Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbsplog para analise

Recommended Posts

Ola pessoal!

 

gostaria de saber se tem algum virus nesse log abaixo..

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:38:48, on 15/3/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\USB Disk Security\USBGuard.exe

C:\WINDOWS\system32\S3trayp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\PowerS.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\prxtbMes2.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Bing.Toolbar - {074965C8-6F6A-4FF2-9037-E74337BCF2E0} - C:\WINDOWS\system32\Gbas.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\prxtbMes2.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\prxtbMes2.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [uSB Antivirus] C:\Arquivos de programas\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\RunOnce: [CStrip] C:\WINDOWS\system32\CStrip.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264598012906

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264617470953

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7072 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Edvan

 

 

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute-o, clique [Clean] > [sim] > [OK] > [sim]

*O PC será reiniciado

*Cole o relatório C:\Ad-Report-CLEAN[1].txt

 

2.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenha o Malwarebytes instalado...

 

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa cara não ter respondido antes, é porque esse log é de um pc de uma amiga, tenho que dar um jeito de acessar o pc dela remotamente para fazer o procedimento, mais de antemão eu já passei o Malwarebytes e removir duas pragas!,,..

 

Depois passo o AD-Remover ..

 

Me respondi uma coisa, essas entradas são normais?

 

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

 

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

 

Valeu brother..

Compartilhar este post


Link para o post
Compartilhar em outros sites

wings, desconsidere o log anterior, não tenho mais acesso a esse pc...

 

Analise por favor o log abaixo:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:55:49, on 11/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\TeamViewer\Version6\TeamViewer.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TeamViewer\Version6\tv_w32.exe

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Arquivos de programas\PriceGong\2.1.0\PriceGongIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: CesarFTP.lnk = C:\Arquivos de programas\CesarFTP\CesarFTP.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292541760281

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://189.124.131.128:8283/cab/OCXChecker_8320.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} (XQWebView Control) - http://189.45.97.36:8080/WebControl.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 12284 bytes

 

Adiantando algumas ferramentas..

 

ComboFix 11-04-10.04 - Edvan 11/04/2011 12:11:02.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2036.1469 [GMT -3:00]

Executando de: c:\documents and settings\Edvan\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

* Criado um novo ponto de restauração

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\1.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\a.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\b.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\c.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\d.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\e.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\f.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\g.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\h.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\i.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\J.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\k.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\l.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\m.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\n.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\o.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\p.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\q.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\r.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\s.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\t.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\u.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\v.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\w.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\x.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\y.xml

c:\documents and settings\Edvan\Dados de aplicativos\PriceGong\Data\z.xml

c:\windows\system32\zip32.dll.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-03-11 to 2011-04-11 ))))))))))))))))))))))))))))

.

.

2011-04-08 22:41 . 2011-04-08 22:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2011-04-08 22:41 . 2011-04-08 22:49 -------- d-----w- c:\documents and settings\Edvan\Configurações locais\Dados de aplicativos\NPE

2011-04-08 21:14 . 2011-04-08 21:14 -------- d-----w- c:\arquivos de programas\PriceGong

2011-04-08 21:11 . 2011-04-08 22:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SweetIM

2011-04-08 21:11 . 2011-04-08 22:21 -------- d-----w- c:\arquivos de programas\SweetIM

2011-04-06 15:56 . 2011-04-06 15:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\MGB

2011-04-06 15:56 . 2011-04-06 15:56 -------- d-----w- c:\arquivos de programas\Aulete digital

2011-04-02 03:39 . 2011-04-09 15:08 -------- d-----w- c:\arquivos de programas\EpocCam

2011-04-01 19:05 . 2011-04-01 19:05 -------- d-----w- c:\documents and settings\Edvan\Configurações locais\Dados de aplicativos\Nero

2011-04-01 01:59 . 2011-04-01 01:59 -------- d-----w- c:\arquivos de programas\FreeTime

2011-03-27 02:52 . 2011-03-27 02:53 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Toolbar4

2011-03-27 00:03 . 2011-03-27 00:06 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\GetRightToGo

2011-03-26 23:25 . 2011-03-26 23:25 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\CTdeveloping

2011-03-26 23:23 . 2011-03-26 23:23 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\BabylonToolbar

2011-03-26 23:18 . 2007-08-21 16:32 98304 ----a-w- c:\windows\system32\redmonnt.dll

2011-03-26 23:16 . 2011-03-26 23:22 -------- d-----w- c:\arquivos de programas\FoxTabPDFConverter

2011-03-26 01:28 . 2011-03-27 03:00 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Skype

2011-03-26 01:28 . 2011-03-26 01:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2011-03-22 23:52 . 2011-03-22 23:52 -------- d-----w- c:\windows\MjM Free Photo Recovery Software

2011-03-22 02:38 . 2011-03-22 02:55 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Download Manager

2011-03-19 01:59 . 2011-03-27 02:46 -------- d-----w- c:\documents and settings\Edvan\Dados de aplicativos\Dev-Cpp

2011-03-17 02:38 . 2011-03-17 02:38 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Panda Security

2011-03-17 02:38 . 2011-03-17 02:38 -------- d-----w- c:\arquivos de programas\Panda USB Vaccine

2011-03-17 02:31 . 2011-03-17 02:31 -------- d-----w- C:\PenClean

2011-03-17 02:20 . 2011-03-17 02:20 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-03-12 15:28 . 2011-03-12 15:28 103864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-31 22:13 . 2010-12-16 08:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-03-20 13:02 . 2010-12-20 00:41 164880 ---ha-w- c:\documents and settings\Edvan\Dados de aplicativos\Microsoft\Virtual PC\VPCKeyboard.dll

2011-03-04 02:19 . 2011-03-04 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-03-04 02:19 . 2011-03-04 02:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-17 21:06 . 2011-02-20 02:45 160560 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-02-17 21:06 . 2011-02-20 02:45 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

2010-08-18 10:08 353656 ----a-w- c:\arquivos de programas\PriceGong\2.1.0\PriceGongIE.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2011-02-01 18:58 1499440 ----a-r- c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]

.

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Google Update"="c:\documents and settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-12-16 136176]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-10-27 1015808]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-09-03 281768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-16 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-16 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-16 137752]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-16 16384512]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]

"NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-10-29 249064]

"AdobeAAMUpdater-1.0"="c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-06 500208]

"SwitchBoard"="c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

c:\documents and settings\Edvan\Menu Iniciar\Programas\Inicializar\

CesarFTP.lnk - c:\arquivos de programas\CesarFTP\CesarFTP.exe [N/A]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2011-2-2 1838904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5900:TCP"= 5900:TCP:jbjh

"5800:TCP"= 5800:TCP:hyhb

.

R2 AntiVirSchedulerService;Avira AntiVir Agendamento;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [16/12/2010 05:41 135336]

R2 TeamViewer6;TeamViewer 6;c:\arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe [17/12/2010 17:41 2228008]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [17/12/2010 17:20 136176]

S3 SwitchBoard;SwitchBoard;c:\arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [19/2/2010 13:37 517096]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-04-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-ORDENADA-D6B06C-Edvan.job

- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-06 14:35]

.

2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-17 22:33]

.

2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-17 22:33]

.

2011-04-11 c:\windows\Tasks\PandaUSBVaccine.job

- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2011-03-17 19:45]

.

2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{5CDA444A-0E88-4B14-B401-700CF855461D}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 06:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

mWindow Title =

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://189.124.131.128:8283/cab/OCXChecker_8320.cab

DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} - hxxp://189.45.97.36:8080/WebControl.cab

FF - ProfilePath - c:\documents and settings\Edvan\Dados de aplicativos\Mozilla\Firefox\Profiles\vtzs2umv.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=689edc1100000000000000265a794b4b&tlver=1.4.19.19&instlRef=sst&affID=17161&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Dados de aplicativos\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - c:\arquivos de programas\PriceGong\2.1.0\FF

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-aTube Catcher - c:\arquivos de programas\aTube Catcher\uninstall.exe

AddRemove-EpocCam - c:\arquivos de programas\EpocCam\uninst.exe

AddRemove-MV RegClean 6.0_is1 - c:\arquivos de programas\Marcos Velasco Security\MV RegClean 6.0\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-11 12:21

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background??e

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'explorer.exe'(3988)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Panda USB Vaccine\USBVaccine.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\IoctlSvc.exe

c:\arquivos de programas\Orbitdownloader\orbitnet.exe

c:\windows\system32\wdfmgr.exe

c:\arquivos de programas\RealVNC\VNC4\WinVNC4.exe

c:\arquivos de programas\TeamViewer\Version6\TeamViewer.exe

c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\arquivos de programas\TeamViewer\Version6\tv_w32.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-04-11 12:25:57 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-04-11 15:25

.

Pré-execução: 12 pasta(s) 20.730.822.656 bytes disponíveis

Pós execução: 15 pasta(s) 21.112.066.048 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5750EF2347416B5B0BF154B26175B33C

Compartilhar este post


Link para o post
Compartilhar em outros sites

Adiantando mais ferramentas 2

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Versão da Base de Dados: 6333

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

11/4/2011 13:37:13

mbam-log-2011-04-11 (13-37-13).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 207870

Tempo decorrido: 33 minuto(s), 16 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 4

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 3

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CLASSES_ROOT\CLSID\{3A6A11A6-07E6-11D5-AC39-004005404D2E} (Worm.Ructo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3A6A11A4-07E6-11D5-AC39-004005404D2E} (Worm.Ructo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0F9550F1-0805-11D5-AC39-004005404D2E} (Worm.Ructo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mczipunziplib.mczip (Worm.Ructo) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\MCZIPUNZIPLIB.DLL (Worm.Ructo) -> Value: MCZIPUNZIPLIB.DLL -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\system volume information\_restore{c6dac6d2-17a8-476d-b769-d4978d02561c}\RP55\A0043176.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\mczipunziplib.dll (Worm.Ructo) -> Quarantined and deleted successfully.

c:\WINDOWS\installer\MSI2DB.tmp (HackTool.Hiderun) -> Quarantined and deleted successfully.

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 08/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:45:49 on 11/04/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Edvan@ORDENADA-D6B06C ( )

 

============== ACTION(S) ==============

 

 

Folder deleted: C:\Documents and Settings\Edvan\Dados de aplicativos\OpenCandy

Folder deleted: C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\OpenCandy

Folder deleted: C:\Documents and Settings\Edvan\Dados de aplicativos\PriceGong

Folder deleted: C:\Arquivos de programas\PriceGong

Folder deleted: C:\Documents and Settings\Edvan\Dados de aplicativos\Toolbar4

 

(!) -- Temporary files deleted.

 

 

Key deleted: HKLM\Software\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key deleted: HKLM\Software\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key deleted: HKLM\Software\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key deleted: HKLM\Software\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}

Key deleted: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO

Key deleted: HKLM\Software\Classes\PriceFactorIE.PriceGongBHO.1

Key deleted: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl

Key deleted: HKLM\Software\Classes\PriceGongIE.PriceGongCtrl.1

Key deleted: HKLM\Software\Classes\AppID\PriceGongIE.DLL

Key deleted: HKCU\Software\PriceGong

Key deleted: HKLM\Software\Orbit\OpenCandy

Key deleted: HKLM\Software\VDownloader\OpenCandy

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricegong

 

Value deleted: HKCU\Software\Mozilla\Firefox\Extensions|{8a9386b4-e958-4c4c-adf4-8f26db3e4829}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [3.6.16 (pt-BR)] ****

 

Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=689edc1100000000000000265a794b4b&tlver=1.4.19.19&affID=17161/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

HKLM_Extensions|smartwebprinting@hp.com - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

HKLM_Extensions|{3112ca9c-de6d-4884-a869-9855de68056c} - C:\Documents and Settings\All Users\Dados de aplicativos\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

HKCU_Extensions|smartwebprinting@hp.com - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

-- C:\Documents and Settings\Edvan\Dados de aplicativos\Mozilla\FireFox\Profiles\vtzs2umv.default --

Extensions\ffxtlbr@babylon.com (Babylon)

Extensions\{EEE6C361-6118-11DC-9C72-001320C79847} (SweetIM Toolbar for Firefox)

Searchplugins\SweetIM Search.xml (?)

Searchplugins\sweetim.xml (?)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Edvan\\Desktop

Prefs.js - browser.search.defaultenginename, SweetIM Search

Prefs.js - browser.search.defaulturl,

Prefs.js - browser.search.selectedEngine, SweetIM Search

Prefs.js - browser.startup.homepage, hxxp://home.sweetim.com

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.16

Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=689edc1100000000000000265a794b4b&tlver=1.4.19.19&instlRef=ss...

Prefs.js - sweetim.toolbar.previous.browser.search.defaultenginename,

Prefs.js - sweetim.toolbar.previous.browser.search.defaulturl,

Prefs.js - sweetim.toolbar.previous.browser.search.selectedEngine, Search the web (Babylon)

Prefs.js - sweetim.toolbar.previous.browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - sweetim.toolbar.previous.keyword.URL, hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=689edc1100000000000000265a794b4b&tl...

 

========================================

 

**** Google Chrome Version [10.0.648.204] ****

 

Extension\dhkplhfnhceodhffomolpfigojocbpcb (C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx) (x)

 

-- C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Enabled: true) (?)

Preferences - homepage: hxxp://home.sweetim.com

Preferences - homepage_is_newtabpage: false

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npdrmv2.dll)

Plugin - Microsoft DRM (Enabled: true) (C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll)

Plugin - "Microsoft DRM" (Enabled: true)

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)

HKCU_SearchScopes\{6FBF660E-A78D-4dc8-B9DA-302A931FFE66} - "Qbyrd Search" (hxxp://websearch.qbyrd.com/redirect?client=ie&tb=ATU-QBD&o=102357&src=crm&q={sea...)

HKCU_SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - "Search" (hxxp://www.bigseekpro.com/search/browser/freedesktopclock/{749A97C0-F388-4D56-88...)

HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})

HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "?" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})

HKCU_Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll)

HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

HKLM_Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7} (C:\Arquivos de programas\Orbitdownloader\GrabPro.dll)

HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

HKLM_ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2} - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Arquivos de programas\Free Desktop Clock DB Toolbar\TbHelper2.exe (x)

HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)

HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{000123B4-9B42-4900-B3F7-F4B073EFC214} - "Octh Class" (C:\Arquivos de programas\Orbitdownloader\orbitcth.dll)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 38 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 11/04/2011 13:46:06 (7721 Byte(s))

 

End at: 13:46:34, 11/04/2011

 

============== E.O.F ==============

 

 

 

 

 

Novo log

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:51:43, on 11/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\TeamViewer\Version6\TeamViewer.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\TeamViewer\Version6\tv_w32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Arquivos de programas\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edvan\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: CesarFTP.lnk = C:\Arquivos de programas\CesarFTP\CesarFTP.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292541760281

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://189.124.131.128:8283/cab/OCXChecker_8320.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {EFA7D1AF-C6FB-4BCB-8A7B-A1FE9825D0B3} (XQWebView Control) - http://189.45.97.36:8080/WebControl.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 12243 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...log limpo.

 

 

1.

*Execute o AD-Remover e clique [uninstall] > [Não] > [Close]

 

2.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

 

9c7dcf5090.jpg

 

*Clique [OK] > [Executar]

*Aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]

 

 

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde wings.

 

Ao clicar em [iniciar] > [Executar] > copie e cole: Combofix /uninstall, me retorna um erro, como o abaixo:

 

combofixd.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Baixe o DelFix e salve-o no desktop

*Execute-o e clique [suppression]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

# DelFix v7.6 - Rapport créé le 11/04/2011 à 18:52

# Mis à jour le 31/03/11 à 16h par Xplode

# Système d'exploitation : Microsoft Windows XP (32 bits) [versão 5.1.2600] Service Pack 3

# Nom d'utilisateur : Edvan - ORDENADA-D6B06C (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Edvan\Desktop\DelFix.exe

# Option [suppression]

 

 

~~~~~~ Dossier(s) ~~~~~~

 

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.

Supprimé : C:\Qoobox

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.

Supprimé : C:\ToolBar SD

Supprimé : C:\Documents and Settings\Edvan\DoctorWeb

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\WINDOWS\grep.exe

Supprimé : C:\WINDOWS\PEV.exe

Supprimé : C:\WINDOWS\NIRCMD.exe

Supprimé : C:\WINDOWS\MBR.exe

Supprimé : C:\WINDOWS\sed.exe

Supprimé : C:\WINDOWS\SWREG.exe

Supprimé : C:\WINDOWS\SWSC.exe

Supprimé : C:\WINDOWS\SWXCACLS.exe

Supprimé : C:\WINDOWS\zip.exe

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKCU\SOFTWARE\IDAVLab

Clé Supprimée : HKLM\Software\swearware

Clé Supprimée : HKLM\Software\IDAVLab

Clé Supprimée : HKLM\Software\Classes\.cfxxe

Clé Supprimée : HKLM\Software\Classes\cfxxefile

Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

Clé Supprimée : HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DWPROT

 

~~~~~~ Autre ~~~~~~

 

-> ESET Online Scanner ... Désinstallé avec succès

-> BitDefender Online Scanner ... Désinstallé avec succès

-> Prefetch vidé

 

########## EOF - "C:\DelFixSuppr.txt" - [1623 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

flw wings :joia:

 

pode setar como resolvido.. ;)

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.