado e cole-o no seu tópico.

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa...obrigado pela resposta brother...segue o DDS.txt:

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Roseli Mareti at 14:13:21,04 on s b 19/02/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1196 [GMT -2:00]

 

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Outlook Express\msimn.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Roseli Mareti\Meus documentos\Lucas\Nova pasta\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.orkut.com/

uSearch Page =

uSearch Bar =

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 109.123.70.47:80

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"

mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe"

mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui

mRunOnce: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: Advanced Email Extractor - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/page.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Scan link with AEE - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/link.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\arquiv~1\kasper~1\kasper~1\kloehk.dll

Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\roseli~1\dadosd~1\mozilla\firefox\profiles\x2ihzpvd.default\

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

 

============= SERVICES / DRIVERS ===============

 

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2009-12-14 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-19 294608]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2009-12-14 39352]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-15 315408]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-19 141312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-19 17744]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2011-2-19 40384]

R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\arquivos comuns\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-5 279680]

S2 AVP;Kaspersky PURE;c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-13 136176]

S3 ivuozfi;ivuozfi;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 tvsnaeniw;tvsnaeniw;\??\c:\windows\system32\055.tmp --> c:\windows\system32\055.tmp [?]

S3 zruasdppp;zruasdppp;\??\c:\windows\system32\09.tmp --> c:\windows\system32\09.tmp [?]

S4 MySQL51;MySQL51;"c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\mysql\mysql server 5.1\my.ini" mysql51 --> c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld [?]

 

=============== Created Last 30 ================

 

2011-02-19 06:49:33 38848 ----a-w- c:\windows\avastSS.scr

2011-02-19 06:49:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software

2011-02-19 05:54:19 -------- d-----w- c:\arquivos de programas\WebExtractor

2011-02-19 01:53:28 -------- d-----w- C:\UsbFix

2011-02-19 01:52:59 1220299 ----a-w- C:\UsbFix.exe

2011-02-16 00:19:31 162392 ----a-w- c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-16 00:19:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-16 00:19:14 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-16 00:17:07 -------- d-----w- c:\arquivos de programas\arquivos comuns\InfoWatch

2011-02-16 00:17:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2011-02-16 00:17:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2011-02-16 00:10:42 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis

2011-02-16 00:00:46 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Registry Mechanic

2011-02-15 23:58:23 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2011-02-15 23:56:59 -------- d-----w- c:\arquivos de programas\arquivos comuns\PC Tools

2011-02-15 23:45:57 -------- d-----w- C:\CARROS

2011-02-15 23:29:26 -------- dc-h--w- c:\windows\ie8

2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-13 06:05:49 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\XoftSpySE

2011-02-13 05:52:56 -------- d-----w- C:\_OTL

2011-02-13 05:41:36 -------- d-----w- C:\Program Files

2011-02-12 08:41:46 149504 ----a-w- c:\windows\UNWISE.EXE

2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\TweakMarketing

2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO

2011-02-12 08:39:03 -------- d-----w- C:\extractor

2011-02-12 08:38:42 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus

2011-02-12 08:37:25 -------- d-----w- c:\arquivos de programas\FindEmail

2011-02-12 08:26:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7

2011-02-11 10:17:38 43008 ----a-w- c:\windows\system32\MSMAPI32.oca

2011-02-11 10:17:38 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca

2011-02-11 10:11:24 1652736 ----a-w- c:\windows\system32\mshtml.oca

2011-02-11 10:11:22 64000 ----a-w- c:\windows\system32\ieframe.oca

2011-02-11 10:11:22 29184 ----a-w- c:\windows\system32\MSINET.oca

2011-02-11 10:11:22 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca

2011-02-11 10:09:57 -------- d-----w- c:\arquivos de programas\Web Publish

2011-02-11 09:19:53 -------- d-----w- c:\arquivos de programas\Resource Hacker

2011-02-11 04:38:45 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm

2011-02-11 04:38:41 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-02-11 04:38:41 249856 ------w- c:\windows\Setup1.exe

2011-02-10 18:33:09 -------- d-----w- c:\windows\system32\F6DAA0

2011-01-31 02:35:48 -------- d-----w- C:\AudacityPortable

2011-01-31 02:28:17 -------- d-----w- c:\arquivos de programas\AnalogX

2011-01-25 14:48:49 -------- d-----w- C:\DPEC

2011-01-25 14:48:33 -------- d-----w- C:\database

 

==================== Find3M ====================

 

2011-01-13 03:33:41 0 ----a-w- c:\documents and settings\roseli mareti\m.tmp

2010-12-03 00:03:25 796672 ----a-w- c:\windows\GPInstall.exe

 

============= FINISH: 14:13:54,34 ===============

 

Agora, o Attach.txt:

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/10/2010 20:44:03

System Uptime: 18/2/2011 19:01:24 (19 hours ago)

 

Motherboard: FOXCONN | | M61PMV

Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz

Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 0,695 GiB free.

D: is CDROM ()

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP4: 18/2/2011 07:45:27 - Ponto de verificação do sistema

RP5: 19/2/2011 04:49:22 - avast! Free Antivirus Setup

 

==== Installed Programs ======================

 

7-Zip 4.57

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Community Help

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Advanced Archive Password Recovery

Advanced Email Extractor PRO

Agere Systems PCI Soft Modem

AnalogX Vocal Remover

Apple Application Support

Apple Software Update

Arquivo do WinRAR

Assistente de Conexão do Windows Live

µTorrent

avast! Free Antivirus

C-Media WDM Audio Driver

CCleaner

Cheat Engine 5.5

Cheat Engine 5.6.1

Compatibility Pack for the 2007 Office system

Connect

Emissor de Nota Fiscal Eletronica (NF-e)

Ferramenta de Carregamento do Windows Live

FindEmail 2.2.8

Foxit Reader

Google Chrome

Google Earth

Google Update Helper

HijackThis 2.0.2

JC-Email Segmenter Plus

K-Lite Mega Codec Pack 4.2.5

Kaspersky PURE

kuler

Lexmark X1100 Series

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Bootvis

Microsoft Choice Guard

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio 6.0 Enterprise Edition

Microsoft Web Publishing Wizard 1.53

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.13)

MSVCRT

MySQL Server 5.1

NVIDIA Drivers

PDF Settings CS5

Photoshop Camera Raw

Platform

QuickTime

Real Alternative 1.9.0

Resource Hacker Version 3.5.2

Segoe UI

SiS VGA Utilities

SiSAGP driver

Skype™ 5.1

Spyware Terminator

Suite Shared Configuration CS4

UltraISO Premium V8.63

UsbFix By El Desaparecido & C_XX

VIA Gerenciador de dispositivo de plataforma

VobSub v2.23 (Remove Only)

Web Data Extractor 3.7

Web Data Extractor 8.1

WebFldrs XP

WinAVI Video Converter

WinAVI Video Converter 9.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

Windows XP Service Pack 2

XP Codec Pack

 

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga as instruções abaixo:

 

<< 1 >>

 

Faça o download do HostsXpert e salve em uma pasta própria (como C:\HostsXpert)

 

  • Extraia o arquivo .zip
  • Clique em Restore MS Hosts File.
  • OBSERVAÇÃO: Caso o HostsXpert reportar algum erro, clique em Make Writeable? e, após isso, clique em Restore MS Hosts File.

 

 

<< 2 >>

 

Siga as instruções do tutorial abaixo e execute o Ad-Remover. Utilize a opção CLEAN. Poste o log gerado.

 

Tutorial do Ad-Remover

 

<< 3 >>

 

Temporariamente desative seus programas de proteção!

 

Faça o download do BankerFix e salve no desktop (área de trabalho).

 

  • Reinicie o computador em
Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)
 
Feche todos os programas abertos, menos o BankerFix.
Duplo clique em BankerFix.exe
Tenha certeza de que está conectado na internet e clique em OK.
Após a instalação, clique em OK para executar o BankerFix.
Aperte qualquer tecla na janela do BankerFix. Ele fará o resto.
Você receberá uma mensagem informando se foi encontrado algum problema.
Feche o BankerFix.
Vá em C:\Linha Defensiva\relatorio.txt. Copie todo o conteúdo do arquivo e poste em sua próxima mensagem.

 

 

<< 4 >>

 

Poste um novo log do DDS.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos lá...o relatório AD-REPORT:

 

======= REPORT FROM AD-REMOVER 2.0.0.2,E | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 16/02/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:13:26 on 19/02/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 2 (X86)

Roseli Mareti@ESCRITORIO ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\Arquivos de programas\Mozilla FireFox\Components\AskSearch.js

Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\conduit

Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\ConduitEngine

Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\extensions\engine@conduit.com

Folder deleted: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\PriceGong

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default\Prefs.js --

Line deleted: user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/945276/941054/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2552374", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2552374&octid=...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=pt-br", "\"...

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2552374");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic_brasil");

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2552374");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{12fc3d37-2a42-4fe3-8489-81296878cba5}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic_brasil");

Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr...

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2552374");

Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2552374");

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Feb 18 2011 22:11:15 GMT-0200");

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Feb 18 2011 22:11:15 GMT-0200");

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "8131fb32-daa4-4504-a27b-db2a903343e5");

Line deleted: user_pref("ConduitEngine.FirstServerDate", "11/30/2010 23");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstalledDate", "Tue Nov 30 2010 18:36:13 GMT-0200");

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Feb 18 2011 22:11:36 GMT-0200");

Line deleted: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sat Feb 19 2011 21:33:14 GMT-0200");

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Feb 19 2011 21:33:14 GMT-0200");

Line deleted: user_pref("ConduitEngine.UserID", "UN44073588401824866");

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Feb 18 2011 22:11:36 GMT-0200");

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("ConduitEngine.usagesFlag", 2);

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key deleted: HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}

Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key deleted: HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

Key deleted: HKLM\Software\Classes\Toolbar.CT2552374

Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key deleted: HKLM\Software\AskBarDis

Key deleted: HKCU\Software\PriceGong

Key deleted: HKU\.DEFAULT\Software\AskToolbar

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

 

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [3.6.13 (pt-BR)] ****

 

Plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

HKLM_MozillaPlugins\@zylom.com/ZylomGamesPlayer (x)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

 

-- C:\Documents and Settings\Roseli Mareti\Dados de aplicativos\Mozilla\FireFox\Profiles\x2ihzpvd.default --

Extensions\firebug@software.joehewitt.com (Firebug)

Extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} (Softonic_Brasil Community Toolbar)

Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66} (QuickProxy)

Prefs.js - browser.download.dir, C:\\Documents and Settings\\Roseli Mareti\\Meus documentos\\Lucas\\Nova pasta

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Roseli Mareti\\Meus documentos

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)

HKCU_SearchScopes\{210073B5-670D-4ABE-A7CB-83EDBC77BF35} - "Orbit Search (Powered By Google)" (hxxp://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding})

HKCU_SearchScopes\{8e04bb2c-d5aa-493b-bd76-4d162c4fa21b} - "iCall" (hxxp://www.ask.com/web?q={searchTerms}&o=1492&l=dis)

HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (x)

HKLM_ElevationPolicy\{09E9B8FC-3D94-4A9B-AD2E-A64255121895} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtbws.exe (Kaspersky Lab)

HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (x)

HKLM_ElevationPolicy\{4671F4B7-89F5-4701-B641-570278D5C856} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe (Kaspersky Lab)

HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Arquivos de programas\Java\jre6\bin\ssvagent.exe (x)

HKCU_Extensions\{AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - "Email Extractor" (C:\Arquivos de programas\Advanced Email Extractor PRO\AeePMsie.dll,2)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 67 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 19/02/2011 22:13:36 (11529 Byte(s))

 

End at: 22:14:15, 19/02/2011

 

============== E.O.F ==============

 

RELATÓRIO BANKER FIX:

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2011-02-19 - 22:19

-------------------------------------------------------

Lista de Definição: 2010-12-25-1 | CORE: 2010-12-28-6

=======================================================

 

 

 

----- Fim -------------------------

 

 

RELATÓRIO DDS.txt:

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Roseli Mareti at 22:24:24,32 on s b 19/02/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1376 [GMT -2:00]

 

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Roseli Mareti\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uWindow Title =

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 109.123.70.47:80

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"

mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe"

mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: Advanced Email Extractor - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/page.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Scan link with AEE - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/link.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: c:\arquiv~1\kasper~1\kasper~1\kloehk.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\roseli~1\dadosd~1\mozilla\firefox\profiles\x2ihzpvd.default\

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

 

============= SERVICES / DRIVERS ===============

 

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2009-12-14 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2009-12-14 39352]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-15 315408]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-19 141312]

R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\arquivos comuns\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-5 279680]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]

S2 AVP;Kaspersky PURE;c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-13 136176]

S3 ivuozfi;ivuozfi;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 tvsnaeniw;tvsnaeniw;\??\c:\windows\system32\055.tmp --> c:\windows\system32\055.tmp [?]

S3 zruasdppp;zruasdppp;\??\c:\windows\system32\09.tmp --> c:\windows\system32\09.tmp [?]

S4 MySQL51;MySQL51;"c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\mysql\mysql server 5.1\my.ini" mysql51 --> c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld [?]

 

=============== Created Last 30 ================

 

2011-02-20 00:19:13 -------- d-----w- C:\LinhaDefensiva

2011-02-20 00:12:54 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-02-20 00:11:12 -------- d-----w- C:\HostsXpert

2011-02-19 22:38:21 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Canneverbe Limited

2011-02-19 22:38:21 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Canneverbe Limited

2011-02-19 22:38:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-02-19 22:26:02 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys

2011-02-19 22:25:57 -------- d-----w- c:\arquivos de programas\vso

2011-02-19 06:49:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software

2011-02-19 05:54:19 -------- d-----w- c:\arquivos de programas\WebExtractor

2011-02-19 01:53:28 -------- d-----w- C:\UsbFix

2011-02-19 01:52:59 1220299 ----a-w- C:\UsbFix.exe

2011-02-16 00:19:31 162392 ----a-w- c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-16 00:19:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-16 00:19:14 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-16 00:17:07 -------- d-----w- c:\arquivos de programas\arquivos comuns\InfoWatch

2011-02-16 00:17:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2011-02-16 00:17:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2011-02-16 00:10:42 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis

2011-02-16 00:00:46 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Registry Mechanic

2011-02-15 23:58:23 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2011-02-15 23:45:57 -------- d-----w- C:\CARROS

2011-02-15 23:29:26 -------- dc-h--w- c:\windows\ie8

2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-13 06:05:49 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\XoftSpySE

2011-02-13 05:52:56 -------- d-----w- C:\_OTL

2011-02-13 05:41:36 -------- d-----w- C:\Program Files

2011-02-12 08:41:46 149504 ----a-w- c:\windows\UNWISE.EXE

2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\TweakMarketing

2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO

2011-02-12 08:39:03 -------- d-----w- C:\extractor

2011-02-12 08:38:42 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus

2011-02-12 08:37:25 -------- d-----w- c:\arquivos de programas\FindEmail

2011-02-12 08:26:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7

2011-02-11 10:17:38 43008 ----a-w- c:\windows\system32\MSMAPI32.oca

2011-02-11 10:17:38 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca

2011-02-11 10:11:24 1652736 ----a-w- c:\windows\system32\mshtml.oca

2011-02-11 10:11:22 64000 ----a-w- c:\windows\system32\ieframe.oca

2011-02-11 10:11:22 29184 ----a-w- c:\windows\system32\MSINET.oca

2011-02-11 10:11:22 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca

2011-02-11 10:09:57 -------- d-----w- c:\arquivos de programas\Web Publish

2011-02-11 09:19:53 -------- d-----w- c:\arquivos de programas\Resource Hacker

2011-02-11 04:38:45 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm

2011-02-11 04:38:41 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-02-11 04:38:41 249856 ------w- c:\windows\Setup1.exe

2011-02-10 18:33:09 -------- d-----w- c:\windows\system32\F6DAA0

2011-01-31 02:35:48 -------- d-----w- C:\AudacityPortable

2011-01-31 02:28:17 -------- d-----w- c:\arquivos de programas\AnalogX

2011-01-25 14:48:49 -------- d-----w- C:\DPEC

2011-01-25 14:48:33 -------- d-----w- C:\database

 

==================== Find3M ====================

 

2011-01-13 03:33:41 0 ----a-w- c:\documents and settings\roseli mareti\m.tmp

2010-12-03 00:03:25 796672 ----a-w- c:\windows\GPInstall.exe

 

============= FINISH: 22:24:53,92 ===============

 

RELATÓRIO Attach.txt:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/10/2010 20:44:03

System Uptime: 19/2/2011 21:15:20 (1 hours ago)

 

Motherboard: FOXCONN | | M61PMV

Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz

Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 3,56 GiB free.

D: is CDROM (UDF)

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP6: 19/2/2011 20:16:06 - Ponto de verificação do sistema

 

==== Installed Programs ======================

 

7-Zip 4.57

Ad-Remover By C_XX

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Community Help

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Advanced Archive Password Recovery

Advanced Email Extractor PRO

Agere Systems PCI Soft Modem

AnalogX Vocal Remover

Apple Application Support

Apple Software Update

Arquivo do WinRAR

Assistente de Conexão do Windows Live

µTorrent

avast! Free Antivirus

C-Media WDM Audio Driver

CCleaner

CDBurnerXP

Cheat Engine 5.5

Cheat Engine 5.6.1

Compatibility Pack for the 2007 Office system

Connect

ConvertXtoDVD 2.0.12

Emissor de Nota Fiscal Eletronica (NF-e)

Ferramenta de Carregamento do Windows Live

FindEmail 2.2.8

Foxit Reader

Google Chrome

Google Earth

Google Update Helper

HijackThis 2.0.2

JC-Email Segmenter Plus

K-Lite Mega Codec Pack 4.2.5

Kaspersky PURE

kuler

Lexmark X1100 Series

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Bootvis

Microsoft Choice Guard

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio 6.0 Enterprise Edition

Microsoft Web Publishing Wizard 1.53

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.13)

MSVCRT

MySQL Server 5.1

NVIDIA Drivers

PDF Settings CS5

Photoshop Camera Raw

Platform

QuickTime

Real Alternative 1.9.0

Resource Hacker Version 3.5.2

Segoe UI

SiS VGA Utilities

SiSAGP driver

Skype™ 5.1

Spyware Terminator

Suite Shared Configuration CS4

UltraISO Premium V8.63

UsbFix By El Desaparecido & C_XX

VIA Gerenciador de dispositivo de plataforma

VobSub v2.23 (Remove Only)

Web Data Extractor 3.7

Web Data Extractor 8.1

WebFldrs XP

WinAVI Video Converter

WinAVI Video Converter 9.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

Windows XP Service Pack 2

XP Codec Pack

 

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga o tutorial no link abaixo:

 

#### Como usar o ComboFix ####

 

Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.

 

  • Siga o tutorial e execute o ComboFix.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

 

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

 

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa...seguinte, vi no tuto fiz td certim...ai deixei fazendo e gerou o log:

 

ComboFix 11-02-19.02 - Roseli Mareti 20/02/2011 0:07.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1525 [GMT -3:00]

Executando de: c:\documents and settings\Roseli Mareti\Desktop\ComboFix.exe

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Java

c:\arquivos de programas\Java\jre6\lib\ext\QTJava.zip

c:\documents and settings\Roseli Mareti\m.tmp

c:\documents and settings\Roseli Mareti\u.txt

c:\windows\system32\Cache

c:\windows\system32\reg_200.txt

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))

.

 

2011-02-20 00:19 . 2011-02-20 00:20 -------- d-----w- C:\LinhaDefensiva

2011-02-20 00:12 . 2011-02-20 00:12 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-02-20 00:11 . 2011-02-20 00:12 -------- d-----w- C:\HostsXpert

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Canneverbe Limited

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2011-02-19 22:38 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-02-19 22:26 . 2011-02-20 02:25 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Vso

2011-02-19 22:26 . 2011-02-19 22:26 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys

2011-02-19 22:25 . 2011-02-19 22:25 -------- d-----w- c:\arquivos de programas\vso

2011-02-19 06:49 . 2011-02-19 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2011-02-19 06:49 . 2011-02-19 06:49 -------- d-----w- c:\arquivos de programas\Alwil Software

2011-02-19 05:54 . 2011-02-19 05:57 -------- d-----w- c:\arquivos de programas\WebExtractor

2011-02-19 01:53 . 2011-02-19 02:13 -------- d-----w- C:\UsbFix

2011-02-16 00:19 . 2010-10-01 23:05 162392 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-16 00:19 . 2011-02-16 00:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-16 00:19 . 2011-02-16 00:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InfoWatch

2011-02-16 00:17 . 2011-02-20 03:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2011-02-16 00:10 . 2011-02-16 00:10 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis

2011-02-16 00:00 . 2011-02-16 00:00 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Registry Mechanic

2011-02-15 23:58 . 2011-02-15 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2011-02-15 23:45 . 2011-02-15 23:45 -------- d-----w- C:\CARROS

2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2011-02-15 23:43 . 2011-02-15 23:43 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2011-02-15 23:29 . 2011-02-15 23:31 -------- dc-h--w- c:\windows\ie8

2011-02-14 08:43 . 2011-02-14 08:43 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-13 06:05 . 2011-02-13 06:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XoftSpySE

2011-02-13 05:52 . 2011-02-13 05:52 -------- d-----w- C:\_OTL

2011-02-13 05:41 . 2011-02-13 05:41 -------- d-----w- C:\Program Files

2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO

2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TweakMarketing

2011-02-12 08:41 . 1999-06-25 12:55 149504 ----a-w- c:\windows\UNWISE.EXE

2011-02-12 08:39 . 2011-02-12 08:39 -------- d-----w- C:\extractor

2011-02-12 08:38 . 2011-02-13 05:23 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus

2011-02-12 08:37 . 2011-02-12 08:45 -------- d-----w- c:\arquivos de programas\FindEmail

2011-02-12 08:26 . 2011-02-12 08:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7

2011-02-11 10:17 . 2011-02-11 10:17 43008 ----a-w- c:\windows\system32\MSMAPI32.oca

2011-02-11 10:17 . 2011-02-11 10:17 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca

2011-02-11 10:11 . 2011-02-11 10:11 1652736 ----a-w- c:\windows\system32\mshtml.oca

2011-02-11 10:11 . 2011-02-18 00:16 29184 ----a-w- c:\windows\system32\MSINET.oca

2011-02-11 10:11 . 2011-02-18 00:16 64000 ----a-w- c:\windows\system32\ieframe.oca

2011-02-11 10:11 . 2011-02-11 10:11 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca

2011-02-11 10:09 . 2011-02-11 10:09 -------- d-----w- c:\arquivos de programas\Web Publish

2011-02-11 09:19 . 2011-02-11 09:20 -------- d-----w- c:\arquivos de programas\Resource Hacker

2011-02-11 04:38 . 2011-02-11 09:42 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm

2011-02-11 04:38 . 2011-02-11 04:38 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-02-11 04:38 . 2011-02-11 04:38 249856 ------w- c:\windows\Setup1.exe

2011-02-10 18:33 . 2011-02-13 05:35 -------- d-----w- c:\windows\system32\F6DAA0

2011-01-31 02:35 . 2011-01-31 02:36 -------- d-----w- C:\AudacityPortable

2011-01-31 02:28 . 2011-01-31 02:28 -------- d-----w- c:\arquivos de programas\AnalogX

2011-01-31 00:17 . 2011-01-31 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\DPEC

2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\database

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-03 00:03 . 2010-12-03 00:03 796672 ----a-w- c:\windows\GPInstall.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[7] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

 

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[7] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

 

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

 

[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[7] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 23:05 129624 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\shellex.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-02 13529088]

"nwiz"="nwiz.exe" [2008-05-02 1630208]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-02 86016]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]

"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-1 331776]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-11-26 04:38 500208 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 03:45 1667584 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 13:17 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 15:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8789:TCP"= 8789:TCP:jjmeu

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [14/12/2009 11:44 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 19:18 36880]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [14/12/2009 11:44 39352]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/12/2008 14:07 141312]

R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 16:34 743992]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 12:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 17:39 19472]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/10/2010 22:08 279680]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2010 14:25 136176]

S3 ivuozfi;ivuozfi;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 12:37 517096]

S3 tvsnaeniw;tvsnaeniw;\??\c:\windows\system32\055.tmp --> c:\windows\system32\055.tmp [?]

S3 zruasdppp;zruasdppp;\??\c:\windows\system32\09.tmp --> c:\windows\system32\09.tmp [?]

S4 MySQL51;MySQL51;"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-ESCRITORIO-Roseli Mareti.job

- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-26 04:38]

 

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]

 

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 109.123.70.47:80

IE: Adicionar ao Antibanner - c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

IE: Advanced Email Extractor - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Scan link with AEE - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html

FF - ProfilePath - c:\documents and settings\Roseli Mareti\Dados de aplicativos\Mozilla\Firefox\Profiles\x2ihzpvd.default\

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-Cmaudio - cmicnfg.cpl

MSConfigStartUp-SunJavaUpdateSched - c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

AddRemove-Emissor de Nota Fiscal Eletronica (NF-e) - c:\windows\system32\javaws.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-20 00:15

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ivuozfi]

"ImagePath"="\??\c:\windows\system32\08.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]

"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL51"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tvsnaeniw]

"ImagePath"="\??\c:\windows\system32\055.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zruasdppp]

"ImagePath"="\??\c:\windows\system32\09.tmp"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1640)

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\windows\system32\agrsmsvc.exe

c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe

c:\windows\System32\nvsvc32.exe

c:\arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wscntfy.exe

c:\arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-02-20 00:23:17 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-02-20 03:23

 

Pré-execução: 6.339.997.696 bytes disponíveis

Pós execução: 6.234.165.248 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

 

- - End Of File - - 0421FC17DA5EBF26A0E09C81A63A0BE0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga as instruções abaixo:

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

 

  • Delete o Combofix.exe do seu desktop e baixe uma nova versão AQUI, salvando no seu Desktop.
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Code":
    DRIVER::
    tvsnaeniw
    zruasdppp
    aswSP
    aswFsBlk
    ivuozfi
    
    FILE::
    c:\windows\system32\055.tmp
    c:\windows\system32\09.tmp
    c:\windows\system32\08.tmp
    
    REGISTRY::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8789:TCP"=-
    
    DDS::
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File


     

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.
  • Se solicitado, pressione Enter para iniciar o processo de remoção.
  • Não use o mouse nem o teclado quando o ComboFix estiver rodando.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
ComboFix 11-02-19.02 - Roseli Mareti 20/02/2011 12:24:39.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1527 [GMT -3:00]

Executando de: c:\documents and settings\Roseli Mareti\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Roseli Mareti\Desktop\CFScript.txt

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

FILE ::

"c:\windows\system32\055.tmp"

"c:\windows\system32\08.tmp"

"c:\windows\system32\09.tmp"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASWFSBLK

-------\Legacy_ASWSP

-------\Legacy_TVSNAENIW

-------\Service_aswFsBlk

-------\Service_aswSP

-------\Service_ivuozfi

-------\Service_tvsnaeniw

-------\Service_zruasdppp

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))

.

 

2011-02-20 00:19 . 2011-02-20 00:20 -------- d-----w- C:\LinhaDefensiva

2011-02-20 00:12 . 2011-02-20 00:12 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-02-20 00:11 . 2011-02-20 00:12 -------- d-----w- C:\HostsXpert

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Canneverbe Limited

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2011-02-19 22:38 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-02-19 22:26 . 2011-02-20 06:48 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Vso

2011-02-19 22:26 . 2011-02-19 22:26 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys

2011-02-19 22:25 . 2011-02-19 22:25 -------- d-----w- c:\arquivos de programas\vso

2011-02-19 06:49 . 2011-02-19 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2011-02-19 06:49 . 2011-02-19 06:49 -------- d-----w- c:\arquivos de programas\Alwil Software

2011-02-19 05:54 . 2011-02-19 05:57 -------- d-----w- c:\arquivos de programas\WebExtractor

2011-02-19 01:53 . 2011-02-19 02:13 -------- d-----w- C:\UsbFix

2011-02-16 00:19 . 2010-10-01 23:05 162392 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-16 00:19 . 2011-02-16 00:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-16 00:19 . 2011-02-16 00:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InfoWatch

2011-02-16 00:17 . 2011-02-20 15:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2011-02-16 00:10 . 2011-02-16 00:10 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis

2011-02-16 00:00 . 2011-02-16 00:00 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Registry Mechanic

2011-02-15 23:58 . 2011-02-15 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2011-02-15 23:45 . 2011-02-15 23:45 -------- d-----w- C:\CARROS

2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2011-02-15 23:43 . 2011-02-15 23:43 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2011-02-15 23:29 . 2011-02-15 23:31 -------- dc-h--w- c:\windows\ie8

2011-02-14 08:43 . 2011-02-14 08:43 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-13 06:05 . 2011-02-13 06:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XoftSpySE

2011-02-13 05:52 . 2011-02-13 05:52 -------- d-----w- C:\_OTL

2011-02-13 05:41 . 2011-02-13 05:41 -------- d-----w- C:\Program Files

2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO

2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TweakMarketing

2011-02-12 08:41 . 1999-06-25 12:55 149504 ----a-w- c:\windows\UNWISE.EXE

2011-02-12 08:39 . 2011-02-12 08:39 -------- d-----w- C:\extractor

2011-02-12 08:38 . 2011-02-13 05:23 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus

2011-02-12 08:37 . 2011-02-12 08:45 -------- d-----w- c:\arquivos de programas\FindEmail

2011-02-12 08:26 . 2011-02-12 08:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7

2011-02-11 10:17 . 2011-02-11 10:17 43008 ----a-w- c:\windows\system32\MSMAPI32.oca

2011-02-11 10:17 . 2011-02-11 10:17 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca

2011-02-11 10:11 . 2011-02-11 10:11 1652736 ----a-w- c:\windows\system32\mshtml.oca

2011-02-11 10:11 . 2011-02-18 00:16 29184 ----a-w- c:\windows\system32\MSINET.oca

2011-02-11 10:11 . 2011-02-18 00:16 64000 ----a-w- c:\windows\system32\ieframe.oca

2011-02-11 10:11 . 2011-02-11 10:11 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca

2011-02-11 10:09 . 2011-02-11 10:09 -------- d-----w- c:\arquivos de programas\Web Publish

2011-02-11 09:19 . 2011-02-11 09:20 -------- d-----w- c:\arquivos de programas\Resource Hacker

2011-02-11 04:38 . 2011-02-11 09:42 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm

2011-02-11 04:38 . 2011-02-11 04:38 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-02-11 04:38 . 2011-02-11 04:38 249856 ------w- c:\windows\Setup1.exe

2011-02-10 18:33 . 2011-02-13 05:35 -------- d-----w- c:\windows\system32\F6DAA0

2011-01-31 02:35 . 2011-01-31 02:36 -------- d-----w- C:\AudacityPortable

2011-01-31 02:28 . 2011-01-31 02:28 -------- d-----w- c:\arquivos de programas\AnalogX

2011-01-31 00:17 . 2011-01-31 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\DPEC

2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\database

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-03 00:03 . 2010-12-03 00:03 796672 ----a-w- c:\windows\GPInstall.exe

.

 

------- Sigcheck -------

 

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[7] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

 

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[7] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

 

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

 

[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[7] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 23:05 129624 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\shellex.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-02 13529088]

"nwiz"="nwiz.exe" [2008-05-02 1630208]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-02 86016]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]

"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-1 331776]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-11-26 04:38 500208 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 03:45 1667584 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 13:17 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 15:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [14/12/2009 11:44 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 19:18 36880]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [14/12/2009 11:44 39352]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/12/2008 14:07 141312]

R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 16:34 743992]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 12:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 17:39 19472]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/10/2010 22:08 279680]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2010 14:25 136176]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 12:37 517096]

S4 MySQL51;MySQL51;"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-ESCRITORIO-Roseli Mareti.job

- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-26 04:38]

 

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]

 

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 109.123.70.47:80

IE: Adicionar ao Antibanner - c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm

IE: Advanced Email Extractor - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Scan link with AEE - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html

FF - ProfilePath - c:\documents and settings\Roseli Mareti\Dados de aplicativos\Mozilla\Firefox\Profiles\x2ihzpvd.default\

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-20 12:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]

"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL51"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(708)

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\windows\system32\agrsmsvc.exe

c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\arquivos de programas\CDBurnerXP\NMSAccessU.exe

c:\windows\System32\nvsvc32.exe

c:\arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-02-20 12:40:05 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-02-20 15:40

ComboFix2.txt 2011-02-20 03:23

 

Pré-execução: 5.832.167.424 bytes disponíveis

Pós execução: 6.197.534.720 bytes disponíveis

 

- - End Of File - - ED8182411F4393570DEBD0998F8BC6D4

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, siga as instruções abaixo:

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

 

  • Delete o Combofix.exe do seu desktop e baixe uma nova versão AQUI, salvando no seu Desktop.
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Code":
    FILE::
    c:\windows\Setup1.exe
    
    DirLook::
    c:\windows\system32\F6DAA0
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"


     

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.
  • Se solicitado, pressione Enter para iniciar o processo de remoção.
  • Não use o mouse nem o teclado quando o ComboFix estiver rodando.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fala ae...cara...obrigado mesmo pela grande ajuda que você ta me dando...segue próximo log:

 

ComboFix 11-02-19.02 - Roseli Mareti 20/02/2011 14:54:16.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1514 [GMT -3:00]

Executando de: c:\documents and settings\Roseli Mareti\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Roseli Mareti\Desktop\CFScript.txt

AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

FILE ::

"c:\windows\Setup1.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Setup1.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-20 to 2011-02-20 ))))))))))))))))))))))))))))

.

 

2011-02-20 00:19 . 2011-02-20 00:20 -------- d-----w- C:\LinhaDefensiva

2011-02-20 00:12 . 2011-02-20 00:12 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-02-20 00:11 . 2011-02-20 00:12 -------- d-----w- C:\HostsXpert

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Canneverbe Limited

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Canneverbe Limited

2011-02-19 22:38 . 2011-02-19 22:38 -------- d-----w- c:\arquivos de programas\CDBurnerXP

2011-02-19 22:38 . 2009-11-12 15:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-02-19 22:26 . 2011-02-20 06:48 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Vso

2011-02-19 22:26 . 2011-02-19 22:26 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys

2011-02-19 22:25 . 2011-02-19 22:25 -------- d-----w- c:\arquivos de programas\vso

2011-02-19 06:49 . 2011-02-19 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2011-02-19 06:49 . 2011-02-19 06:49 -------- d-----w- c:\arquivos de programas\Alwil Software

2011-02-19 05:54 . 2011-02-19 05:57 -------- d-----w- c:\arquivos de programas\WebExtractor

2011-02-19 01:53 . 2011-02-19 02:13 -------- d-----w- C:\UsbFix

2011-02-16 00:19 . 2010-10-01 23:05 162392 ----a-w- c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-16 00:19 . 2011-02-16 00:55 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-16 00:19 . 2011-02-16 00:55 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InfoWatch

2011-02-16 00:17 . 2011-02-20 17:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2011-02-16 00:17 . 2011-02-16 00:17 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2011-02-16 00:10 . 2011-02-16 00:10 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis

2011-02-16 00:00 . 2011-02-16 00:00 -------- d-----w- c:\documents and settings\Roseli Mareti\Dados de aplicativos\Registry Mechanic

2011-02-15 23:58 . 2011-02-15 23:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2011-02-15 23:45 . 2011-02-15 23:45 -------- d-----w- C:\CARROS

2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE

2011-02-15 23:44 . 2011-02-15 23:44 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache

2011-02-15 23:43 . 2011-02-15 23:43 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2011-02-15 23:29 . 2011-02-15 23:31 -------- dc-h--w- c:\windows\ie8

2011-02-14 08:43 . 2011-02-14 08:43 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-13 06:05 . 2011-02-13 06:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\XoftSpySE

2011-02-13 05:52 . 2011-02-13 05:52 -------- d-----w- C:\_OTL

2011-02-13 05:41 . 2011-02-13 05:41 -------- d-----w- C:\Program Files

2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO

2011-02-12 08:41 . 2011-02-12 08:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\TweakMarketing

2011-02-12 08:41 . 1999-06-25 12:55 149504 ----a-w- c:\windows\UNWISE.EXE

2011-02-12 08:39 . 2011-02-12 08:39 -------- d-----w- C:\extractor

2011-02-12 08:38 . 2011-02-13 05:23 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus

2011-02-12 08:37 . 2011-02-12 08:45 -------- d-----w- c:\arquivos de programas\FindEmail

2011-02-12 08:26 . 2011-02-12 08:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7

2011-02-11 10:17 . 2011-02-11 10:17 43008 ----a-w- c:\windows\system32\MSMAPI32.oca

2011-02-11 10:17 . 2011-02-11 10:17 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca

2011-02-11 10:11 . 2011-02-11 10:11 1652736 ----a-w- c:\windows\system32\mshtml.oca

2011-02-11 10:11 . 2011-02-18 00:16 29184 ----a-w- c:\windows\system32\MSINET.oca

2011-02-11 10:11 . 2011-02-18 00:16 64000 ----a-w- c:\windows\system32\ieframe.oca

2011-02-11 10:11 . 2011-02-11 10:11 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca

2011-02-11 10:09 . 2011-02-11 10:09 -------- d-----w- c:\arquivos de programas\Web Publish

2011-02-11 09:19 . 2011-02-11 09:20 -------- d-----w- c:\arquivos de programas\Resource Hacker

2011-02-11 04:38 . 2011-02-11 09:42 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm

2011-02-11 04:38 . 2011-02-11 04:38 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-02-10 18:33 . 2011-02-13 05:35 -------- d-----w- c:\windows\system32\F6DAA0

2011-01-31 02:35 . 2011-01-31 02:36 -------- d-----w- C:\AudacityPortable

2011-01-31 02:28 . 2011-01-31 02:28 -------- d-----w- c:\arquivos de programas\AnalogX

2011-01-31 00:17 . 2011-01-31 00:17 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\DPEC

2011-01-25 14:48 . 2011-01-25 14:48 -------- d-----w- C:\database

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-03 00:03 . 2010-12-03 00:03 796672 ----a-w- c:\windows\GPInstall.exe

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\system32\F6DAA0 ----

 

 

 

------- Sigcheck -------

 

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[7] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

 

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[7] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

 

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys

 

[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[7] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\ServicePackFiles\i386\d3d9.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]

@="{dd230880-495a-11d1-b064-008048ec2fc5}"

[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]

2010-10-01 23:05 129624 ----a-w- c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\shellex.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-02 13529088]

"nwiz"="nwiz.exe" [2008-05-02 1630208]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-02 86016]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-07-12 29896704]

"Lexmark X1100 Series"="c:\arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]

"AVP"="c:\arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]

"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"AdobeCS4ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-11-1 331776]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-11-26 04:38 500208 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2004-08-04 03:45 159744 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 03:45 1667584 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 13:17 421888 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 15:37 517096 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [14/12/2009 11:44 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 19:18 36880]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [14/12/2009 11:44 39352]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/12/2008 14:07 141312]

R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 16:34 743992]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/9/2009 12:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2/10/2009 17:39 19472]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/10/2010 22:08 279680]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2010 14:25 136176]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 12:37 517096]

S4 MySQL51;MySQL51;"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini" MySQL51 --> c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-02-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-ESCRITORIO-Roseli Mareti.job

- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-11-26 04:38]

 

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]

 

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-13 17:24]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 109.123.70.47:80

IE: Advanced Email Extractor - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Scan link with AEE - c:\arquivos%20de%20programas\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html

FF - ProfilePath - c:\documents and settings\Roseli Mareti\Dados de aplicativos\Mozilla\Firefox\Profiles\x2ihzpvd.default\

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-20 15:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL51]

"ImagePath"="\"c:\arquivos de programas\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\arquivos de programas\MySQL\MySQL Server 5.1\my.ini\" MySQL51"

.

Tempo para conclusão: 2011-02-20 15:03:44

ComboFix-quarantined-files.txt 2011-02-20 18:03

ComboFix2.txt 2011-02-20 15:40

ComboFix3.txt 2011-02-20 03:23

 

Pré-execução: 6.197.440.512 bytes disponíveis

Pós execução: 6.185.644.032 bytes disponíveis

 

- - End Of File - - B2C258B0158E5A3889866F4DFD5005A9

Compartilhar este post


Link para o post
Compartilhar em outros sites

Novos Logs:

 

DDS.txt

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Roseli Mareti at 21:09:34,16 on qua 23/02/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1918.1166 [GMT -3:00]

 

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky PURE *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky PURE *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmgr.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Arquivos de programas\Lexmark X1100 Series\lxbkbmon.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\avp.exe

C:\Arquivos de programas\Arquivos comuns\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Roseli Mareti\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://br.ask.com?o=14784&l=dis

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 109.123.70.47:80

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: VDownloader Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [HDAudDeck] c:\arquivos de programas\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Lexmark X1100 Series] "c:\arquivos de programas\lexmark x1100 series\lxbkbmgr.exe"

mRun: [AVP] "c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe"

mRun: [AdobeCS5ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeCS4ServiceManager] "c:\arquivos de programas\arquivos comuns\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: Adicionar ao Antibanner - c:\arquivos de programas\kaspersky lab\kaspersky pure\ie_banner_deny.htm

IE: Advanced Email Extractor - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/page.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: Scan link with AEE - c:\arquivos%20de%20programas\advanced%20email%20extractor%20pro\AeePMsie.dll/link.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\arquivos de programas\kaspersky lab\kaspersky pure\klwtbbho.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286333767890

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: klogon - c:\windows\system32\klogon.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\roseli~1\dadosd~1\mozilla\firefox\profiles\x2ihzpvd.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://google.com.br

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt_BR&apn_uid=F20460D3-0933-4294-BB15-6F14E810F0C2&apn_ptnrs=VY&apn_sauid=C55E6A59-040F-42C6-B5BB-3E4D96D02A82&apn_dtid=YYYYYYYYBR&q=

FF - prefs.js: network.proxy.type - 1

FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: VDownloader Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ff

 

============= SERVICES / DRIVERS ===============

 

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2009-12-14 88632]

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2011-2-23 11608]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2009-12-14 39352]

R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-2-15 315408]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-19 141312]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-2-23 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-2-23 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-23 61960]

R2 AVP;Kaspersky PURE;c:\arquivos de programas\kaspersky lab\kaspersky pure\avp.exe [2010-10-1 348760]

R2 CSObjectsSrv;CryptoStorage control service;c:\arquivos de programas\arquivos comuns\infowatch\cryptostorage\ProtectedObjectsSrv.exe [2009-12-21 743992]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-5 279680]

S2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast5\avastsvc.exe" --> c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-10-13 136176]

S3 hjdjcob;hjdjcob;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\arquivos comuns\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MySQL51;MySQL51;"c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\arquivos de programas\mysql\mysql server 5.1\my.ini" mysql51 --> c:\arquivos de programas\mysql\mysql server 5.1\bin\mysqld [?]

 

=============== Created Last 30 ================

 

2011-02-23 19:30:12 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Avira

2011-02-23 19:21:29 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-23 19:21:28 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Avira

2011-02-23 19:21:28 -------- d-----w- c:\arquivos de programas\Avira

2011-02-23 19:12:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\MFAData

2011-02-23 04:01:12 -------- d-----w- C:\tmp_linkws

2011-02-23 03:21:51 -------- d-----w- c:\arquivos de programas\Carteiro

2011-02-22 12:13:39 -------- d-----w- c:\docume~1\roseli~1\config~1\dadosd~1\AskToolbar

2011-02-21 21:03:20 -------- d-----w- C:\1e15d7ed405a51104c55f3f68760b0

2011-02-21 20:52:27 -------- d-----w- C:\df0c51e09805af38960371adb036eaf8

2011-02-21 20:51:08 -------- d-----w- c:\arquivos de programas\Ask.com

2011-02-21 20:50:49 -------- d-----w- c:\arquivos de programas\WinPcap

2011-02-21 20:50:46 444283 ----a-w- c:\arquivos de programas\arquivos comuns\WinPcapNmap.exe

2011-02-21 20:50:46 3056008 ----a-w- c:\arquivos de programas\arquivos comuns\AskToolbarInstaller.exe

2011-02-21 20:50:46 -------- d-----w- C:\ProgramData

2011-02-21 20:50:43 -------- d-----w- c:\arquivos de programas\VDownloader

2011-02-21 20:48:38 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-20 02:55:18 -------- d-sha-r- C:\cmdcons

2011-02-20 02:28:38 98816 ----a-w- c:\windows\sed.exe

2011-02-20 02:28:38 89088 ----a-w- c:\windows\MBR.exe

2011-02-20 02:28:38 256512 ----a-w- c:\windows\PEV.exe

2011-02-20 02:28:38 161792 ----a-w- c:\windows\SWREG.exe

2011-02-20 00:19:13 -------- d-----w- C:\LinhaDefensiva

2011-02-20 00:12:54 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-02-20 00:11:12 -------- d-----w- C:\HostsXpert

2011-02-19 22:38:21 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Canneverbe Limited

2011-02-19 22:38:21 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Canneverbe Limited

2011-02-19 22:38:11 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2011-02-19 22:26:02 47360 ----a-w- c:\windows\system32\drivers\Pcouffin.sys

2011-02-19 22:25:57 -------- d-----w- c:\arquivos de programas\vso

2011-02-19 06:49:22 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software

2011-02-19 05:54:19 -------- d-----w- c:\arquivos de programas\WebExtractor

2011-02-19 01:53:28 -------- d-----w- C:\UsbFix

2011-02-19 01:52:59 1220299 ----a-w- C:\UsbFix.exe

2011-02-16 00:19:31 162392 ----a-w- c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

2011-02-16 00:19:14 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-02-16 00:19:14 114243 ----a-w- c:\windows\system32\drivers\klin.dat

2011-02-16 00:17:07 -------- d-----w- c:\arquivos de programas\arquivos comuns\InfoWatch

2011-02-16 00:17:04 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab

2011-02-16 00:17:04 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2011-02-16 00:10:42 -------- d-----w- c:\arquivos de programas\Microsoft Bootvis

2011-02-16 00:00:46 -------- d-----w- c:\docume~1\roseli~1\dadosd~1\Registry Mechanic

2011-02-15 23:58:23 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Kaspersky Lab Setup Files

2011-02-15 23:45:57 -------- d-----w- C:\CARROS

2011-02-15 23:29:26 -------- dc-h--w- c:\windows\ie8

2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-02-14 08:43:01 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-13 06:05:49 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\XoftSpySE

2011-02-13 05:52:56 -------- d-----w- C:\_OTL

2011-02-13 05:41:36 -------- d-----w- C:\Program Files

2011-02-12 08:41:46 149504 ----a-w- c:\windows\UNWISE.EXE

2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\arquivos comuns\TweakMarketing

2011-02-12 08:41:46 -------- d-----w- c:\arquivos de programas\Advanced Email Extractor PRO

2011-02-12 08:39:03 -------- d-----w- C:\extractor

2011-02-12 08:38:42 -------- d-----w- c:\arquivos de programas\JC-Email Segmenter Plus

2011-02-12 08:37:25 -------- d-----w- c:\arquivos de programas\FindEmail

2011-02-12 08:26:26 -------- d-----w- c:\arquivos de programas\Web Data Extractor 3.7

2011-02-11 10:17:38 43008 ----a-w- c:\windows\system32\MSMAPI32.oca

2011-02-11 10:17:38 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca

2011-02-11 10:11:24 1652736 ----a-w- c:\windows\system32\mshtml.oca

2011-02-11 10:11:22 64000 ----a-w- c:\windows\system32\ieframe.oca

2011-02-11 10:11:22 29184 ----a-w- c:\windows\system32\MSINET.oca

2011-02-11 10:11:22 135168 ----a-w- c:\windows\system32\MSCOMCT2.oca

2011-02-11 10:09:57 -------- d-----w- c:\arquivos de programas\Web Publish

2011-02-11 09:19:53 -------- d-----w- c:\arquivos de programas\Resource Hacker

2011-02-11 04:38:45 -------- d-----w- c:\arquivos de programas\Service-Desk-Crm

2011-02-11 04:38:41 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-02-10 18:33:09 -------- d-----w- c:\windows\system32\F6DAA0

2011-01-31 02:35:48 -------- d-----w- C:\AudacityPortable

2011-01-31 02:28:17 -------- d-----w- c:\arquivos de programas\AnalogX

2011-01-25 14:48:49 -------- d-----w- C:\DPEC

2011-01-25 14:48:33 -------- d-----w- C:\database

 

==================== Find3M ====================

 

2011-02-21 20:48:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-12-03 00:03:25 796672 ----a-w- c:\windows\GPInstall.exe

 

============= FINISH: 21:10:45,73 ===============

 

Attach.txt:

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/10/2010 20:44:03

System Uptime: 23/2/2011 20:31:25 (1 hours ago)

 

Motherboard: FOXCONN | | M61PMV

Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz

Processor: AMD Athlon 7750 Dual-Core Processor | AMD Athlon 7750 Dual-Core Processor | 2712/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 0,602 GiB free.

D: is CDROM ()

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

7-Zip 4.57

Ad-Remover By C_XX

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Community Help

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS3

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS5

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe XMP Panels CS4

Advanced Archive Password Recovery

Advanced Email Extractor PRO

Agere Systems PCI Soft Modem

AnalogX Vocal Remover

Apple Application Support

Apple Software Update

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

µTorrent

avast! Free Antivirus

Avira AntiVir Personal - Free Antivirus

C-Media WDM Audio Driver

Carteiro

CCleaner

CDBurnerXP

Cheat Engine 5.5

Cheat Engine 5.6.1

Compatibility Pack for the 2007 Office system

Connect

ConvertXtoDVD 2.0.12

Ferramenta de Carregamento do Windows Live

FindEmail 2.2.8

Foxit Reader

Google Chrome

Google Earth

Google Update Helper

HijackThis 2.0.2

Java Auto Updater

Java 6 Update 24

JC-Email Segmenter Plus

K-Lite Mega Codec Pack 4.2.5

Kaspersky PURE

kuler

Lexmark X1100 Series

Microsoft .NET Framework 2.0

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Bootvis

Microsoft Choice Guard

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edição 2003

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio 6.0 Enterprise Edition

Microsoft Web Publishing Wizard 1.53

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6.13)

MSVCRT

MySQL Server 5.1

NVIDIA Drivers

PDF Settings CS5

Photoshop Camera Raw

Platform

QuickTime

Real Alternative 1.9.0

Resource Hacker Version 3.5.2

Segoe UI

SiS VGA Utilities

SiSAGP driver

Skype™ 5.1

Spyware Terminator

Suite Shared Configuration CS4

UltraISO Premium V8.63

UsbFix By El Desaparecido & C_XX

VDownloader 3.0.752

VIA Gerenciador de dispositivo de plataforma

VobSub v2.23 (Remove Only)

Web Data Extractor 3.7

Web Data Extractor 8.1

WebFldrs XP

WinAVI Video Converter

WinAVI Video Converter 9.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Player Firefox Plugin

Windows XP Service Pack 2

WinPcap 4.1.1

XP Codec Pack

 

==== End Of File ===========================

 

Só pra constar, entre ontem e hoje deu uma piorada o pc...ele desinstala a placa de rede e de som do nada...ai tem que restaurar o sistema...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

 

Por favor, quantos anti-vírus você tem instalado?

 

Você restaurou seu sistema? Usou algum pen-drive, HD Externo ou DVD que não usou enquanto estivemos no processo de remoção?

 

 

<< 1 >>

 

Siga as instruções do tutorial abaixo e execute o Ad-Remover. Utilize a opção CLEAN. Poste o log gerado.

 

Tutorial do Ad-Remover

 

 

<< 2 >>

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

 

  • Delete o Combofix.exe do seu desktop e baixe uma nova versão AQUI, salvando no seu Desktop.
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Code":
    DRIVER::
    hjdjcob
    
    FILE::
    c:\windows\system32\03.tmp


     

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe.
  • Se solicitado, pressione Enter para iniciar o processo de remoção.
  • Não use o mouse nem o teclado quando o ComboFix estiver rodando.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

 

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.