Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
americosjr

VIRUS worm/small.2.f no PC e pendrive

Recommended Posts

Ola amigos,

O meu AVG 8 free pegou e removeu o virus worm/small.2.f no arquivo ..\configuracoeslocais\temp\microsoftpowerpoint\install.txt.

Rodei no meu pendrive e pegou o mesmo virus.

Não sei se ainda há outros tipos de virus ou se tem algo a ver, mas não consigo mais mudar a configuração do meu windows explorer para visualizar pastas e arquivos ocultos.

Em outro usuario do XP, sumiram varios arquivos do desktop e meu documentos.

Por favor, me ajudem!! Brigaduuu!!

americosjr

ai vai o log do hijackthis..

Logfile of HijackThis v1.99.1

Scan saved at 12:01:28, on 22/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Americo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1046&fid=RegXPWizCredOnly

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! americosjr

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Desabilite as proteções residente de: antivírus,antispywares e Firewall.

>@< Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar e < Enter >

>@< Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

----------------------

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Ola joram bom dia,

    Valeu...muito obrigado pela ajuda!

    Seguem o log do Combofix (tive que rodar em modo de segurança) e o do HJT.

    Abraços,

    americosjr

    ComboFix 08-05-24.1 - Americo 2008-05-25 11:37:13.2 - NTFSx86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.137 [GMT -3:00]

    Executando de: C:\Documents and Settings\Americo\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))

    .

    2008-05-23 16:30 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

    2008-05-23 16:30 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

    2008-05-23 16:30 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    2008-05-23 16:30 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

    2008-05-22 10:30 . 2008-05-22 10:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

    2008-05-21 11:12 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD

    2008-05-21 11:11 . 2008-05-21 11:12 <DIR> d-------- C:\Arquivos de programas\PC Inspector File Recovery

    2008-05-21 09:15 . 2008-05-23 01:56 <DIR> dr------- C:\Documents and Settings\Caio\Meus documentos

    2008-05-20 23:35 . 2008-05-23 01:44 <DIR> dr------- C:\Documents and Settings\Caio\Favoritos

    2008-05-15 09:26 . 2008-05-15 09:26 37 --a------ C:\WINDOWS\ipixActivex.ini

    2008-05-10 16:51 . 2008-05-18 15:50 <DIR> d--hs---- C:\heap41a

    2008-04-26 11:24 . 2008-05-22 22:18 <DIR> d--h----- C:\$AVG8.VAULT$

    2008-04-26 09:33 . 2008-05-24 12:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

    2008-04-26 09:33 . 2008-04-26 09:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

    2008-04-26 09:33 . 2008-04-26 09:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

    2008-04-26 09:33 . 2008-04-26 09:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

    2008-04-26 09:32 . 2008-04-26 09:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

    2008-04-26 09:32 . 2008-04-26 09:32 <DIR> d-------- C:\Arquivos de programas\AVG

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-25 14:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-05-21 14:11 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-05-21 14:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-05-20 11:39 --------- d-----w C:\Arquivos de programas\Norton Security Scan

    2008-05-20 11:33 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-05-19 22:58 --------- d--h--w C:\Arquivos de programas\Scpad

    2008-04-29 11:55 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\Apple Computer

    2008-04-17 11:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

    2008-04-08 14:02 --------- d-----w C:\Arquivos de programas\Programas RFB

    2008-04-02 23:26 --------- d-----w C:\Arquivos de programas\Panda Security

    2008-04-01 00:14 --------- d-----w C:\Documents and Settings\Convidado\Dados de aplicativos\HP

    2008-04-01 00:10 --------- d-----w C:\Documents and Settings\Caio\Dados de aplicativos\Image Zone Express

    2008-04-01 00:01 --------- d-----w C:\Documents and Settings\Mile\Dados de aplicativos\Image Zone Express

    2008-03-31 23:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

    2008-03-31 20:32 --------- d-----w C:\Documents and Settings\Mile\Dados de aplicativos\HP

    2008-03-31 13:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-03-31 13:49 --------- d-----w C:\Documents and Settings\Caio\Dados de aplicativos\HP

    2008-03-29 20:08 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\Image Zone Express

    2008-03-29 18:36 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\HP

    2008-03-29 18:32 --------- d-----w C:\Arquivos de programas\HP

    2008-03-29 18:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

    2008-03-29 18:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

    2008-03-29 18:25 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-03-29 18:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

    2008-03-28 19:19 --------- d-----w C:\Arquivos de programas\Java

    2008-03-26 22:01 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

    2008-03-26 21:55 --------- d-----w C:\Arquivos de programas\iTunes

    2008-03-26 21:53 --------- d-----w C:\Arquivos de programas\Bonjour

    2008-03-06 09:58 691,545 ----a-w C:\WINDOWS\unins000.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

    "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55 155648]

    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51 118784]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-10 14:27 385024]

    "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-01-15 02:22 267048]

    "AnyDVD"="C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe" [ ]

    "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

    "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    "AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-04-26 09:33 1177368]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:45 15360]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    BOOKcase 4.0.lnk - C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe [2007-06-24 22:34:07 421932]

    HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    "status"= present

    "winlogon"= C:\heap41a\svchost.exe C:\heap41a\std.txt

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2008-05-19 14:32 201984]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-04-15 09:37 378696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2008-05-19 14:32 201984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

    C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= ffdshow.ax

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

    "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

    "C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

    S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 09:33]

    S2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-04-26 09:33]

    S2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 09:32]

    S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 09:33]

    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

    S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]

    S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-07-30 16:15]

    S3 NMSSvc;Intel® NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-07-30 16:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f264522-cf83-11dc-a995-000bdb8f4017}]

    \Shell\Auto\command - E:\MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fd9791f-d000-11dc-a997-000bdb8f4017}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    *Newly Created Service* - CATCHME

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-05-20 02:36:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    "2008-05-09 18:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

    - C:\Arquivos de programas\Norton Security Scan\Nss.exe

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-25 11:49:51

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-05-25 11:56:20

    ComboFix-quarantined-files.txt 2008-05-25 14:56:16

    Pre-Run: 6,052,802,560 bytes disponíveis

    Post-Run: 7,848,443,904 bytes disponíveis

    152 --- E O F --- 2007-12-21 18:54:00

    Logfile of HijackThis v1.99.1

    Scan saved at 12:07:11, on 25/05/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\svchost.exe

    C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

    C:\ARQUIV~1\AVG\AVG8\avgemc.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Documents and Settings\Americo\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1046&fid=RegXPWizCredOnly

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [AnyDVD] C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: avgrsstx.dll

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! americosjr

    >@< Baixe o: < w32.USBWorm Blocker Worm Fix >.

    >@< Salve-o no Desktop!

    >@< Descompacte-o e,execute o arquivo: fix.exe Worm

    >@< Clique em Remove.

    ---------------------

    >@< Poste,na sua resposta,um nôvo Log do ComboFix + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola joram boa noite,

    OBRIGADO !!!

    Seguem o log do Combofix e HJT.

    Abraços,

    americosjr

    ComboFix 08-05-24.1 - Americo 2008-05-28 23:24:47.4 - NTFSx86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.135 [GMT -3:00]

    Executando de: C:\Documents and Settings\Americo\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))

    .

    2008-05-27 08:27 . 2008-05-27 08:28 1,275 --a------ C:\WINDOWS\checkip.dat

    2008-05-23 16:30 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

    2008-05-23 16:30 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

    2008-05-23 16:30 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    2008-05-23 16:30 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

    2008-05-22 10:30 . 2008-05-22 10:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

    2008-05-21 11:12 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD

    2008-05-21 11:11 . 2008-05-21 11:12 <DIR> d-------- C:\Arquivos de programas\PC Inspector File Recovery

    2008-05-21 09:15 . 2008-05-23 01:56 <DIR> dr------- C:\Documents and Settings\Caio\Meus documentos

    2008-05-20 23:35 . 2008-05-23 01:44 <DIR> dr------- C:\Documents and Settings\Caio\Favoritos

    2008-05-15 09:26 . 2008-05-15 09:26 37 --a------ C:\WINDOWS\ipixActivex.ini

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-29 02:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-05-28 16:09 --------- d-----w C:\Arquivos de programas\Norton Security Scan

    2008-05-21 14:11 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-05-21 14:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-05-20 11:33 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-05-19 22:58 --------- d--h--w C:\Arquivos de programas\Scpad

    2008-04-29 11:55 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\Apple Computer

    2008-04-26 12:33 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

    2008-04-26 12:33 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

    2008-04-26 12:33 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

    2008-04-26 12:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

    2008-04-26 12:32 --------- d-----w C:\Arquivos de programas\AVG

    2008-04-17 11:46 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

    2008-04-08 14:02 --------- d-----w C:\Arquivos de programas\Programas RFB

    2008-04-02 23:26 --------- d-----w C:\Arquivos de programas\Panda Security

    2008-04-01 00:14 --------- d-----w C:\Documents and Settings\Convidado\Dados de aplicativos\HP

    2008-04-01 00:10 --------- d-----w C:\Documents and Settings\Caio\Dados de aplicativos\Image Zone Express

    2008-04-01 00:01 --------- d-----w C:\Documents and Settings\Mile\Dados de aplicativos\Image Zone Express

    2008-03-31 23:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

    2008-03-31 20:32 --------- d-----w C:\Documents and Settings\Mile\Dados de aplicativos\HP

    2008-03-31 13:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-03-31 13:49 --------- d-----w C:\Documents and Settings\Caio\Dados de aplicativos\HP

    2008-03-29 20:08 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\Image Zone Express

    2008-03-29 18:36 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\HP

    2008-03-29 18:32 --------- d-----w C:\Arquivos de programas\HP

    2008-03-29 18:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

    2008-03-29 18:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

    2008-03-29 18:25 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-03-29 18:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

    2008-03-28 19:19 --------- d-----w C:\Arquivos de programas\Java

    2008-03-06 09:58 691,545 ----a-w C:\WINDOWS\unins000.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-25_11.56.02.87 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-05-25 14:35:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat

    + 2008-05-29 02:17:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & legítimas por defeito não são mostradas.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

    "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

    "AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-04-26 09:33 1177368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "GrpConv"="grpconv -o" []

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    BOOKcase 4.0.lnk - C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe [2007-06-24 22:34:07 421932]

    HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    "status"= present

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2008-05-19 14:32 201984]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-04-15 09:37 378696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2008-05-19 14:32 201984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

    C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= ffdshow.ax

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    "AnyDVD"=C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

    "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

    "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

    "C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

    S1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 09:33]

    S2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-04-26 09:33]

    S2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-04-26 09:32]

    S2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 09:33]

    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

    S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]

    S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-07-30 16:15]

    S3 NMSSvc;Intel® NMS;C:\WINDOWS\system32\NMSSvc.exe [2002-07-30 16:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f264522-cf83-11dc-a995-000bdb8f4017}]

    \Shell\Auto\command - E:\MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fd9791f-d000-11dc-a997-000bdb8f4017}]

    \Shell\Auto\command - MicrosoftPowerPoint.exe

    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    "2008-05-27 02:36:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    "2008-05-09 18:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"

    - C:\Arquivos de programas\Norton Security Scan\Nss.exe

    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-05-28 23:27:20

    Windows 5.1.2600 Service Pack 2 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros ocultos ...

    Varredura completada com sucesso

    Ficheiros ocultos: 0

    **************************************************************************

    .

    Tempo para conclusão: 2008-05-28 23:32:11

    ComboFix-quarantined-files.txt 2008-05-29 02:32:08

    ComboFix2.txt 2008-05-29 02:04:37

    ComboFix3.txt 2008-05-25 14:56:21

    Pre-Run: 7,912,538,112 bytes disponíveis

    Post-Run: 7,903,907,840 bytes disponíveis

    154 --- E O F --- 2007-12-21 18:54:00

    Logfile of HijackThis v1.99.1

    Scan saved at 23:46:33, on 28/05/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\svchost.exe

    C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

    C:\ARQUIV~1\AVG\AVG8\avgemc.exe

    C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Documents and Settings\Americo\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1046&fid=RegXPWizCredOnly

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - AppInit_DLLs: avgrsstx.dll

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

    FIM....Obrigado !!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! americosjr

    <@> Aparentemente,todo Ok com o log.

    ----------------------

    >@< Faça o download do PenClean.

    <!> Link alternativo: < PenClean >

    >@< Salve-o no Desktop!

    >@< Insira suas unidades removíveis,na entrada USB. ( pendrive,mp3,mp4,etc... )

    >@< Rode o utilitário,em Modo de Segurança,e selecione a opção: Verificar o computador

    >@< Clique no botão Verificar.Aguarde!

    >@< Caso haja necessidade,atenda a solicitação para reiniciar o computador.

    >@< Clique em Sim!

    >@< Ps: Não remova,ainda,essas unidades!

    >@< Poste,na sua resposta,o relatório do PenClean,que estará em: C:\PenClean\PenClean.txt

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola joram boa tarde,

    Valeu cara....brigadão pela ajuda.

    Segue o log do penclean

    Abraços,

    americosjr

    Iniciando relatório do PenClean 2.0.0.2

    Por Renato Victor Mejias

    renatomejias@yahoo.com.br

    29/05/2008 13:10:52

    -----------------------------------------------------------

    Arquivos e chaves excluídos da unidade escolhida:

    Malware não detectado em nenhuma unidade!

    -----------------------------------------------------------

    Fim da análise, a unidade verificada foi: "Todas as unidades"

    -----------------------------------------------------------

    Arquivos e chaves excluídos do computador:

    Malware não detectado no computador!

    -----------------------------------------------------------

    Fim da análise no computador.

    -----------------------------------------------------------

    Arquivos e chaves excluídos da unidade escolhida:

    Malware não detectado na unidade escolhida!

    -----------------------------------------------------------

    Fim da análise, a unidade verificada foi F:

    -----------------------------------------------------------

    Arquivos e chaves excluídos da unidade escolhida:

    Malware não detectado em nenhuma unidade!

    -----------------------------------------------------------

    Fim da análise, a unidade verificada foi: "Todas as unidades"

    -----------------------------------------------------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! americosjr

    Antes de executar este procedimento,insira sua(s) unidade(s) removíveis,na entrada USB.

    <!> Delete:

    C:\ComboFix.txt << Log anterior do ComboFix.

    -----------------------

    >@< Selecione e copie,todo o conteúdo que está na área do Código,para o Bloco de Notas.

    >@< Salve-o,no Desktop,com o nome: CFScript.txt

    File::
    E:\MicrosoftPowerPoint.exe
    C:\WINDOWS\bootstat.dat
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f264522-cf83-11dc-a995-000bdb8f4017}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fd9791f-d000-11dc-a997-000bdb8f4017}]
    Dirlook::
    C:\WINDOWS\system32\GroupPolicy

    >@< Arraste,com o Mouse,o CFScript.txt para o ícone do ComboFix.

    >@< Veja a demonstração!

    cpiadecfscriptxt7.gif

    >@< Com esse procedimento,o ComboFix irá executar e,reiniciará o computador,automaticamente!

    >@< Caso não reinicie,faça-o manualmente!

    >@< Durante a execução,não utilize o teclado ou Mouse!

    >@< Terminando,poste o relatório C:\ComboFix.txt + HJT,atualizado.

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola joram,

    Da ultima vez que postei pra cá, substitui o AVG pelo Norton.

    Ao colocar agora um dos pen drives para rodar os relatorios, o Norton detectou um trojan horse e removeu para quarentena.

    Rodei o Combofix, o HJT e depois o pcclean. Seguem os logs.

    Valeu...obrigado novamente!!!

    Abraços,

    americosjr

    ComboFix 08-05-24.1 - Americo 2008-05-31 11:30:46.6 - NTFSx86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.125 [GMT -3:00]

    Executando de: C:\Documents and Settings\Americo\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\Americo\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    C:\WINDOWS\bootstat.dat

    E:\MicrosoftPowerPoint.exe

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\WINDOWS\bootstat.dat

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NAVAPSVC

    -------\Service_navapsvc

    ((((((((((((((((((((((( Ficheiros criados de 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))

    .

    2008-05-30 17:40 . 2008-05-30 17:40 <DIR> d-------- C:\Documents and Settings\Convidado\Dados de aplicativos\Symantec

    2008-05-29 16:27 . 2008-05-29 16:27 <DIR> d-------- C:\Documents and Settings\Mile\Dados de aplicativos\Symantec

    2008-05-29 15:04 . 2008-05-30 21:27 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

    2008-05-29 15:04 . 2008-05-30 21:27 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

    2008-05-29 14:43 . 2008-05-29 14:43 <DIR> d-------- C:\Documents and Settings\Americo\Dados de aplicativos\Symantec

    2008-05-29 14:24 . 2008-05-29 14:24 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys

    2008-05-29 14:22 . 2008-05-29 16:03 <DIR> d-------- C:\Arquivos de programas\Norton Internet Security

    2008-05-29 14:20 . 2008-05-30 21:27 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2008-05-29 14:20 . 2008-05-30 21:27 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    2008-05-29 14:18 . 2008-05-30 21:27 <DIR> d-------- C:\Arquivos de programas\Symantec

    2008-05-29 14:17 . 2008-05-29 14:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

    2008-05-29 13:10 . 2008-05-29 13:10 <DIR> d-------- C:\PenClean

    2008-05-27 08:27 . 2008-05-27 08:28 1,275 --a------ C:\WINDOWS\checkip.dat

    2008-05-23 16:30 . 2001-09-05 23:20 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

    2008-05-23 16:30 . 2001-09-05 23:20 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

    2008-05-23 16:30 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    2008-05-23 16:30 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

    2008-05-22 10:30 . 2008-05-22 10:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

    2008-05-21 11:12 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD

    2008-05-21 11:11 . 2008-05-21 11:12 <DIR> d-------- C:\Arquivos de programas\PC Inspector File Recovery

    2008-05-21 09:15 . 2008-05-23 01:56 <DIR> dr------- C:\Documents and Settings\Caio\Meus documentos

    2008-05-20 23:35 . 2008-05-23 01:44 <DIR> dr------- C:\Documents and Settings\Caio\Favoritos

    2008-05-15 09:26 . 2008-05-15 09:26 37 --a------ C:\WINDOWS\ipixActivex.ini

    2008-04-26 11:24 . 2008-05-26 21:36 <DIR> d--h----- C:\$AVG8.VAULT$

    2008-04-26 09:33 . 2008-05-29 12:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

    2008-04-26 09:33 . 2008-04-26 09:33 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

    2008-04-26 09:33 . 2008-04-26 09:33 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

    2008-04-26 09:33 . 2008-04-26 09:33 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

    2008-04-26 09:32 . 2008-04-26 09:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

    2008-04-26 09:32 . 2008-04-26 09:32 <DIR> d-------- C:\Arquivos de programas\AVG

    2008-04-22 22:53 . 2008-04-22 22:53 <DIR> d-------- C:\WINDOWS\system32\NtmsData

    2008-04-22 22:30 . 2008-04-22 22:32 <DIR> d-------- C:\Micro Mangelica

    2008-04-13 11:11 . 2008-04-13 11:11 3,424 --a------ C:\WINDOWS\svchost

    2008-04-09 20:07 . 2008-04-09 20:07 <DIR> dr------- C:\Novo(a) Porta-arquivos

    2008-04-07 16:42 . 2008-04-07 16:42 1,391,862 --a------ C:\WINDOWS\system32\codigo BB.bmp

    2008-04-06 09:01 . 2008-04-06 09:01 0 --a------ C:\WINDOWS\hpqEmlSz.INI

    2008-04-06 00:59 . 2008-04-06 01:01 <DIR> dr------- C:\OLD_ Porta-arquivos_old

    2008-04-04 22:05 . 2008-04-08 11:02 <DIR> d-------- C:\Arquivos de programas\Programas RFB

    2008-04-04 20:04 . 2008-04-27 15:03 <DIR> d-------- C:\Recnet

    2008-04-04 20:04 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

    2008-04-04 20:04 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

    2008-04-04 20:04 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

    2008-04-04 20:04 . 2008-04-04 20:04 127 --a------ C:\WINDOWS\REC-NET.INI

    2008-04-02 20:26 . 2008-04-02 20:26 <DIR> d-------- C:\Arquivos de programas\Panda Security

    .

    ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-05-31 14:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2008-05-31 00:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

    2008-05-28 16:09 --------- d-----w C:\Arquivos de programas\Norton Security Scan

    2008-05-21 14:11 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

    2008-05-21 14:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

    2008-05-20 11:33 --------- d-----w C:\Arquivos de programas\GbPlugin

    2008-05-19 22:58 --------- d--h--w C:\Arquivos de programas\Scpad

    2008-04-29 11:55 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\Apple Computer

    2008-04-01 00:14 --------- d-----w C:\Documents and Settings\Convidado\Dados de aplicativos\HP

    2008-04-01 00:10 --------- d-----w C:\Documents and Settings\Caio\Dados de aplicativos\Image Zone Express

    2008-04-01 00:01 --------- d-----w C:\Documents and Settings\Mile\Dados de aplicativos\Image Zone Express

    2008-03-31 23:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

    2008-03-31 20:32 --------- d-----w C:\Documents and Settings\Mile\Dados de aplicativos\HP

    2008-03-31 13:56 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

    2008-03-31 13:49 --------- d-----w C:\Documents and Settings\Caio\Dados de aplicativos\HP

    2008-03-29 20:08 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\Image Zone Express

    2008-03-29 18:36 --------- d-----w C:\Documents and Settings\Americo\Dados de aplicativos\HP

    2008-03-29 18:32 --------- d-----w C:\Arquivos de programas\HP

    2008-03-29 18:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

    2008-03-29 18:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

    2008-03-29 18:25 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

    2008-03-29 18:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

    2008-03-28 19:19 --------- d-----w C:\Arquivos de programas\Java

    2008-03-06 09:58 691,545 ----a-w C:\WINDOWS\unins000.exe

    2008-02-10 22:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

    2008-02-10 22:42 249,856 ------w C:\WINDOWS\Setup1.exe

    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    ---- Directory of C:\WINDOWS\system32\GroupPolicy ----

    2008-05-22 10:31 81 ---h----- C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini

    2008-05-22 10:30 38 --a------ C:\WINDOWS\system32\GroupPolicy\gpt.ini

    2007-07-30 19:13 56078 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wuau.adm

    2004-07-23 20:42 1511114 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\inetres.adm

    2004-07-17 21:57 1913876 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\system.adm

    2004-07-17 10:40 72272 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wmplayer.adm

    2004-07-17 10:40 43086 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\conf.adm

    ((((((((((((((((((((((((((((( snapshot@2008-05-25_11.56.02.87 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

    + 2008-05-29 17:28:18 10,134 ----a-r C:\WINDOWS\Installer\{77772678-817F-4401-9301-ED1D01A8DA56}\ARPPRODUCTICON.exe

    - 2007-10-11 06:13:34 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

    + 2008-02-16 09:03:41 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

    + 2006-08-03 20:57:09 466,944 ----a-w C:\WINDOWS\system32\capicom.dll

    - 2007-10-11 06:13:34 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

    + 2008-02-16 09:03:41 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

    - 2007-10-11 06:13:34 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

    + 2008-02-16 09:03:42 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

    - 2007-10-11 06:13:34 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll

    + 2008-02-16 09:03:41 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll

    - 2007-10-11 06:13:34 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll

    + 2008-02-16 09:03:41 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll

    - 2007-10-11 06:13:34 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

    + 2008-02-16 09:03:42 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

    - 2004-08-04 02:45:22 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll

    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll

    - 2006-06-26 17:41:41 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

    + 2008-02-20 05:37:59 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

    - 2004-08-04 02:45:22 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

    + 2008-02-20 05:37:59 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

    - 2007-10-11 06:13:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

    + 2008-02-16 09:03:42 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

    - 2007-10-11 06:13:34 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

    + 2008-02-16 09:03:42 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

    - 2007-10-11 06:13:34 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

    + 2008-02-16 09:03:42 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

    - 2007-06-19 13:31:22 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll

    + 2008-02-20 06:51:35 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll

    - 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

    + 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

    - 2007-10-11 06:13:34 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

    + 2008-02-16 09:03:42 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

    - 2007-10-11 06:13:34 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

    + 2008-02-16 09:03:42 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

    - 2007-11-14 07:28:29 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

    + 2007-12-18 14:42:09 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll

    - 2007-10-11 06:13:34 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

    + 2008-02-16 09:03:42 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

    - 2006-08-17 12:28:32 724,480 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

    + 2007-11-07 09:28:43 724,480 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

    - 2004-08-04 01:00:58 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

    + 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys

    - 2004-08-04 02:45:24 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll

    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll

    - 2004-08-04 02:45:24 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

    - 2007-10-30 10:18:16 3,079,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

    + 2008-02-16 22:33:46 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

    - 2007-10-11 06:13:35 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

    + 2008-02-16 09:03:44 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

    - 2004-08-04 02:45:26 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll

    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll

    - 2004-07-17 13:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

    - 2004-08-04 02:45:26 176,159 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll

    + 2008-03-25 04:49:45 183,072 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll

    - 2004-08-04 02:45:26 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll

    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll

    - 2004-08-04 02:45:26 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

    - 2004-08-04 02:45:26 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll

    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll

    - 2004-08-04 02:45:26 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

    - 2007-10-11 06:13:35 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

    + 2008-02-16 09:03:44 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

    - 2004-08-04 02:45:26 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

    - 2004-08-04 02:45:26 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

    - 2004-08-04 02:45:26 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

    - 2006-10-18 23:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll

    + 2006-12-04 19:21:50 414,720 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll

    - 2004-08-04 02:45:26 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll

    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll

    - 2007-10-11 06:13:35 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

    + 2008-02-16 09:03:45 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

    - 2004-08-04 02:45:26 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

    - 2004-08-04 02:45:26 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

    + 2008-03-25 04:49:46 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

    - 2004-08-04 02:45:26 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

    - 2007-05-17 11:30:00 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll

    + 2007-12-04 18:41:03 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll

    - 2007-10-11 06:13:35 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

    + 2008-02-16 09:03:45 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

    - 2007-10-11 06:13:36 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

    + 2008-02-16 09:03:45 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

    - 2007-10-11 06:13:36 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

    + 2008-02-16 09:03:45 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

    - 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

    + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

    - 2007-10-11 06:13:36 616,448 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

    + 2008-02-16 09:03:45 616,960 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

    - 2004-08-04 02:45:28 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll

    + 2007-12-18 14:42:09 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll

    - 2007-03-08 15:33:32 1,843,712 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

    + 2008-03-20 08:09:41 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

    - 2007-10-11 06:13:37 661,504 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

    + 2008-02-16 09:03:45 661,504 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

    - 2006-10-18 23:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll

    + 2007-10-25 12:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

    - 2006-06-26 17:41:41 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

    + 2008-02-20 05:37:59 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

    - 2004-08-04 02:45:22 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

    + 2008-02-20 05:37:59 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

    - 2004-08-04 01:00:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

    + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

    + 2007-10-01 17:48:56 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

    + 2007-10-01 17:49:04 98,184 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

    + 2007-10-01 17:49:16 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys

    + 2007-10-01 17:49:10 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

    + 2007-10-01 17:49:20 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

    + 2007-10-01 17:49:26 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

    - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

    + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

    - 2007-10-11 06:13:34 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

    + 2008-02-16 09:03:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

    - 2007-10-11 06:13:34 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

    + 2008-02-16 09:03:42 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

    - 2007-10-11 06:13:34 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

    + 2008-02-16 09:03:42 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

    - 2008-03-28 14:19:52 200,144 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

    + 2008-05-29 23:46:33 200,144 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

    - 2007-06-19 13:31:22 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll

    + 2008-02-20 06:51:35 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

    - 2007-10-11 06:13:34 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

    + 2008-02-16 09:03:42 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll

    - 2007-10-11 06:13:34 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

    + 2008-02-16 09:03:42 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

    - 2007-11-14 07:28:29 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

    + 2007-12-18 14:42:09 450,560 ----a-w C:\WINDOWS\system32\jscript.dll

    - 2007-10-11 06:13:34 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

    + 2008-02-16 09:03:42 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

    - 2006-08-17 12:28:32 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

    + 2007-11-07 09:28:43 724,480 ----a-w C:\WINDOWS\system32\lsasrv.dll

    - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

    + 2008-05-09 17:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

    - 2004-08-04 02:45:24 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll

    - 2004-08-04 02:45:24 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll

    - 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll

    + 2008-02-16 22:33:46 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll

    - 2007-10-11 06:13:35 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

    + 2008-02-16 09:03:44 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

    - 2004-08-04 02:45:26 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll

    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll

    - 2004-07-17 13:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

    - 2004-08-04 02:45:26 176,159 ----a-w C:\WINDOWS\system32\msjint40.dll

    + 2008-03-25 04:49:45 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

    - 2004-08-04 02:45:26 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll

    - 2004-08-04 02:45:26 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll

    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll

    - 2004-08-04 02:45:26 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll

    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

    - 2004-08-04 02:45:26 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll

    - 2007-10-11 06:13:35 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

    + 2008-02-16 09:03:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

    - 2004-08-04 02:45:26 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll

    - 2004-08-04 02:45:26 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll

    - 2004-08-04 02:45:26 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll

    - 2006-10-18 23:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll

    + 2006-12-04 19:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll

    - 2004-08-04 02:45:26 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll

    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll

    - 2007-10-11 06:13:35 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

    + 2008-02-16 09:03:45 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

    - 2004-08-04 02:45:26 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll

    - 2004-08-04 02:45:26 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll

    + 2008-03-25 04:49:46 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

    - 2004-08-04 02:45:26 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll

    - 2007-05-17 11:30:00 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll

    + 2007-12-04 18:41:03 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

    - 2007-10-11 06:13:35 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

    + 2008-02-16 09:03:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

    - 2007-10-11 06:13:36 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

    + 2008-02-16 09:03:45 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll

    - 2007-10-11 06:13:36 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

    + 2008-02-16 09:03:45 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

    + 2007-10-01 17:49:38 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll

    + 2007-10-01 17:49:36 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll

    - 2007-10-11 06:13:36 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll

    + 2008-02-16 09:03:45 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll

    - 2004-08-04 02:45:28 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

    + 2007-12-18 14:42:09 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll

    - 2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

    + 2008-03-20 08:09:41 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

    - 2007-10-11 06:13:37 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

    + 2008-02-16 09:03:45 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

    - 2006-10-18 23:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll

    + 2007-10-25 12:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

    - 2007-10-29 18:35:06 119,296 ----a-w C:\WINDOWS\system32\xpsp3res.dll

    + 2008-02-15 23:03:02 360,448 ----a-w C:\WINDOWS\system32\xpsp3res.dll

    + 2008-05-31 14:37:30 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5c4.dat

    .

    -- Snapshot reset to current date --

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    REGEDIT4

    *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]

    "ccApp"="C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe" [2005-09-16 23:27 52848]

    "URLLSTCK.exe"="C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe" [2007-02-01 17:21 23168]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    BOOKcase 4.0.lnk - C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe [2007-06-24 22:34:07 421932]

    HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    "status"= present

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{A3717295-941D-416F-9384-ED1736729F1C}"= C:\Arquivos de programas\Scpad\scpLIB.dll [2008-05-19 14:32 201984]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-04-15 09:37 378696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

    "CompIBBrd"= {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll [2008-05-19 14:32 201984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__GbPluginBb]

    C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll 2008-04-15 09:37 378696 C:\Arquivos de programas\GbPlugin\gbieh.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= ffdshow.ax

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

    "SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

    "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

    "Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    "AnyDVD"=C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD.exe

    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

    "iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe"

    "QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

    "SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

    "AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

    "C:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

    "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

    "C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

    "C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

    "C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

    "C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-26 09:33]

    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-26 09:33]

    S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

    S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]

    S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-07-30 16:15]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    *Newly Created Service* - COMHOST

    *Newly Created Service* - NAVAPSVC

    .

    Conte£do da pasta 'Tarefas Agendadas'

    "2008-05-27 02:36:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    - C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

    "2008-05-29 17:54:01 C:\WINDOWS\Tasks\Norton AntiVirus - Executar verificação completa do sistema - Americo.job"

    -------------------------------------------------------

    Logfile of HijackThis v1.99.1

    Scan saved at 11:57, on 2008-05-31

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Arquivos de programas\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\snmp.exe

    C:\WINDOWS\system32\svchost.exe

    C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

    C:\WINDOWS\Explorer.EXE

    C:\ARQUIV~1\AVG\AVG8\avgemc.exe

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

    C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

    C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    C:\Documents and Settings\Americo\Desktop\ClubedoHardware\HijackThis.exe

    C:\Arquivos de programas\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.srf?xpwiz=true&lc=1046&fid=RegXPWizCredOnly

    O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\AdBlocking\NISShExt.dll

    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Arquivos de programas\Norton Internet Security\UrlLstCk.exe

    O4 - Global Startup: BOOKcase 4.0.lnk = C:\Arquivos de programas\TEXTware\BOOKcase40\BC40CASE.exe

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

    O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.elancers.net/erv2/vagas/activex/smsx.cab

    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    O20 - Winlogon Notify: __GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Agendador do LiveUpdate automático - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\ccPwdSvc.exe

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccProxy.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\comHost.exe

    O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: Serviço do Auto-Protect do Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\navapsvc.exe

    O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Console\NSCSRVCE.EXE

    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Arquivos de programas\Norton Internet Security\Norton AntiVirus\SAVScan.exe

    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\svcntaux.exe

    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\swdsvc.exe

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

    ---------------------------------------------------------------------

    Iniciando relatório do PenClean 2.0.0.2

    Por Renato Victor Mejias

    renatomejias@yahoo.com.br

    2008-05-31 12:08:03

    -----------------------------------------------------------

    Arquivos e chaves excluídos do computador:

    Malware não detectado no computador!

    -----------------------------------------------------------

    Fim da análise no computador.

    -----------------------------------------------------------

    Arquivos e chaves excluídos da unidade escolhida:

    Autorun.inf foi deletado com sucesso!

    -----------------------------------------------------------

    Fim da análise, a unidade verificada foi: "Todas as unidades"

    -----------------------------------------------------------

    FIM...obrigado

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! americosjr

    <@> Faça uma busca e,caso encontre,pode deletar!

    C:\WINDOWS\svchost <<

    <@> Atente para o diretório,em que está o ficheiro.

    ---------------------

    <@> Aparentemente,tudo Ok com os logs! :)

    ---------------------

    >@< Faça um escaneamento de desinfecção em < BitDefender > e poste o relatório.

    >@< Abrirá a página: < BitDefender OnLine Scanner >

    >@< Clique em: < agree2.gif >

    >@< Aguarde!Permita a instalação do ActiveX,para que possa ocorrer o scan.

    <!> Leia o Tutorial: < Link >

    >@< Poste,então: Relatório do BitDefender

    >@< Ps: O relatório do BitDefender,estará em: C:\Windows\BDOSCAN8\bdoscan.log

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola joran,

    Segue relatorio do Bitdefender

    Valeu...obrigado

    Abraços,

    americosjr

    [General]

    App = "BitDefender Online Scanner v8"

    Date = 02:06:2008

    Time = 15:55:30

    Scan Path = A:\;C:\;D:\;

    [Engines Info]

    Virus Definitions = 1255628

    Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"

    Scan plugins = 16

    Archive plugins = 42

    Unpack plugins = 7

    E-mail plugins = 6

    System plugins = 5

    [scan Statistics]

    Folders = 9383

    Files = 421014

    Archives = 5826

    Packed files = 22440

    Identified viruses = 5

    Infected files = 9

    Warnings = 0

    Suspect files = 0

    Disinfected files = 0

    Deleted files = 11

    Copied files = 0

    Moved files = 0

    Renamed files = 0

    I/O Errors = 33

    [scan Settings]

    SecondAction = Delete

    FirstAction = Disinfect

    Heuristics = 1

    Enable Warnings = 1

    Exclude Ext =

    Extensions = *;

    Scan Emails = 1

    Scan Archives = 1

    Scan Packed = 1

    Scan Files = 1

    Scan Boot = 1

    Verify Memory = 0

    [scan Results]

    Line00000021 = "C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\030446B8.inf=>(Quarantine-2) Infected with: Trojan.Starter.AEO"

    Line00000020 = "C:\Documents and Settings\All Users\Dados de aplicativos\Symantec\Norton AntiVirus\Quarantine\030446B8.inf=>(Quarantine-2) Deleted"

    Line00000019 = "C:\MICRO VELHO\WINDOWS\system32\dllcache\mshta.exe Infected with: Trojan.Generic.79853"

    Line00000018 = "C:\MICRO VELHO\WINDOWS\system32\dllcache\mshta.exe Deleted"

    Line00000017 = "C:\MICRO VELHO\WINDOWS\system32\dllcache\spoolsv.exe Infected with: Trojan.Generic.71725"

    Line00000016 = "C:\MICRO VELHO\WINDOWS\system32\dllcache\spoolsv.exe Deleted"

    Line00000015 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o)=>MicrosoftPowerPoint\Install.txt Infected with: Trojan.Agent.AACH"

    Line00000014 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o)=>MicrosoftPowerPoint\Install.txt Disinfection failed"

    Line00000013 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o)=>MicrosoftPowerPoint\Install.txt Deleted"

    Line00000012 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o) Update failed"

    Line00000011 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o)=>MicrosoftPowerPoint\pathlist.txt Infected with: Win32.Worm.Ahkheap.A"

    Line00000010 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o)=>MicrosoftPowerPoint\pathlist.txt Deleted"

    Line00000009 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP161\A0109143.exe=>(RAR Sfx o) Update failed"

    Line00000008 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP170\A0112455.inf Infected with: Trojan.Starter.AEO"

    Line00000007 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP170\A0112455.inf Disinfection failed"

    Line00000006 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP170\A0112455.inf Deleted"

    Line00000005 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP175\A0114269.inf=>(Quarantine-2) Infected with: Trojan.Starter.AEO"

    Line00000004 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP175\A0114269.inf=>(Quarantine-2) Deleted"

    Line00000003 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP176\A0114340.exe Infected with: Trojan.Generic.79853"

    Line00000002 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP176\A0114340.exe Deleted"

    Line00000001 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP176\A0114341.exe Infected with: Trojan.Generic.71725"

    Line00000000 = "C:\System Volume Information\_restore{82BA21DF-70E3-4FB8-928C-965F72D32FEE}\RP176\A0114341.exe Deleted"

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Bom Dia! americosjr

    <@> No Executar,digite: ComboFix.exe /u --> Clique OK.

    <@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

    --------------------

    Estando tudo Ok com o PC,crie um Ponto de Restauração do Sistema,completamente Limpo!

    Clique com o botão direito do mouse em cima de Meu Computador >> Propriedades >> Restauração do Sistema >> Marque: Desativar Restauração do Sistema >> Aplicar >> Ok.

    Depois,desmarque novamente! >> Aplicar >> Ok.

    Para maiores detalhes,vá em:< Docs >

    <@> O log está limpo! :)

    <@> Tudo Ok?

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá joram,

    Desculpe por responder somente agora, mas tive alguns problemas particulares.

    Muito obrigado pela sua ajuda ! Valeu mesmo ! Tá tudo ok agora

    Um forte abraço,

    americosjr

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×