[Arquivado] &nbspPC lento - Análise de Log

[wrongdoer 0]

Meu pc ta lento e estou com 3 Hd's e queria fazer uma "limpa"

 

Log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:14:16, on 29/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

c:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\PROGRAMS\CORELDRW.EXE

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wp.setingsys.com:8083/connect.dat

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Configurações do Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: MailList Controller - Arclab Software Technologies - c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

O23 - Service: Gbp Service (s) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\iS3\Anti-Spyware\SZServer.exe (file missing)

 

--

End of file - 10456 bytes

[Renato Utsch 24]

Olá!

 

Seja bem vindo à seção de Remoção de Malwares do IMasters Fórums!

 

Por favor, siga as instruções abaixo:

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

• Temporariamente desative os seus programas de proteção.
  
• Duplo clique em dds.scr.
  
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  
• Salve o resultado e cole-o no seu tópico.
  

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

[wrongdoer 0]

Olá!

 

Seja bem vindo à seção de Remoção de Malwares do IMasters Fórums!

 

Por favor, siga as instruções abaixo:

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

• Temporariamente desative os seus programas de proteção.
  
• Duplo clique em dds.scr.
  
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  
• Salve o resultado e cole-o no seu tópico.
  

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

 

 

DDS

 

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by Administrador at 11:00:56,84 on seg 02/05/2011

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.49 [GMT -3:00]

 

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Update\1.3.21.53\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\borland\interbase\bin\ibguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\arclab\maillist controller\amlcSVC.exe

c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe

C:\Arquivos de programas\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\borland\interbase\bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

c:\Arquivos de programas\Corel\CorelDRAW Graphics Suite X4\PROGRAMS\CORELDRW.EXE

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearchAssistant = hxxp://www.google.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\arquivos de programas\hp\smart web printing\hpswp_printenhancer.dll

BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\arquivos de programas\hp\smart web printing\hpswp_framework.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} -

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\administrador\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

mRun: [soundMan] SOUNDMAN.EXE

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\arquiv~1\mi3aa1~1\INetRepl.dll

IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll

IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\arquivos de programas\hp\smart web printing\hpswp_extensions.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210096320078

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\wjav1kz9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - prefs.js: network.proxy.type - 2

FF - component: c:\arquivos de programas\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\arquivos de programas\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npybrowserplus_2.4.17.dll

FF - plugin: c:\browserplusplugins\054b6841520a59bc7df387c379b16986\npybrowserplus_2.9.8.dll

FF - plugin: c:\documents and settings\administrador\dados de aplicativos\mozilla\plugins\npPxPlay.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

 

============= SERVICES / DRIVERS ===============

 

R0 39484862;39484862 Boot Guard Driver;c:\windows\system32\drivers\39484862.sys [2011-4-5 37392]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2009-8-20 45472]

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]

R1 39484861;39484861;c:\windows\system32\drivers\39484861.sys [2011-4-5 128016]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-4 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-20 301528]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;c:\windows\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [2010-5-16 3584]

R1 fox.cmddrv;fox.cmddrv;c:\windows\system32\drivers\3948486.sys [2011-4-5 315408]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-20 19544]

S3 cpuz129;cpuz129;\??\c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\config~1\temp\cpuz_x32.sys [?]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-4-8 23456]

S3 NDISKIO;NDISKIO;\??\c:\docume~1\admini~1\config~1\temp\000000fd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\admini~1\config~1\temp\000000fd.nmc\nse\bin\ndiskio.sys [?]

 

=============== Created Last 30 ================

 

2011-04-29 14:15:28 -------- d-----w- C:\DriveKey

2011-04-19 17:07:28 -------- d-sh--w- c:\documents and settings\administrador\UserData

2011-04-08 19:44:56 -------- d-----w- c:\docume~1\admini~1\dadosd~1\D-Book

2011-04-08 19:42:23 -------- d-----w- c:\arquivos de programas\Digipix D-Book

2011-04-08 12:20:54 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

2011-04-08 12:20:54 -------- d-----w- c:\docume~1\admini~1\config~1\dadosd~1\eSupport.com

2011-04-08 12:10:45 -------- d-----w- c:\arquivos de programas\FinalWire

2011-04-05 13:46:06 37392 ----a-w- c:\windows\system32\drivers\39484862.sys

2011-04-05 13:46:06 315408 ----a-w- c:\windows\system32\drivers\3948486.sys

2011-04-05 13:46:06 128016 ----a-w- c:\windows\system32\drivers\39484861.sys

2011-04-04 11:51:29 -------- d-s---w- C:\ComboFix

 

==================== Find3M ====================

 

2011-05-02 12:19:15 2620 --sha-w- c:\docume~1\alluse~1\dadosd~1\KGyGaAvL.sys

2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr

2011-02-03 00:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-02 22:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2004-10-01 18:00:16 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

 

============= FINISH: 11:03:54,81 ===============

____________________

 

Attach

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-11-10.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/5/2008 14:38:21

System Uptime: 5/2/2011 08:08:40 (2067 hours ago)

 

Motherboard: | | K8M800-M2

Processor: AMD Sempron Processor 2600+ | Socket 940 | 1599/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 8,515 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 932 GiB total, 90,71 GiB free.

G: is FIXED (NTFS) - 128 GiB total, 50,671 GiB free.

H: is FIXED (NTFS) - 105 GiB total, 8,923 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia N95 8GB

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia N95 8GB

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Common File Installer

Adobe Community Help

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash CS3 Professional

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Center 1.0

Adobe Help Viewer CS3

Adobe Illustrator CS2

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe PageMaker 7.0

Adobe PDF Library Files

Adobe Photoshop CS2

Adobe Reader 8.1.4 - Português

Adobe Setup

Adobe SING CS3

Adobe Stock Photos 1.0

Adobe Stock Photos CS3

Adobe SVG Viewer 3.0

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

ADPHONE3

Advanced SystemCare 3

AIDA64 Extreme Edition v1.60

AiO_Scan

Any Video Converter 3.0.7

Apple Application Support

Apple Software Update

Ares 2.1.6

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para Windows Internet Explorer 7 (KB947518)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973815)

aTube Catcher

Auslogics Duplicate File Finder

avast! Free Antivirus

BufferChm

Caricature Studio Green 3.6

CCleaner

CoffeeCup Photo Gallery

ConvertXtoDVD 4.0.9.322

CoolSMS 2.06 beta

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang EN

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

CustomerResearchQFolder

CuteFTP 8 Professional

D-Book 5.5.1

DAEMON Tools Toolbar

DeviceDiscovery

DeviceManagementQFolder

Dg Foto Art Gold Trial(Portuguese)

dj_sf_software

dj_sf_software_req

DM3 Contas a Pagar & Receber for Windows

DM3 Relatórios 6.2

Document2PDF Pilot 2.16.100 Trial

Document2PDF Sample 1.0

DriverAgent by eSupport.com

DVD Shrink 3.2

DVD Solution

EAX Unified

eMule

eSupportQFolder

Extensis Mask Pro 3.0

FastDictionary 2007

Ferramenta de Carregamento do Windows Live

Flash Slideshow Maker Pro 5.00

FormatFactory 2.20

GameSpy Comrade

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

Guia do Dispositivo do MOTO Q gsm

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para Windows XP (KB943232-v2)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

HP Customer Participation Program 9.0

HP Deskjet Printer Driver Software 9.0

HP Image Zone 4.2

HP Imaging Device Functions 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP PSC & OfficeJet 4.2

HP Smart Web Printing

HP Solution Center 9.0

HP Update

HP USB Disk Storage Format Tool

HPProductAssistant

HPSSupply

Instalação das DLLs no Windows

Ipswitch WS_FTP 12

Java 2 Runtime Environment, SE v1.4.2_13

Java Auto Updater

Java 6 Update 24

Java 6 Update 6

Macromedia Dreamweaver MX

Macromedia Extension Manager

Magic ISO Maker v5.4 (build 0256)

MailList Controller 7.2 R3 Free

Malwarebytes' Anti-Malware

MarketResearch

Megaupload Downloader

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 4.0 (x86 pt-BR)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 6 Service Pack 2 (KB954459)

Multimedia Launcher

NEF Codec

Nero 7 Essentials

neroxml

NETEagle

NOD32 FiX v2.1

Nokia Connectivity Cable Driver

NVIDIA PhysX v8.07.11

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

PanoStandAlone

PC Connectivity Solution

PDF Settings

Photodex Presenter

PIXresizer

ProShow Gold

PSSWCORE

QFolder

QuickTime

Realtek AC'97 Audio

RegCure 1.5.1.3

Revo Uninstaller 1.90

RichFLV

Samsung SCX-4200 Series

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

Shine Video To Audio Converter 3.00

Significado do seu nome

SmarThru 4

SmartSound Quicktracks Plugin

SolutionCenter

Sony DVD Architect 3.0c

Spybot - Search & Destroy

Status

SWF Opener

The Sims 2

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2522999)

UsbFix By TeamXscript

você 9.0 Runtime

VideoToolkit01

Virtual Dj Studio 5.3

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

VisualLightBox

Vivo 3G

Warmonger

WebFldrs XP

WebReg

WinAVI Video Converter

Windows Imaging Component

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows XP Service Pack 3

Yahoo! BrowserPlus 2.9.8

 

==== End Of File ===========================

[Renato Utsch 24]

Olá!

 

Por favor, siga as instruções abaixo:

 

 

Por favor, siga o tutorial no link abaixo:

 

#### Como usar o ComboFix ####

 

Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.

 

• Siga o tutorial e execute o ComboFix.
  
• Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

 

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

 

• Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  
• De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
  
• Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  
• Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

 

 

Abraços :D

[wrongdoer 0]

ComboFix 11-05-04.04 - Administrador 09/05/2011 9:44:57.9.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.245 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

ADS - drivers: deleted 216 bytes in 2 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Documents and Settings\Administrador\WINDOWS

F:\install.exe

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-09 to 2011-05-09 ))))))))))))))))))))))))))))

 

 

2011-05-09 12:38:42 . 2011-05-09 12:38:42 12568 ----a-w- C:\WINDOWS\system32\drivers\PROCEXP113.SYS

2011-04-29 14:15:28 . 2011-04-29 14:15:28 -------- d-----w- C:\DriveKey

2011-04-19 17:07:28 . 2011-04-19 17:07:29 -------- d-sh--w- C:\Documents and Settings\Administrador\UserData

.

 

 

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2011-05-06 19:31:58 . 2008-12-05 18:44:33 2620 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-04-08 12:20:54 . 2011-04-08 12:20:54 23456 ----a-w- C:\WINDOWS\system32\drivers\DrvAgent32.sys

2011-03-09 20:30:59 . 2011-03-09 20:30:59 1049907 ----a-w- C:\UsbFix_Upload_Me_WEB.zip

2011-02-23 15:04:21 . 2010-10-20 19:20:04 40648 ----a-w- C:\WINDOWS\avastSS.scr

2011-02-23 15:04:17 . 2010-10-20 19:20:03 190016 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2011-02-23 14:56:55 . 2011-03-04 11:46:17 371544 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys

2011-02-23 14:56:45 . 2010-10-20 19:22:47 301528 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2011-02-23 14:55:49 . 2010-10-20 19:22:38 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2011-02-23 14:55:47 . 2010-10-20 19:22:21 102232 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2011-02-23 14:55:44 . 2010-10-20 19:22:19 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2011-02-23 14:55:10 . 2010-10-20 19:22:44 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2011-02-23 14:54:57 . 2010-10-20 19:22:15 30680 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2011-02-23 14:54:55 . 2010-10-20 19:22:50 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2004-10-01 18:00:16 . 2010-05-13 11:18:40 40960 ----a-w- C:\Arquivos de programas\Uninstall_CDS.exe

2011-05-04 12:58:21 . 2011-03-23 13:18:30 142296 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

 

 

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04:11 122512 ----a-w- C:\Arquivos de programas\Alwil Software\Avast5\ashShell.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 12:21:08 153136]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 00:12:18 3872080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-10-23 19:18:30 90112]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 00:34:40 49152]

"avast5"="C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-02-23 15:04:20 3451496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45:32 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-09-29 12:49:22 342304 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 39484862;39484862 Boot Guard Driver;C:\WINDOWS\system32\drivers\39484862.sys [5/4/2011 10:46:06 37392]

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [20/8/2009 10:48:21 45472]

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18/1/2009 15:05:46 717296]

R0 szkg5;szkg;C:\WINDOWS\system32\drivers\SZKG.sys [12/5/2009 14:13:12 61328]

R1 39484861;39484861;C:\WINDOWS\system32\drivers\39484861.sys [5/4/2011 10:46:06 128016]

R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [4/3/2011 08:46:17 371544]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [20/10/2010 16:22:47 301528]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22:10 3584]

R1 fox.cmddrv;fox.cmddrv;C:\WINDOWS\system32\drivers\3948486.sys [5/4/2011 10:46:06 315408]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [20/10/2010 16:22:50 19544]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]

R2 MailList Controller;MailList Controller;C:\Arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52:16 1585152]

S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]

S2 s;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]

S3 cpuz129;cpuz129;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [8/4/2011 09:20:54 23456]

S3 gupdatem;Serviço do Google Update (gupdatem);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]

S3 NDISKIO;NDISKIO;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-05-04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34:12 . 2008-07-30 15:34:12]

 

2011-05-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47:46 . 2009-12-30 18:47:10]

 

2011-05-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47:46 . 2009-12-30 18:47:10]

 

 

------- Scan Suplementar -------

 

uSearchAssistant = hxxp://www.google.com

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - prefs.js: network.proxy.type - 2

 

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-09 10:00:20

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

"haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(712)

C:\Arquivos de programas\GbPlugin\gbieh.dll

 

Tempo para conclusão: 2011-05-09 10:06:41

ComboFix-quarantined-files.txt 2011-05-09 13:06:37

ComboFix2.txt 2010-11-22 18:38:31

 

Pré-execução: 8.619.012.096 bytes disponíveis

Pós execução: 8.694.054.912 bytes disponíveis

 

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - E689B14D7F71922C573A535933E4BC07

[Renato Utsch 24]

Olá!

 

Você conhece o programa abaixo ou a porta que ele utiliza?

 

26675:TCP = ActiveSync Service

 

 

Poste um novo log do ComboFix, seguindo as instruções dadas acima...

 

 

Abraços :D

[wrongdoer 0]

Olá!

 

Você conhece o programa abaixo ou a porta que ele utiliza?

 

26675:TCP = ActiveSync Service

 

 

Poste um novo log do ComboFix, seguindo as instruções dadas acima...

 

 

Abraços :D

 

Acredito que seja um programa que sincroniza o pc com o celular.

[Renato Utsch 24]

Aguardando novo log...

 

 

Abraços :D

[wrongdoer 0]

Aguardando novo log...

 

 

Abraços :D

 

Novo Log ComboFix

 

ComboFix 11-05-26.03 - Administrador 27/05/2011 8:51:07.10.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.272 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

ADS - drivers: deleted 204 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))

 

 

2011-05-26 14:56:33 . 2011-05-26 14:56:33 -------- d-----w- C:\Documents and Settings\Administrador\Dados de aplicativos\RapidSMTP

2011-05-26 14:50:26 . 2011-05-26 14:50:26 -------- d-----w- C:\Arquivos de programas\RapidSMTP.com

2011-05-09 12:38:42 . 2011-05-27 11:44:02 12568 ----a-w- C:\WINDOWS\system32\drivers\PROCEXP113.SYS

2011-04-29 14:15:28 . 2011-04-29 14:15:28 -------- d-----w- C:\DriveKey

.

 

 

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2011-05-25 19:27:12 . 2008-12-05 18:44:33 2620 --sha-w- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2011-04-08 12:20:54 . 2011-04-08 12:20:54 23456 ----a-w- C:\WINDOWS\system32\drivers\DrvAgent32.sys

2011-03-09 20:30:59 . 2011-03-09 20:30:59 1049907 ----a-w- C:\UsbFix_Upload_Me_WEB.zip

2004-10-01 18:00:16 . 2010-05-13 11:18:40 40960 ----a-w- C:\Arquivos de programas\Uninstall_CDS.exe

2011-05-04 12:58:21 . 2011-03-23 13:18:30 142296 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

 

 

((((((((((((((((((((((((((((( SnapShot@2011-05-09_13.00.36 )))))))))))))))))))))))))))))))))))))))))

 

+ 2011-05-27 11:31:05 . 2011-05-27 11:31:05 16384 C:\WINDOWS\Temp\Perflib_Perfdata_330.dat

+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 10134 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_798896A94D94CDF133CE85.exe

+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 10134 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_4D557618789315658FE741.exe

+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 10134 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_1A7B3518CBD5661075CF55.exe

+ 2009-11-13 10:37:27 . 2011-05-11 15:05:39 35088 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-11-13 10:37:27 . 2011-04-14 18:24:11 35088 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-11-13 10:37:26 . 2011-04-14 18:24:11 18704 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 18704 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-11-13 10:37:26 . 2011-04-14 18:24:11 20240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 20240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 3262 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_D452B1DEBDFFDE8CEF905E.exe

+ 2011-05-26 14:50:59 . 2011-05-26 14:50:59 3262 C:\WINDOWS\Installer\{CDB4E304-3A0B-4F67-9D1D-D34E213A048B}\_2B9895E6E3BAE959A44350.exe

+ 2011-05-26 14:50:58 . 2011-05-26 14:50:58 433152 C:\WINDOWS\Installer\ba869f.msi

- 2009-11-13 10:37:27 . 2011-04-14 18:24:11 888080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-11-13 10:37:27 . 2011-05-11 15:05:38 888080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 272648 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2009-11-13 10:37:26 . 2011-04-14 18:24:11 272648 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 922384 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-11-13 10:37:26 . 2011-04-14 18:24:11 922384 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-11-13 10:37:26 . 2011-04-14 18:24:11 845584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 845584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2009-11-13 10:37:26 . 2011-04-14 18:24:11 217864 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2009-11-13 10:37:26 . 2011-05-11 15:05:38 217864 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-11-13 10:37:25 . 2011-04-14 18:24:10 184080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-11-13 10:37:25 . 2011-05-11 15:05:38 184080 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-11-13 10:37:25 . 2011-05-11 15:05:37 159504 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2009-11-13 10:37:25 . 2011-04-14 18:24:10 159504 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-05-05 12:39:31 . 2011-05-23 11:27:23 2561960 C:\WINDOWS\system32\FNTCACHE.DAT

+ 2011-04-29 15:27:04 . 2011-04-29 15:27:04 4158464 C:\WINDOWS\Installer\c47a96.msp

+ 2011-04-28 08:42:32 . 2011-04-28 08:42:32 4990976 C:\WINDOWS\Installer\c47a7d.msp

+ 2009-11-13 10:37:25 . 2011-05-11 15:05:37 1172240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2009-11-13 10:37:25 . 2011-04-14 18:24:10 1172240 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-11-13 10:37:25 . 2011-05-11 15:05:37 1165584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2009-11-13 10:37:25 . 2011-04-14 18:24:10 1165584 C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2011-04-22 22:41:34 . 2011-04-22 22:41:34 11507712 C:\WINDOWS\Installer\c47ab3.msp

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

 

 

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04:11 122512 ----a-w- C:\Arquivos de programas\Alwil Software\Avast5\ashShell.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 12:21:08 153136]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 00:12:18 3872080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-10-23 19:18:30 90112]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 00:34:40 49152]

"avast5"="C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-02-23 15:04:20 3451496]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45:32 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2010-09-29 12:49:22 342304 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

"C:\\Arquivos de programas\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"C:\\Arquivos de programas\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Ipswitch\\WS_FTP 12\\wsftpgui.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 39484862;39484862 Boot Guard Driver;C:\WINDOWS\system32\drivers\39484862.sys [5/4/2011 10:46:06 37392]

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [20/8/2009 10:48:21 45472]

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [18/1/2009 15:05:46 717296]

R0 szkg5;szkg;C:\WINDOWS\system32\drivers\SZKG.sys [12/5/2009 14:13:12 61328]

R1 39484861;39484861;C:\WINDOWS\system32\drivers\39484861.sys [5/4/2011 10:46:06 128016]

R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [4/3/2011 08:46:17 371544]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [20/10/2010 16:22:47 301528]

R1 d8a4fef9-85c1-448f-a6f9-2570fb195020;d8a4fef9-85c1-448f-a6f9-2570fb195020;C:\WINDOWS\iprot\d8a4fef9-85c1-448f-a6f9-2570fb195020\PhysMem.sys [16/5/2010 09:22:10 3584]

R1 fox.cmddrv;fox.cmddrv;C:\WINDOWS\system32\drivers\3948486.sys [5/4/2011 10:46:06 315408]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [20/10/2010 16:22:50 19544]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]

R2 MailList Controller;MailList Controller;C:\Arquivos de programas\Arclab\MailList Controller\amlcSVC.exe [11/11/2009 16:52:16 1585152]

S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]

S2 s;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [20/8/2009 10:48:18 55072]

S3 cpuz129;cpuz129;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\cpuz_x32.sys [?]

S3 DrvAgent32;DrvAgent32;C:\WINDOWS\system32\drivers\DrvAgent32.sys [8/4/2011 09:20:54 23456]

S3 gupdatem;Serviço do Google Update (gupdatem);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [30/12/2009 15:47:46 135664]

S3 NDISKIO;NDISKIO;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\000000fd.nmc\nse\bin\ndiskio.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-05-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34:12 . 2008-07-30 15:34:12]

 

2011-05-27 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47:46 . 2009-12-30 18:47:10]

 

2011-05-26 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-30 18:47:46 . 2009-12-30 18:47:10]

 

 

------- Scan Suplementar -------

 

uSearchAssistant = hxxp://www.google.com

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wjav1kz9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - prefs.js: network.proxy.type - 2

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-27 09:09:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1292428093-329068152-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{19753715-5CA6-E81A-F585-35AE9F7B75DD}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaegkndhbppjofonfa"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

"haodplmmbokgnlim"=hex:6b,61,69,68,61,65,6f,6d,70,68,68,70,62,66,6b,6c,6c,69,

68,6e,67,6a,00,00

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(712)

C:\Arquivos de programas\GbPlugin\gbieh.dll

 

- - - - - - - > 'explorer.exe'(532)

C:\WINDOWS\system32\WININET.dll

C:\WINDOWS\system32\msi.dll

C:\Arquivos de programas\GbPlugin\gbieh.dll

C:\WINDOWS\system32\WPDShServiceObj.dll

C:\WINDOWS\system32\PortableDeviceTypes.dll

C:\WINDOWS\system32\PortableDeviceApi.dll

 

Tempo para conclusão: 2011-05-27 09:15:24

ComboFix-quarantined-files.txt 2011-05-27 12:15:19

ComboFix2.txt 2011-05-09 13:06:42

ComboFix3.txt 2010-11-22 18:38:31

 

Pré-execução: 6.038.798.336 bytes disponíveis

Pós execução: 6.093.393.920 bytes disponíveis

 

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - DB84E4752C654A108F706538CD7F07B4

[Renato Utsch 24]

Olá!

 

Por favor, siga as instruções abaixo:

 

<< 1 >>

 

Siga o tutorial abaixo e execute o Kaspersky Removal Tool. Depois poste o log gerado.

 

Tutorial do Kaspersky Virus Removal Tool

 

 

<< 2 >>

 

Delete o dds do seu desktop, baixe um novo e poste um novo log.

 

 

Abraços :D

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.