[Resolvido] &nbspPC Reiniciando Sozinho

[Luca Albuquerque 1]

DelFix[s1]:

 

# DelFix v8.8 - Rapport créé le 16/05/2012 à 19:51:39

# Mis à jour le 12/02/12 par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : Administrador - PRIVE-BEF3B6042 (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Administrador\Desktop\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossiers(s) ~~~~~~

 

Supprimé : C:\_OTL

Supprimé : C:\MyHosts

Supprimé : C:\ZHP

Supprimé : C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP

Supprimé : C:\Documents and Settings\Administrador\Desktop\RK_Quarantine

Supprimé : C:\Arquivos de programas\Ad-Remover

Supprimé : C:\Arquivos de programas\ZHPDiag

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\Ad-Report-CLEAN[2].txt

Supprimé : C:\AdwCleaner[s1].txt

Supprimé : C:\MyHosts.txt

Supprimé : C:\PhysicalDisk0_MBR.bin

Supprimé : C:\Documents and Settings\Administrador\Desktop\AD-R.lnk

Supprimé : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\C_XX_AD-R.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\MyHosts.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\OTL.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe

Supprimé : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk

Supprimé : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk

Supprimé : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKCU\Software\Ad-Remover

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools

Clé Supprimée : HKLM\SOFTWARE\AdwCleaner

Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[s1].txt - [2117 octets] - [16/05/2012 19:51:39]

 

########## EOF - C:\DelFix[s1].txt - [2241 octets] ##########

 

Combofix:

 

ComboFix 12-05-16.02 - Administrador 05/16/aaaa 20:14:56.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3317.2503 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

.

ADS - system32: deleted 6 bytes in 3 streams.

ADS - drivers: deleted 412 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Desktop_.ini

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Package\Desktop_.ini

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Skins\Desktop_.ini

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Source\Desktop_.ini

c:\arquivos de programas\sXe Injected

c:\arquivos de programas\sXe Injected\sXe Injected.txt

c:\documents and settings\Administrador\Meus documentos\Downloads\CT2776682_BrotherSoft_Extreme.exe

c:\documents and settings\Administrador\WINDOWS

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\windows\Key_Atualizada

c:\windows\LL.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\1ae28f7d4344e476.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\600d0f05be4c5ce8.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\8249950346fb8626.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d42b8379491a399e.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\ccrpTmr6.dll

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\hwinterface.sys

c:\windows\system32\drivers\placax.sys

c:\windows\system32\drivers\tdlserv.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_IMPRESSORAX

-------\Legacy_PLACAX

-------\Legacy_hwinterface

-------\Legacy_ddsxeiservice

-------\Service_hwinterface

-------\Service_ddsxeiservice

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))

.

.

2012-05-16 23:36 . 2012-05-16 23:36 29904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys

2012-05-16 23:34 . 2012-05-16 23:34 56200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\offreg.dll

2012-05-16 22:57 . 2012-05-16 22:57 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2012-05-16 22:49 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2012-05-16 22:49 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll

2012-05-16 22:49 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm

2012-05-16 22:49 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm

2012-05-16 22:48 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll

2012-05-16 22:48 . 2012-05-16 22:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2012-05-15 22:11 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\mpengine.dll

2012-05-14 22:15 . 2012-05-15 14:27 21768 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS

2012-05-13 23:34 . 2012-05-13 23:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\cerasus.media

2012-05-13 19:46 . 2012-05-13 19:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Funlinker

2012-05-09 01:15 . 2012-05-09 01:15 -------- d-----w- c:\arquivos de programas\Microsoft XNA

2012-05-06 01:19 . 2012-05-06 01:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MumboJumbo

2012-05-02 22:03 . 2012-05-03 22:14 -------- d-----w- C:\BrickForce

2012-04-29 00:06 . 2012-04-29 00:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GarenaPlus

2012-04-29 00:05 . 2012-05-12 03:43 -------- d-----w- c:\arquivos de programas\Garena Plus

2012-04-29 00:05 . 2012-04-29 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GarenaMessenger

2012-04-28 01:20 . 2011-12-15 15:33 93088 ----a-w- c:\windows\system32\v9loader.dll

2012-04-28 01:20 . 2011-12-15 15:33 567200 ----a-w- c:\windows\system32\v9-toolbar.dll

2012-04-28 01:18 . 2012-04-28 01:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Youtube Downloader HD

2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GRETECH

2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search

2012-04-27 23:24 . 2012-04-27 23:25 -------- d-----w- c:\arquivos de programas\AVG Secure Search

2012-04-27 23:22 . 2012-04-27 23:22 -------- d-----w- c:\arquivos de programas\GRETECH

2012-04-27 21:40 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-04-27 21:40 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-04-27 21:40 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-04-27 21:40 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-04-25 22:20 . 2012-04-25 22:20 -------- d-----w- c:\windows\A6W_DATA

2012-04-25 14:46 . 2012-04-25 20:50 -------- d-----w- c:\arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free

2012-04-25 14:30 . 2012-01-16 01:42 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-24 22:18 . 2012-05-12 03:43 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Dxtory Software

2012-04-24 22:18 . 2012-04-24 22:18 -------- d-----w- c:\arquivos de programas\Dxtory Software

2012-04-24 21:56 . 2012-04-26 18:47 -------- d-----w- C:\Fraps

2012-04-22 19:00 . 2012-04-22 19:01 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TitanicMystery

2012-04-21 16:52 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2012-04-21 14:59 . 2012-04-21 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PopCapY

2012-04-20 18:28 . 2012-04-24 15:31 -------- d-----w- c:\arquivos de programas\Steam

2012-04-19 19:41 . 2012-04-22 18:29 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\EMDM

2012-04-18 21:35 . 2012-04-18 21:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GO Games

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-15 20:55 . 2011-10-19 20:21 388608 ----a-w- C:\HiJackThis.exe

2012-04-13 03:36 . 2011-08-14 16:43 6734704 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-11 13:53 . 2004-08-04 00:40 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:53 . 2010-05-15 02:32 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:53 . 2010-05-15 02:34 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-03-01 14:06 . 2011-09-17 18:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 10:59 . 2010-05-15 02:34 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59 . 2010-05-15 02:30 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59 . 2010-05-15 02:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:09 . 2010-05-15 02:35 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2010-05-15 02:30 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-05-15 02:29 385024 ------w- c:\windows\system32\html.iec

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-04-27 23:24 2067328 ----a-w- c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-27 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\BitTorrent.exe" [2012-02-25 6061424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\arquivos de programas\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\arquivos de programas\AVG Secure Search\vprot.exe" [2012-04-27 1116544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2011-12-20 732072]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-07-04 13:11 1398048 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-01-11 17:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2011-12-20 17:32 732072 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Flow.url]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Flow.url

backup=c:\windows\pss\Flow.urlStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^[b2] Gmail Notifier.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\[b2] Gmail Notifier.lnk

backup=c:\windows\pss\[b2] Gmail Notifier.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Update Scheduler for Proteus Professional 7.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Update Scheduler for Proteus Professional 7.lnk

backup=c:\windows\pss\Update Scheduler for Proteus Professional 7.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]

0 [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 15:55 937920 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-08-17 23:00 499608 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 10:08 1523360 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 07:57 406992 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 01:25 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 16:54 91520 ----a-w- c:\arquivos de programas\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2012-02-25 16:49 6061424 ----a-w- c:\arquivos de programas\BitTorrent\BitTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 17:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 17:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-10-14 10:48 136176 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-28 15:27 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 18:24 54840 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-28 15:27 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 03:36 421736 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]

2009-02-04 21:59 318464 ----a-w- c:\windows\inf\unregmp2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-28 15:27 142360 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-09-30 14:19 252296 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-04-29 14:56 3905920 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\windows\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\xampp\\MercuryMail\\mercury.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=

"c:\\WINDOWS\\system32\\mshearts.exe"=

"c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS5.5\\Dreamweaver.exe"=

"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\xampp\\apache\\bin\\httpd.exe"=

"c:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\SuperMNC\\Binaries\\Win32\\SuperMNCGameClient.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\SHOUTcast\\sc_serv.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"32459:TCP"= 32459:TCP:32459

"32459:UDP"= 32459:UDP:32459

"9101:TCP"= 9101:TCP:TS3

"9101:UDP"= 9101:UDP:TS3

"30033:TCP"= 30033:TCP:TS3

"30033:UDP"= 30033:UDP:TS3

"10011:TCP"= 10011:TCP:TS3

"10011:UDP"= 10011:UDP:TS3

"9987:TCP"= 9987:TCP:TS3

"9987:UDP"= 9987:UDP:TS3

"7777:TCP"= 7777:TCP:SAMP

"7777:UDP"= 7777:UDP:SAMP

"25565:TCP"= 25565:TCP:25565

"25565:UDP"= 25565:UDP:25565

"25566:TCP"= 25566:TCP:25566

"25566:UDP"= 25566:UDP:25566

"2100:TCP"= 2100:TCP:FTP

"2101:TCP"= 2101:TCP:FTP_DADOS

"57576:TCP"= 57576:TCP:Pando Media Booster

"57576:UDP"= 57576:UDP:Pando Media Booster

"27015:TCP"= 27015:TCP:cs1

"27015:UDP"= 27015:UDP:cs2

"58839:TCP"= 58839:TCP:Pando Media Booster

"58839:UDP"= 58839:UDP:Pando Media Booster

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/aaaa 0:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/aaaa 5:30 32592]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [6/7/aaaa 6:14 42584]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/aaaa 5:23 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/aaaa 0:14 295248]

R1 MpKsl618a2434;MpKsl618a2434;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys [5/16/aaaa 20:36 29904]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [7/22/aaaa 13:27 12880]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [7/12/aaaa 18:55 67664]

R2 !SASCORE;SAS Core Service;c:\arquivos de programas\SUPERAntiSpyware\SASCore.exe [8/11/aaaa 20:38 116608]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/10/aaaa 6:43 18432]

R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2012\avgwdsvc.exe [8/2/aaaa 5:09 192776]

R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\dlportio.sys [11/18/aaaa 22:53 3584]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [7/9/aaaa 13:48 194904]

R2 TeamViewer7;TeamViewer 7;c:\arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe [3/19/aaaa 8:38 2666880]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4/27/aaaa 20:24 932736]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7/1/aaaa 13:21 21920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/aaaa 13:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\arquivos de programas\Hi-Rez Studios\HiPatchService.exe [3/28/aaaa 18:07 8704]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2/22/aaaa 19:48 8192]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [2/29/aaaa 8:50 158856]

S3 AGV250;AGV250;c:\windows\system32\drivers\AGV250.sys [6/8/aaaa 8:24 85678]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/aaaa 10:47 1684736]

S3 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe [10/12/aaaa 5:25 4433248]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/aaaa 0:14 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/aaaa 0:14 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/aaaa 5:21 16720]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/16/aaaa 2:03 23456]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena Plus\Room\safedrv.sys --> c:\arquivos de programas\Garena Plus\Room\safedrv.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]

S3 GV250;GV250;c:\windows\system32\drivers\GV250.sys [6/8/aaaa 8:24 52895]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [6/12/aaaa 10:15 31125880]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/aaaa 20:37 4640000]

S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [3/20/aaaa 23:13 1579144]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/aaaa 13:16 753504]

S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]

S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]

S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL618A2434

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-05-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 18:39]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: caixa.gov.br

Trusted Zone: caixa.gov.br\internetbanking

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\www

TCP: Interfaces\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150

TCP: Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{29ACF17C-1713-4286-8F40-BFD05F1E70C8} - (no file)

AddRemove-Combat Arms - c:\level up! games\Combat Arms\NGM.exe

AddRemove-PokerStars - c:\arquivos de programas\PokerStars\PokerStarsUninstall.exe

AddRemove-Kos (usa) - c:\kos\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-16 20:36

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\

.

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\

.

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaabmiflmohdnpnkmo"=hex:6a,61,65,69,6e,68,63,6b,6c,70,6c,70,67,61,6a,69,6f,6d,

62,6e,00,0e

"hagbjnkeaehpobhd"=hex:6a,61,64,69,63,68,62,6c,70,6a,63,6c,6a,63,62,68,6c,67,

6e,6a,00,63

"iaeolnlidhimegkfbb"=hex:63,61,6f,68,69,67,00,7c

"dbfiokpblniinadbeapihdjflcnncagkkjoioicn"=hex:68,61,6c,70,68,66,69,63,6a,65,

66,62,64,69,61,6e,00,00

"jbfiokpblniinadbeapigefkbckplinfipnjkoaipbmccmmabkhc"=hex:68,61,6c,70,68,66,

69,63,6a,65,66,62,64,69,61,6e,00,00

"dbfiokpblniinadbeapimeigbnhjlaiifappkdlj"=hex:62,63,67,6c,6d,68,67,6d,65,69,

64,68,6a,70,66,62,70,67,6b,61,63,66,6f,6e,70,6d,64,62,67,6a,67,61,64,64,65,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1084)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(4724)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL

.

- - - - - - - > 'explorer.exe'(4536)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\windows\system32\wpdshext.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquiv~1\AVG\AVG2012\avgrsx.exe

c:\arquivos de programas\AVG\AVG2012\avgcsrvx.exe

c:\arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\arquivos de programas\AVG\AVG2012\avgnsx.exe

c:\xampp\mysql\bin\mysqld.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\TeamViewer\Version7\TeamViewer.exe

c:\arquivos de programas\TeamViewer\Version7\tv_w32.exe

c:\windows\system32\RunDll32.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-05-16 20:42:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-05-16 23:42

.

Pré-execução: 26 pasta(s) 304.079.773.696 bytes disponíveis

Pós execução: 31 pasta(s) 304.214.261.760 bytes disponíveis

.

- - End Of File - - D1419C7C25F4FBAB0654945B361ABE79

[DigRam 144]

Bom Dia! Luca Albuquerque

 

|- Baixe: | Aqui | ou | Aqui | ( MBRCheck )

 

|- Salve-o no desktop!

|- Ps: Para windows Vista ou 7,clique direito em MBRCheck.exe e escolha executá-lo como administrador.

 

 

|- Surgirá,à seguir,o prompt de comando solicitando ação específica ao que foi detectado.

|- Neste exemplo,estando sem problemas a MBR,a recomendação solicitada,é apertar a tecla "Enter". ( Windows Xp MBR code detected )

|- Surgindo indicações: "Found non-standard" ou "infected MBR." ou "Mbr Code Faked",é porque temos a MBR comprometida.

|- Exemplo de relatório indicando infecção pelo "TDL4",que pode estabelecer e ocultar pequenos setores,nas unidades físicas.

|- Ps: Devemos esclarecer,que não são todas as variantes do "TDL4",que criará esse setor oculto.

|- Para esses casos,em que temos infecção na MBR,aperte a tecla "N" para sair.

|- Poste seu relatório,que estará no desktop. ( MBRCheck,version 1.2.3 © 2010,AD )

 

-/-/-/-

 

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!

 

RESTORE::

c:\windows\system32\drivers\tcpip.sys

 

File::

c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe

 

Reglock::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

 

SecCenter::

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

 

RegNull::

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]

 

Folder::

c:\arquivos de programas\Microsoft Security Client\Antimalware

c:\arquivos de programas\Microsoft Security Client

 

|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!

 

 

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Concluindo,poste: C:\ComboFix.txt

 

Abraços!

[Luca Albuquerque 1]

Logs do Combofix:

 

ComboFix 12-05-16.02 - Administrador 05/16/aaaa 20:14:56.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3317.2503 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

.

ADS - system32: deleted 6 bytes in 3 streams.

ADS - drivers: deleted 412 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Desktop_.ini

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Package\Desktop_.ini

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Skins\Desktop_.ini

c:\arquivos de programas\Borland\Delphi7\VCL Skin\Source\Desktop_.ini

c:\arquivos de programas\sXe Injected

c:\arquivos de programas\sXe Injected\sXe Injected.txt

c:\documents and settings\Administrador\Meus documentos\Downloads\CT2776682_BrotherSoft_Extreme.exe

c:\documents and settings\Administrador\WINDOWS

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\windows\Key_Atualizada

c:\windows\LL.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\1ae28f7d4344e476.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\600d0f05be4c5ce8.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\8249950346fb8626.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d42b8379491a399e.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\ccrpTmr6.dll

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\hwinterface.sys

c:\windows\system32\drivers\placax.sys

c:\windows\system32\drivers\tdlserv.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_IMPRESSORAX

-------\Legacy_PLACAX

-------\Legacy_hwinterface

-------\Legacy_ddsxeiservice

-------\Service_hwinterface

-------\Service_ddsxeiservice

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))

.

.

2012-05-16 23:36 . 2012-05-16 23:36 29904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys

2012-05-16 23:34 . 2012-05-16 23:34 56200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\offreg.dll

2012-05-16 22:57 . 2012-05-16 22:57 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2012-05-16 22:49 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2012-05-16 22:49 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll

2012-05-16 22:49 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm

2012-05-16 22:49 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm

2012-05-16 22:48 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll

2012-05-16 22:48 . 2012-05-16 22:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2012-05-15 22:11 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\mpengine.dll

2012-05-14 22:15 . 2012-05-15 14:27 21768 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS

2012-05-13 23:34 . 2012-05-13 23:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\cerasus.media

2012-05-13 19:46 . 2012-05-13 19:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Funlinker

2012-05-09 01:15 . 2012-05-09 01:15 -------- d-----w- c:\arquivos de programas\Microsoft XNA

2012-05-06 01:19 . 2012-05-06 01:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MumboJumbo

2012-05-02 22:03 . 2012-05-03 22:14 -------- d-----w- C:\BrickForce

2012-04-29 00:06 . 2012-04-29 00:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GarenaPlus

2012-04-29 00:05 . 2012-05-12 03:43 -------- d-----w- c:\arquivos de programas\Garena Plus

2012-04-29 00:05 . 2012-04-29 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GarenaMessenger

2012-04-28 01:20 . 2011-12-15 15:33 93088 ----a-w- c:\windows\system32\v9loader.dll

2012-04-28 01:20 . 2011-12-15 15:33 567200 ----a-w- c:\windows\system32\v9-toolbar.dll

2012-04-28 01:18 . 2012-04-28 01:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Youtube Downloader HD

2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GRETECH

2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search

2012-04-27 23:24 . 2012-04-27 23:25 -------- d-----w- c:\arquivos de programas\AVG Secure Search

2012-04-27 23:22 . 2012-04-27 23:22 -------- d-----w- c:\arquivos de programas\GRETECH

2012-04-27 21:40 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-04-27 21:40 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-04-27 21:40 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-04-27 21:40 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-04-25 22:20 . 2012-04-25 22:20 -------- d-----w- c:\windows\A6W_DATA

2012-04-25 14:46 . 2012-04-25 20:50 -------- d-----w- c:\arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free

2012-04-25 14:30 . 2012-01-16 01:42 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-04-24 22:18 . 2012-05-12 03:43 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Dxtory Software

2012-04-24 22:18 . 2012-04-24 22:18 -------- d-----w- c:\arquivos de programas\Dxtory Software

2012-04-24 21:56 . 2012-04-26 18:47 -------- d-----w- C:\Fraps

2012-04-22 19:00 . 2012-04-22 19:01 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TitanicMystery

2012-04-21 16:52 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2012-04-21 14:59 . 2012-04-21 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PopCapY

2012-04-20 18:28 . 2012-04-24 15:31 -------- d-----w- c:\arquivos de programas\Steam

2012-04-19 19:41 . 2012-04-22 18:29 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\EMDM

2012-04-18 21:35 . 2012-04-18 21:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GO Games

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-15 20:55 . 2011-10-19 20:21 388608 ----a-w- C:\HiJackThis.exe

2012-04-13 03:36 . 2011-08-14 16:43 6734704 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-11 13:53 . 2004-08-04 00:40 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:53 . 2010-05-15 02:32 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:53 . 2010-05-15 02:34 1862400 ----a-w- c:\windows\system32\win32k.sys

2012-03-01 14:06 . 2011-09-17 18:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 10:59 . 2010-05-15 02:34 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 10:59 . 2010-05-15 02:30 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 10:59 . 2010-05-15 02:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:09 . 2010-05-15 02:35 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:09 . 2010-05-15 02:30 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2010-05-15 02:29 385024 ------w- c:\windows\system32\html.iec

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-04-27 23:24 2067328 ----a-w- c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-27 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\BitTorrent.exe" [2012-02-25 6061424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\arquivos de programas\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\arquivos de programas\AVG Secure Search\vprot.exe" [2012-04-27 1116544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2011-12-20 732072]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-07-04 13:11 1398048 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-01-11 17:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2011-12-20 17:32 732072 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Flow.url]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Flow.url

backup=c:\windows\pss\Flow.urlStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^[b2] Gmail Notifier.lnk]

path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\[b2] Gmail Notifier.lnk

backup=c:\windows\pss\[b2] Gmail Notifier.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Update Scheduler for Proteus Professional 7.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Update Scheduler for Proteus Professional 7.lnk

backup=c:\windows\pss\Update Scheduler for Proteus Professional 7.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]

0 [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 15:55 937920 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-08-17 23:00 499608 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]

2011-01-12 10:08 1523360 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 07:57 406992 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 01:25 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 16:54 91520 ----a-w- c:\arquivos de programas\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2012-02-25 16:49 6061424 ----a-w- c:\arquivos de programas\BitTorrent\BitTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-13 17:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 17:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-10-14 10:48 136176 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-28 15:27 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 18:24 54840 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-01-28 15:27 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 03:36 421736 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]

2009-02-04 21:59 318464 ----a-w- c:\windows\inf\unregmp2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-01-28 15:27 142360 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-09-30 14:19 252296 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-04-29 14:56 3905920 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\windows\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\xampp\\MercuryMail\\mercury.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=

"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=

"c:\\WINDOWS\\system32\\mshearts.exe"=

"c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS5.5\\Dreamweaver.exe"=

"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\xampp\\apache\\bin\\httpd.exe"=

"c:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=

"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\common\\SuperMNC\\Binaries\\Win32\\SuperMNCGameClient.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Arquivos de programas\\SHOUTcast\\sc_serv.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"32459:TCP"= 32459:TCP:32459

"32459:UDP"= 32459:UDP:32459

"9101:TCP"= 9101:TCP:TS3

"9101:UDP"= 9101:UDP:TS3

"30033:TCP"= 30033:TCP:TS3

"30033:UDP"= 30033:UDP:TS3

"10011:TCP"= 10011:TCP:TS3

"10011:UDP"= 10011:UDP:TS3

"9987:TCP"= 9987:TCP:TS3

"9987:UDP"= 9987:UDP:TS3

"7777:TCP"= 7777:TCP:SAMP

"7777:UDP"= 7777:UDP:SAMP

"25565:TCP"= 25565:TCP:25565

"25565:UDP"= 25565:UDP:25565

"25566:TCP"= 25566:TCP:25566

"25566:UDP"= 25566:UDP:25566

"2100:TCP"= 2100:TCP:FTP

"2101:TCP"= 2101:TCP:FTP_DADOS

"57576:TCP"= 57576:TCP:Pando Media Booster

"57576:UDP"= 57576:UDP:Pando Media Booster

"27015:TCP"= 27015:TCP:cs1

"27015:UDP"= 27015:UDP:cs2

"58839:TCP"= 58839:TCP:Pando Media Booster

"58839:UDP"= 58839:UDP:Pando Media Booster

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/aaaa 0:14 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/aaaa 5:30 32592]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [6/7/aaaa 6:14 42584]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/aaaa 5:23 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/aaaa 0:14 295248]

R1 MpKsl618a2434;MpKsl618a2434;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys [5/16/aaaa 20:36 29904]

R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [7/22/aaaa 13:27 12880]

R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [7/12/aaaa 18:55 67664]

R2 !SASCORE;SAS Core Service;c:\arquivos de programas\SUPERAntiSpyware\SASCore.exe [8/11/aaaa 20:38 116608]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/10/aaaa 6:43 18432]

R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2012\avgwdsvc.exe [8/2/aaaa 5:09 192776]

R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\dlportio.sys [11/18/aaaa 22:53 3584]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [7/9/aaaa 13:48 194904]

R2 TeamViewer7;TeamViewer 7;c:\arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe [3/19/aaaa 8:38 2666880]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4/27/aaaa 20:24 932736]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7/1/aaaa 13:21 21920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/aaaa 13:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\arquivos de programas\Hi-Rez Studios\HiPatchService.exe [3/28/aaaa 18:07 8704]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2/22/aaaa 19:48 8192]

S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [2/29/aaaa 8:50 158856]

S3 AGV250;AGV250;c:\windows\system32\drivers\AGV250.sys [6/8/aaaa 8:24 85678]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/aaaa 10:47 1684736]

S3 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe [10/12/aaaa 5:25 4433248]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/aaaa 0:14 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/aaaa 0:14 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/aaaa 5:21 16720]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/16/aaaa 2:03 23456]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]

S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena Plus\Room\safedrv.sys --> c:\arquivos de programas\Garena Plus\Room\safedrv.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]

S3 GV250;GV250;c:\windows\system32\drivers\GV250.sys [6/8/aaaa 8:24 52895]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [6/12/aaaa 10:15 31125880]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/aaaa 20:37 4640000]

S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [3/20/aaaa 23:13 1579144]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/aaaa 13:16 753504]

S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]

S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]

S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - MPKSL618A2434

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-05-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 18:39]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: caixa.gov.br

Trusted Zone: caixa.gov.br\internetbanking

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\www

TCP: Interfaces\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150

TCP: Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{29ACF17C-1713-4286-8F40-BFD05F1E70C8} - (no file)

AddRemove-Combat Arms - c:\level up! games\Combat Arms\NGM.exe

AddRemove-PokerStars - c:\arquivos de programas\PokerStars\PokerStarsUninstall.exe

AddRemove-Kos (usa) - c:\kos\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-16 20:36

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\

.

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\

.

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaabmiflmohdnpnkmo"=hex:6a,61,65,69,6e,68,63,6b,6c,70,6c,70,67,61,6a,69,6f,6d,

62,6e,00,0e

"hagbjnkeaehpobhd"=hex:6a,61,64,69,63,68,62,6c,70,6a,63,6c,6a,63,62,68,6c,67,

6e,6a,00,63

"iaeolnlidhimegkfbb"=hex:63,61,6f,68,69,67,00,7c

"dbfiokpblniinadbeapihdjflcnncagkkjoioicn"=hex:68,61,6c,70,68,66,69,63,6a,65,

66,62,64,69,61,6e,00,00

"jbfiokpblniinadbeapigefkbckplinfipnjkoaipbmccmmabkhc"=hex:68,61,6c,70,68,66,

69,63,6a,65,66,62,64,69,61,6e,00,00

"dbfiokpblniinadbeapimeigbnhjlaiifappkdlj"=hex:62,63,67,6c,6d,68,67,6d,65,69,

64,68,6a,70,66,62,70,67,6b,61,63,66,6f,6e,70,6d,64,62,67,6a,67,61,64,64,65,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1084)

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(4724)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL

.

- - - - - - - > 'explorer.exe'(4536)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll

c:\arquivos de programas\GBPLUGIN\gbieh.dll

c:\arquivos de programas\GBPLUGIN\gbiehCef.dll

c:\arquiv~1\GbPlugin\gbiehUni.dll

c:\windows\system32\wpdshext.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquiv~1\AVG\AVG2012\avgrsx.exe

c:\arquivos de programas\AVG\AVG2012\avgcsrvx.exe

c:\arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

c:\arquivos de programas\AVG\AVG2012\avgnsx.exe

c:\xampp\mysql\bin\mysqld.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\TeamViewer\Version7\TeamViewer.exe

c:\arquivos de programas\TeamViewer\Version7\tv_w32.exe

c:\windows\system32\RunDll32.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-05-16 20:42:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-05-16 23:42

.

Pré-execução: 26 pasta(s) 304.079.773.696 bytes disponíveis

Pós execução: 31 pasta(s) 304.214.261.760 bytes disponíveis

.

- - End Of File - - D1419C7C25F4FBAB0654945B361ABE79

 

Logs do MRBCheck:

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000d

 

Kernel Drivers (total 140):

0x804D7000 \windows\system32\ntkrnlpa.exe

0x806E6000 \windows\system32\hal.dll

0xBA5A8000 \windows\system32\KDCOM.DLL

0xBA4B8000 \windows\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \windows\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xBA670000 pciide.sys

0xBA328000 \windows\system32\DRIVERS\PCIIDEX.SYS

0xBA0B8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA5AC000 dmload.sys

0xB9F23000 dmio.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9F0B000 atapi.sys

0xBA0D8000 disk.sys

0xBA0E8000 \windows\system32\DRIVERS\CLASSPNP.SYS

0xB9EEB000 fltmgr.sys

0xB9ED9000 sr.sys

0xBA0F8000 PxHelp20.sys

0xB9EC2000 KSecDD.sys

0xB9EAF000 WudfPf.sys

0xB9E22000 Ntfs.sys

0xBA108000 gbpkm.sys

0xB9DF5000 NDIS.sys

0xB9DDB000 Mup.sys

0xBA338000 avgrkx86.sys

0xBA4BC000 AVGIDSEH.Sys

0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB92D3000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xB92BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB9297000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB9274000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys

0xBA3E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB9250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xBA3F0000 \SystemRoot\system32\DRIVERS\fdc.sys

0xBA278000 \SystemRoot\system32\DRIVERS\serial.sys

0xB9D9F000 \SystemRoot\system32\DRIVERS\serenum.sys

0xBA3F8000 \SystemRoot\system32\DRIVERS\irsir.sys

0xB9D9B000 \SystemRoot\system32\DRIVERS\irenum.sys

0xB923C000 \SystemRoot\system32\DRIVERS\parport.sys

0xBA288000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB9219000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA408000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xB9D8F000 \SystemRoot\system32\drivers\ScreamingBAudio.sys

0xB91F5000 \SystemRoot\system32\drivers\portcls.sys

0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys

0xBA7C6000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA410000 \SystemRoot\system32\DRIVERS\rasirda.sys

0xBA418000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xBA2D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB9D87000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB91DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xBA2F8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB91CD000 \SystemRoot\system32\DRIVERS\psched.sys

0xBA308000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA420000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA428000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB919D000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xBA318000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA5C8000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB913F000 \SystemRoot\system32\DRIVERS\update.sys

0xB9D6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB94FA000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xA8779000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xB94DA000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5D6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA438000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xB94BA000 \SystemRoot\system32\DRIVERS\avgmfx86.sys

0xA8702000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xBA468000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA612000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA6E1000 \SystemRoot\System32\Drivers\Null.SYS

0xBA614000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA480000 \SystemRoot\System32\drivers\vga.sys

0xBA616000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA618000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB9D6B000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA86CF000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA8676000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA862F000 \SystemRoot\system32\DRIVERS\avgtdix.sys

0xA8609000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xA85E1000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB9D63000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xA85BF000 \SystemRoot\System32\drivers\afd.sys

0xB949A000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA859D000 \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS

0xBA498000 \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS

0xA8572000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA84DA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB948A000 \SystemRoot\System32\Drivers\Fips.SYS

0xB947A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xA8761000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA148000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xA8759000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xA8403000 \SystemRoot\system32\DRIVERS\avgldx86.sys

0xBA1F8000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA834B000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xBA63E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA83B7000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA3D8000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA777000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF059000 \SystemRoot\System32\igxpdv32.DLL

0xBF2E9000 \SystemRoot\System32\igxpdx32.DLL

0xBF692000 \SystemRoot\System32\ATMFD.DLL

0xA7FED000 \SystemRoot\system32\DRIVERS\irda.sys

0xA7DF8000 \SystemRoot\system32\drivers\wdmaud.sys

0xA8083000 \SystemRoot\system32\drivers\sysaudio.sys

0xA7B73000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA5D4000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xA7B57000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

0xBA380000 \SystemRoot\System32\Drivers\DLPortIO.SYS

0xA78F7000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xA784F000 \SystemRoot\system32\DRIVERS\srv.sys

0xBA450000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys

0xA737F000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys

0xA6BE6000 \SystemRoot\System32\Drivers\HTTP.sys

0xA7B3B000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xA771F000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xBA470000 \SystemRoot\system32\DRIVERS\HPZius12.sys

0xA846A000 \SystemRoot\system32\DRIVERS\HPZid412.sys

0xA7DB5000 \SystemRoot\system32\DRIVERS\HPZipr12.sys

0xA6853000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

 

Processes (total 56):

0 System Idle Process

4 System

788 C:\WINDOWS\system32\smss.exe

820 C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe

852 C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe

1052 C:\WINDOWS\system32\csrss.exe

1080 C:\WINDOWS\system32\winlogon.exe

1128 C:\WINDOWS\system32\services.exe

1140 C:\WINDOWS\system32\lsass.exe

1332 C:\ARQUIV~1\GbPlugin\gbpsv.exe

1440 C:\WINDOWS\system32\svchost.exe

1536 C:\WINDOWS\system32\svchost.exe

1660 C:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe

1696 C:\WINDOWS\system32\svchost.exe

1736 C:\WINDOWS\system32\svchost.exe

1892 C:\WINDOWS\system32\svchost.exe

2012 C:\WINDOWS\system32\svchost.exe

324 C:\WINDOWS\system32\svchost.exe

592 C:\WINDOWS\system32\spoolsv.exe

652 C:\WINDOWS\explorer.exe

288 C:\WINDOWS\system32\svchost.exe

740 C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe

1208 C:\xampp\apache\bin\httpd.exe

1388 C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2108 C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe

2156 C:\Arquivos de programas\Bonjour\mDNSResponder.exe

2248 C:\WINDOWS\system32\svchost.exe

3184 C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

3604 C:\WINDOWS\system32\svchost.exe

3760 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

4016 C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe

1620 C:\xampp\mysql\bin\mysqld.exe

2244 C:\WINDOWS\system32\svchost.exe

2240 C:\Arquivos de programas\AVG\AVG2012\avgtray.exe

2264 C:\WINDOWS\system32\svchost.exe

2424 C:\WINDOWS\system32\PnkBstrA.exe

2520 C:\Arquivos de programas\AVG Secure Search\vprot.exe

2696 C:\WINDOWS\system32\svchost.exe

2936 C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe

3136 C:\WINDOWS\system32\ctfmon.exe

3444 C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

3856 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

4076 C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe

2900 C:\xampp\apache\bin\httpd.exe

5160 C:\WINDOWS\system32\alg.exe

6140 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

1588 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

1492 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

4408 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

5496 C:\WINDOWS\system32\wuauclt.exe

3996 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

1680 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

2020 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

4512 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

4872 C:\Arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe

4908 C:\Documents and Settings\Administrador\Desktop\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

 

PhysicalDrive0 Model Number: SAMSUNGHD502HI, Rev: 1AG01118

 

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F

 

 

Done!

[DigRam 144]

Bom Dia! Luca Albuquerque

 

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F

|- A boa notícia,segundo o relatório de MBRCheck,é que você não tem a MBR infectada.

|- A má notícia é que você postou o log errado do ComboFix. O correto seria o log gerado após o arraste. ( CFScript.txt )

|- Ps: Veja se o localiza!

 

Abraços!

[Luca Albuquerque 1]

Posso refa-zer o processo?

 

Bom, notei que ele não gerou nenhum log, pois eu pego esse arquivo que você me mandou para o ComboFix.exe como dito acima, arrasto ele até o combofix e dai ele abre aquela janela de extraindo os arquivos, dai ele fala q o antivirus da Microsolft está ligado, sendo que esse antivirus da MCROSOLFT está corrompido, não consigo re-instalalo ou desinstalar ja tentei de tudo e mesmo assim não da, o combofix não acontece nada quando arrasto o arquivo de texto pra ele.

[DigRam 144]

Posso refa-zer o processo?

 

Bom, notei que ele não gerou nenhum log, pois eu pego esse arquivo que você me mandou para o ComboFix.exe como dito acima, arrasto ele até o combofix e dai ele abre aquela janela de extraindo os arquivos, dai ele fala q o antivirus da Microsolft está ligado, sendo que esse antivirus da MCROSOLFT está corrompido, não consigo re-instalalo ou desinstalar ja tentei de tudo e mesmo assim não da, o combofix não acontece nada quando arrasto o arquivo de texto pra ele.

Boa Noite! Luca Albuquerque

 

|- Baixe: < Revo Uninstaller >

|- Salve-o no desktop.

|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.

|- No seu caso,o Microsoft Security Essentials.

|- Selecione-o e clique em Desinstalar.

|- Para maiores detalhes,leia o < Tutorial >

 

-/-/-

 

|- À seguir,copie o script que editei para o Bloco de Notas e faça,novamente,o arraste.

 

Abraços!

[Luca Albuquerque 1]

Não ta aparecendo na lista o Microsoft Security Essentials. Alem disso, quando faço o procedimento ele n da nada, após essa mensagem que tem algum antivirus ligado, ele n aparece mais nada. nem log ele gera.

[DigRam 144]

Não ta aparecendo na lista o Microsoft Security Essentials. Alem disso, quando faço o procedimento ele n da nada, após essa mensagem que tem algum antivirus ligado, ele n aparece mais nada. nem log ele gera.

Olá!

 

|- Execute o arraste em Modo de Segurança...

 

Abraços!

[Luca Albuquerque 1]

Okay. Como faço isso? não que eu seja leigo, mas não me lembro.

[DigRam 144]

Boa Noite! Luca Albuquerque

 

|- Acesse: < Como Iniciar em Modo de Segurança >

 

Abraços!

[Luca Albuquerque 1]

não adianto, nao deu certo nem mesmo em modo seguro. e agora? passa pro proximo passo? fazemos de outros formas?

[DigRam 144]

não adianto, nao deu certo nem mesmo em modo seguro. e agora? passa pro proximo passo? fazemos de outros formas?

Olá!

 

|- Antes disso desinstale o ComboFix e faça o arraste,utilizando nova versão da ferramenta.

 

KillAll::

RESTORE::

c:\windows\system32\drivers\tcpip.sys

 

File::

c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe

 

Reglock::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

 

SecCenter::

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

 

RegNull::

[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]

 

Folder::

c:\arquivos de programas\Microsoft Security Client\Antimalware

c:\arquivos de programas\Microsoft Security Client

|- Eis as novas informações ao Bloco de Notas,para o arraste!

 

Abraços!

[Luca Albuquerque 1]

Não funcionou, tentei dar combofix /u e não deu, fis tudo certo, fis isso tb no modo seguro e não funcionou. quando arrasto o .text pro combofix ou do combofix /u, ele da uma janela de extraindo arquivos....

[DigRam 144]

Não funcionou, tentei dar combofix /u e não deu, fis tudo certo, fis isso tb no modo seguro e não funcionou. quando arrasto o .text pro combofix ou do combofix /u, ele da uma janela de extraindo arquivos....

Olá!

 

|- Tente a desinstalação do ComboFix,por um destes métodos!

 

-/-/-/-

 

|- Desabilite seu antivírus!

|- Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

|- < >

 

|- Clique em Executar --> Aguarde!

|- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

|- Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

|- Ou,vá em Iniciar --> Executar --> Digite ou cole ( Paste ):

 

|-

 

"%userprofile%\desktop\combofix" /uninstall

 

|- Clique OK.

|- Aguarde a desinstalação,e clique OK na mensagem.

|- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo.

|- Não obtendo êxito,procure deletar sua pasta e relatório.

 

Abraços!

[Luca Albuquerque 1]

Funcionou! Coloquei uninstall.exe no lugar do Combofix.exe e funcionou, so assim que desinstalou.

 

Mas o negosso de arrastar o arquivo CFScript.txt pro Combofix.exe, aquele que eu baixei, não da certo, ele abre aquela janela quando você vai instalar. não da log nem nada, nem se quer abre aquela janelinha azul.

[DigRam 144]

Funcionou! Coloquei uninstall.exe no lugar do Combofix.exe e funcionou, so assim que desinstalou.

 

Mas o negosso de arrastar o arquivo CFScript.txt pro Combofix.exe, aquele que eu baixei, não da certo, ele abre aquela janela quando você vai instalar. não da log nem nada, nem se quer abre aquela janelinha azul.

Boa Noite! Luca Albuquerque

 

|- Fêz o arraste em Modo de Segurança?

 

-/-/-

 

|- Baixe: < >

 

|- < Link - 2 >

 

|- < Link - 3 >

 

|- Atualize o programa!

|- Escolha o escaneamento Completo!

|- Desabilite programas de proteção,ao executar o malwarebytes.

|- Para Windows Vista ou 7,clique direito no arquivo e execute-o como administrador.

|- Ps: Para determinadas infecções,a ferramenta pedirá reboot. <- Confirme!

|- Ao concluir,clique em "Remover itens".

|- Poste,o relatório: mbam-log-2012-xx-xx (00-00-00).txt

 

Abraços!

[Luca Albuquerque 1]

Sim Man SIM! Ja tentei em modo de seugurança, ja ja posto os logs do Malwerebytes.

[Luca Albuquerque 1]

Logs pedidos:

 

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.05.18.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrador :: PRIVE-BEF3B6042 [administrador]

 

Proteção: Não permitir

 

5/18/aaaa 20:28:30

mbam-log-2012-05-18 (23-07-32).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 463201

Tempo decorrido: 2 hora(s), 38 minuto(s), 10 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 12

C:\Arquivos de programas\Borland\Delphi7\Projects\Project1.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Configurações locais\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead 2\left4dead2\addons\Name_Enabler.dll (Malware.UPX.Mod) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Hacker\Injetores\Pentagun0 Injetor.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Pentagun0 Cleaner.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Anti Lag\Pentagun0 Anti-Lag.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Gerador de cash\Pentagun0 Generator Cash.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Gerador de cash\Project1.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Pentagun0 Clear\Pentagun0 Cleaner.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Pentagun0 Clear\Project1.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Desktop\Arquivos\Projetos\Projeto Pronto Do Injetor\Pentagun0 Injetor 3.0.exe (HackTool.Inject) -> Nenhuma ação foi feita.

C:\Documents and Settings\Administrador\Meus documentos\Downloads\pcmegarapido.exe (Trojan.RepackSMS) -> Nenhuma ação foi feita.

 

(fim)

 

Os seguintes arquivos na pasta Projetos eu criei pelo Delphi.

 

O Resto eu cliquei para remover.

 

Posso desinstalar essa ferramenta?

[DigRam 144]

Bom Dia! Luca Albuquerque

 

Posso desinstalar essa ferramenta?

|- Sim!

 

-/-/-

 

|- Desinstale o Malwarebytes.

|- Dê um duplo-clique no arquivo em destaque:

 

|- C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <--

 

|- Reinicie o computador,após a conclusão!

 

-/-/-

 

|- Seus logs estão limpos!

|- Seus problemas foram solucionados?

 

Abraços!

[Luca Albuquerque 1]

Sim, obrigado!