×
Ir ao conteúdo
  • Cadastre-se

Como Eliminar Esta Mensagem?


bonecao79

Posts recomendados

Ao fazer a limpeza de um vírus no meu pc, toda vez que inicio o windows aparece esta seguinte mensagem:

ERRO AO CARREGAR C:\WINDOWS\gbiehbsb.dll

não foi possível encontrar o módulo especificado

OK

Se puderem me ajudar fico muito grato.

Estou enviando a análise do hijackthis, beleza.

Logfile of HijackThis v1.99.1

Scan saved at 13:36, on 2008-02-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Live Toolbar\msn_sl.exe

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\DOCUME~1\PROPRI~1\CONFIG~1\Temp\E_SD.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178419977406

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://edneiandrade.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {96108FA5-58CE-11D5-B3E4-0040C7A63343} (CentralWebMain Control) - http://universitario.educacional.com.br/comunicador/CentralWeb.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Faça o download do ComboFix

É importante que o salve no seu desktop (ambiente de trabalho)

  • Feche todas as janelas e programas.
  • Dê um duplo-clique no combofix.exe, marque 1 e dê o enter.
  • É um pouco demorado, por favor seja paciente.
  • Quando a ferramenta terminar de rodar, gerará um log. Poste o arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não clique com o mouse enquanto a ferramenta estiver rodando, isso pode fazer com que o PC pare.

Link para o comentário
Compartilhar em outros sites

Seguem as análises do combofix e do Hijack This:

ComboFix 08-02-17.2 - Proprietario 2008-02-16 19:14:42.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.188 [GMT -4:00]

Executando de: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))

.

2008-02-14 00:17 . 2008-02-14 00:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-02-13 23:47 . 2008-02-13 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-13 23:47 . 2008-02-13 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-13 23:22 . 2007-03-07 19:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-02-13 22:32 . 2008-02-13 22:32 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-12 20:51 . 2008-02-12 20:52 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d--h----- C:\WINDOWS\PIF

2008-02-09 18:23 . 2008-02-09 18:23 77,627 --a------ C:\D87.tmp

2008-02-08 00:58 . 2008-02-09 18:27 <DIR> d-------- C:\LinhaDefensiva

2008-02-07 12:00 . 2008-02-09 15:16 2,416 --a------ C:\WINDOWS\mssnmsgr.dll

2008-02-07 00:16 . 2008-02-09 18:49 1,088 --a------ C:\WINDOWS\winhlp.dll

2008-02-06 22:33 . 2008-02-09 22:48 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-06 22:31 . 2008-02-09 22:47 9,722,720 --a------ C:\Arquivos de programas\spybotsd152.exe

2008-02-06 12:37 . 2008-02-06 12:37 198,656 --a------ C:\WINDOWS\system\intimacao005.exe

2008-02-06 12:34 . 2008-02-06 12:34 <DIR> d-------- C:\WINDOWS\_tmp

2008-02-06 12:33 . 2008-02-06 12:36 198,656 --a------ C:\WINDOWS\system\intimacao005[1].exe

2008-01-27 17:07 . 2008-01-27 13:30 75,960 --a------ C:\mediamp3.dat

2008-01-27 17:07 . 2008-01-27 17:07 72 --a------ C:\WINDOWS\MediaManager.INI

2008-01-27 16:58 . 2008-01-27 16:58 <DIR> d-------- C:\Documents and Settings\leidyanne\Dados de aplicativos\Uniblue

2008-01-21 20:06 . 2008-01-21 20:07 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-21 20:06 . 2008-01-21 20:06 2,733,928 --a------ C:\Arquivos de programas\ccsetup204.exe

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Proprietario\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\LocalService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\leidyanne\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Default User\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Convidado\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-01-20 01:45 . 2007-12-04 09:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-20 01:45 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-20 01:45 . 2007-12-04 08:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-20 01:45 . 2007-12-04 10:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-20 01:45 . 2007-12-04 10:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-20 01:45 . 2007-12-04 10:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-20 01:45 . 2007-12-04 10:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-20 01:45 . 2007-12-04 10:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-20 01:22 . 2008-01-20 16:26 31,793 --a------ C:\WINDOWS\system32\video8192.drv

2008-01-17 22:59 . 2007-01-15 13:05 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-01-17 22:59 . 2007-01-15 10:57 <DIR> d-------- C:\Documents and Settings\Administrador\Meus documentos

2008-01-17 22:59 . 2007-01-15 10:57 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-01-17 22:59 . 2007-01-15 10:57 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos

2008-01-17 22:59 . 2007-01-15 10:57 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-01-17 22:59 . 2008-02-07 00:10 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-01-17 22:59 . 2007-01-15 10:57 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-01-17 22:59 . 2007-01-15 10:57 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-01-17 21:42 . 2008-01-17 21:42 <DIR> d-------- C:\Suporte

2008-01-17 16:40 . 2008-01-17 21:18 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-13 00:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-02-10 02:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Defender

2008-02-09 22:08 --------- d-----w C:\Arquivos de programas\Google

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\D'Accord_Music_Software_BR

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\BraZip

2008-02-04 06:16 --------- d-----w C:\Arquivos de programas\Altiris

2008-02-04 05:40 --------- d-----w C:\Arquivos de programas\eMule

2008-02-02 22:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-01-31 23:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-01-31 23:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-25 03:59 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Vso

2008-01-18 01:42 --------- d-----w C:\Arquivos de programas\MP3 Player Utilities 4.17

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-17 01:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-15 20:15 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Grisoft

2008-01-15 05:24 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Leadertech

2008-01-12 18:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-01-12 18:31 --------- d-----w C:\Arquivos de programas\Disc2Phone

2008-01-11 21:44 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Teleca

2008-01-11 21:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-09 23:50 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Leadertech

2008-01-09 02:34 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Sony Ericsson

2008-01-08 19:38 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Teleca

2008-01-08 19:37 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Sony Ericsson

2008-01-08 07:00 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\LimeWire

2008-01-05 03:11 5,149,696 ----a-w C:\Arquivos de programas\WindowsDefender.msi

2008-01-04 04:15 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-01-04 03:58 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-01-04 03:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-01-04 03:42 2,403,344 ----a-w C:\Arquivos de programas\WLinstaller.exe

2007-12-26 20:04 --------- d-----w C:\Arquivos de programas\PhotoFiltre Studio

2007-12-26 18:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\epson

2007-12-25 00:05 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\CopyToDvd

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-11 00:42 33,285,592 ----a-w C:\Arquivos de programas\GoogleSketchUpWEN.exe

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 23:31 10,072,368 ----a-w C:\Arquivos de programas\copytodvd4_setup.exe

2007-12-04 23:22 47,360 ----a-w C:\Documents and Settings\Proprietario\Dados de aplicativos\pcouffin.sys

2007-12-04 23:21 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-03 21:02 693,426 ----a-w C:\Arquivos de programas\dp_cd_dvd_burner.exe

2007-12-02 22:17 1,332,736 ----a-w C:\Documents and Settings\leidyanne\winsql.dat

2007-11-27 20:31 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

2007-11-27 20:29 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\HJYWCPNGNWPP.SYS

2007-11-27 19:29 1,332,736 ----a-w C:\Documents and Settings\Proprietario\winsql.dat

2007-11-13 16:31 1,332,736 -c--a-w C:\Documents and Settings\Convidado\Dados de aplicativos\winsql.dat

2007-11-02 19:25 101,583 ----a-w C:\Arquivos de programas\DICIONÁRIO PORTUGUES.gadget

2007-10-07 14:03 39,427,360 ----a-w C:\Arquivos de programas\NVE-3.1.0.21.exe

2007-10-03 19:18 13,411,824 ----a-w C:\Arquivos de programas\Google_Earth_BZXD.exe

2007-09-14 20:00 17,070,630 ----a-w C:\Arquivos de programas\klmcodec340.exe

2007-08-27 21:03 3,378,248 ----a-w C:\Arquivos de programas\LimeWireWin.exe

2007-08-27 03:02 1,606,904 ----a-w C:\Arquivos de programas\googletalk-setup-pt-BR.exe

2007-08-23 03:26 505,144 ----a-w C:\Arquivos de programas\magentic_install.exe

2007-08-22 04:18 1,576,960 ----a-w C:\Arquivos de programas\winLAME-prerelease4.msi

2007-08-19 20:48 1,879,752 ----a-w C:\Arquivos de programas\SetupAnyDVD6170.exe

2007-08-14 05:36 10,511,904 ----a-w C:\Arquivos de programas\RealPlayer10-5GOLD.exe

2007-08-10 19:32 16,381,000 ----a-w C:\Arquivos de programas\setupporpro.exe

2007-06-18 01:25 3,858,985 ----a-w C:\Arquivos de programas\eMule0.48a-Installer.exe

2007-06-05 05:56 372,784 ----a-w C:\Arquivos de programas\ymjsetup.exe

2007-05-26 05:00 20,006,472 ----a-w C:\Arquivos de programas\QuickTimeInstaller.exe

2007-05-23 20:11 14,226,920 ----a-w C:\Arquivos de programas\Babylon6_setup_eng_ptg_eng.exe

2007-05-14 04:28 330 ----a-w C:\Arquivos de programas\3D_Warehouse.kmz

2007-05-11 23:39 15,714,552 ----a-w C:\Arquivos de programas\GoogleEarthWin.exe

2007-05-08 04:05 3,217,896 ----a-w C:\Arquivos de programas\wbsamp.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

2007-12-09 16:16 1502232 --a------ C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{EE5D279F-081B-4404-994D-C6B60AAEBA6D}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=C:\WINDOWS\pss\Software Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-----c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-----c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-----c--- 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2004-10-13 12:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 15:10 271360 C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2007-06-19 10:17 1241088 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]

C:\Arquivos de programas\POPDiscador\POPDiscador.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

-----c--- 2003-12-08 15:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

-----c--- 2004-09-23 10:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-----c--- 2004-10-14 07:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 13:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-02-23 10:00]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2psvc;Configuração de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-16 21:25:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-02-17 23:16:40 C:\WINDOWS\Tasks\User_Feed_Synchronization-{82F9AE9A-AF43-4CF7-9639-FBFBA3382F7A}.job"

- C:\WINDOWS\system32\msfeedssync.exe

"2008-02-16 22:53:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 19:17:39

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Arquivos de programas\epson\share\pihook.dll

.

Tempo para conclusão: 2008-02-17 19:19:27

ComboFix-quarantined-files.txt 2008-02-17 23:19:18

ComboFix2.txt 2008-02-07 03:36:58

ComboFix3.txt 2008-01-20 21:22:47

.

2008-02-15 00:02:46 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 19:21, on 2008-02-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE

C:\WINDOWS\system32\kmd.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178419977406

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://edneiandrade.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {96108FA5-58CE-11D5-B3E4-0040C7A63343} (CentralWebMain Control) - http://universitario.educacional.com.br/comunicador/CentralWeb.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Desative temporariamente seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

File::

C:\WINDOWS\winhlp.dll

C:\WINDOWS\system\intimacao005.exe

C:\WINDOWS\system\intimacao005[1].exe

C:\WINDOWS\system32\video8192.drv

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]

gbieh.1"=-

Dirlook::

C:\WINDOWS\_tmp

  • Salve este arquivo como: CFScript.txt
    cfscriptuq2.gif
  • Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Link para o comentário
Compartilhar em outros sites

ComboFix 08-02-17.2 - Proprietario 2008-02-17 22:03:36.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.131 [GMT -4:00]Executando de: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Proprietario\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))

.

2008-02-17 19:42 . 2008-02-17 20:55 <DIR> d-------- C:\DURO_DE_MATAR_4_0

2008-02-14 00:17 . 2008-02-14 00:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-02-13 23:47 . 2008-02-13 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-13 23:47 . 2008-02-13 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-13 23:22 . 2007-03-07 19:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-02-13 22:32 . 2008-02-13 22:32 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-12 20:51 . 2008-02-12 20:52 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d--h----- C:\WINDOWS\PIF

2008-02-09 18:23 . 2008-02-09 18:23 77,627 --a------ C:\D87.tmp

2008-02-08 00:58 . 2008-02-09 18:27 <DIR> d-------- C:\LinhaDefensiva

2008-02-07 12:00 . 2008-02-09 15:16 2,416 --a------ C:\WINDOWS\mssnmsgr.dll

2008-02-07 00:16 . 2008-02-09 18:49 1,088 --a------ C:\WINDOWS\winhlp.dll

2008-02-06 22:33 . 2008-02-09 22:48 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-06 22:31 . 2008-02-09 22:47 9,722,720 --a------ C:\Arquivos de programas\spybotsd152.exe

2008-02-06 12:37 . 2008-02-06 12:37 198,656 --a------ C:\WINDOWS\system\intimacao005.exe

2008-02-06 12:34 . 2008-02-06 12:34 <DIR> d-------- C:\WINDOWS\_tmp

2008-02-06 12:33 . 2008-02-06 12:36 198,656 --a------ C:\WINDOWS\system\intimacao005[1].exe

2008-01-27 17:07 . 2008-01-27 13:30 75,960 --a------ C:\mediamp3.dat

2008-01-27 17:07 . 2008-01-27 17:07 72 --a------ C:\WINDOWS\MediaManager.INI

2008-01-27 16:58 . 2008-01-27 16:58 <DIR> d-------- C:\Documents and Settings\leidyanne\Dados de aplicativos\Uniblue

2008-01-21 20:06 . 2008-01-21 20:07 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-21 20:06 . 2008-01-21 20:06 2,733,928 --a------ C:\Arquivos de programas\ccsetup204.exe

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Proprietario\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\LocalService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\leidyanne\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Default User\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Convidado\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-01-20 01:45 . 2007-12-04 09:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-20 01:45 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-20 01:45 . 2007-12-04 08:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-20 01:45 . 2007-12-04 10:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-20 01:45 . 2007-12-04 10:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-20 01:45 . 2007-12-04 10:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-20 01:45 . 2007-12-04 10:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-20 01:45 . 2007-12-04 10:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-20 01:22 . 2008-01-20 16:26 31,793 --a------ C:\WINDOWS\system32\video8192.drv

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-18 00:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-13 00:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-02-10 02:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Defender

2008-02-09 22:08 --------- d-----w C:\Arquivos de programas\Google

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\D'Accord_Music_Software_BR

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\BraZip

2008-02-04 06:16 --------- d-----w C:\Arquivos de programas\Altiris

2008-02-04 05:40 --------- d-----w C:\Arquivos de programas\eMule

2008-01-31 23:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-01-31 23:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-25 03:59 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Vso

2008-01-18 01:42 --------- d-----w C:\Arquivos de programas\MP3 Player Utilities 4.17

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-01-17 01:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-15 20:15 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Grisoft

2008-01-15 05:24 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Leadertech

2008-01-12 18:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-01-12 18:31 --------- d-----w C:\Arquivos de programas\Disc2Phone

2008-01-11 21:44 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Teleca

2008-01-11 21:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-09 23:50 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Leadertech

2008-01-09 02:34 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Sony Ericsson

2008-01-08 19:38 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Teleca

2008-01-08 19:37 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Sony Ericsson

2008-01-08 07:00 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\LimeWire

2008-01-05 03:11 5,149,696 ----a-w C:\Arquivos de programas\WindowsDefender.msi

2008-01-04 04:15 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-01-04 03:58 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-01-04 03:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-01-04 03:42 2,403,344 ----a-w C:\Arquivos de programas\WLinstaller.exe

2007-12-26 20:04 --------- d-----w C:\Arquivos de programas\PhotoFiltre Studio

2007-12-26 18:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\epson

2007-12-25 00:05 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\CopyToDvd

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-11 00:42 33,285,592 ----a-w C:\Arquivos de programas\GoogleSketchUpWEN.exe

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 23:31 10,072,368 ----a-w C:\Arquivos de programas\copytodvd4_setup.exe

2007-12-04 23:22 47,360 ----a-w C:\Documents and Settings\Proprietario\Dados de aplicativos\pcouffin.sys

2007-12-04 23:21 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-03 21:02 693,426 ----a-w C:\Arquivos de programas\dp_cd_dvd_burner.exe

2007-12-02 22:17 1,332,736 ----a-w C:\Documents and Settings\leidyanne\winsql.dat

2007-11-27 20:31 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

2007-11-27 20:29 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\HJYWCPNGNWPP.SYS

2007-11-27 19:29 1,332,736 ----a-w C:\Documents and Settings\Proprietario\winsql.dat

2007-11-13 16:31 1,332,736 -c--a-w C:\Documents and Settings\Convidado\Dados de aplicativos\winsql.dat

2007-11-02 19:25 101,583 ----a-w C:\Arquivos de programas\DICIONÁRIO PORTUGUES.gadget

2007-10-07 14:03 39,427,360 ----a-w C:\Arquivos de programas\NVE-3.1.0.21.exe

2007-10-03 19:18 13,411,824 ----a-w C:\Arquivos de programas\Google_Earth_BZXD.exe

2007-09-14 20:00 17,070,630 ----a-w C:\Arquivos de programas\klmcodec340.exe

2007-08-27 21:03 3,378,248 ----a-w C:\Arquivos de programas\LimeWireWin.exe

2007-08-27 03:02 1,606,904 ----a-w C:\Arquivos de programas\googletalk-setup-pt-BR.exe

2007-08-23 03:26 505,144 ----a-w C:\Arquivos de programas\magentic_install.exe

2007-08-22 04:18 1,576,960 ----a-w C:\Arquivos de programas\winLAME-prerelease4.msi

2007-08-19 20:48 1,879,752 ----a-w C:\Arquivos de programas\SetupAnyDVD6170.exe

2007-08-14 05:36 10,511,904 ----a-w C:\Arquivos de programas\RealPlayer10-5GOLD.exe

2007-08-10 19:32 16,381,000 ----a-w C:\Arquivos de programas\setupporpro.exe

2007-06-18 01:25 3,858,985 ----a-w C:\Arquivos de programas\eMule0.48a-Installer.exe

2007-06-05 05:56 372,784 ----a-w C:\Arquivos de programas\ymjsetup.exe

2007-05-26 05:00 20,006,472 ----a-w C:\Arquivos de programas\QuickTimeInstaller.exe

2007-05-23 20:11 14,226,920 ----a-w C:\Arquivos de programas\Babylon6_setup_eng_ptg_eng.exe

2007-05-14 04:28 330 ----a-w C:\Arquivos de programas\3D_Warehouse.kmz

2007-05-11 23:39 15,714,552 ----a-w C:\Arquivos de programas\GoogleEarthWin.exe

2007-05-08 04:05 3,217,896 ----a-w C:\Arquivos de programas\wbsamp.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\WINDOWS\_tmp ----

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

2007-12-09 16:16 1502232 --a------ C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{EE5D279F-081B-4404-994D-C6B60AAEBA6D}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=C:\WINDOWS\pss\Software Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-----c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-----c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-----c--- 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2004-10-13 12:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 15:10 271360 C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2007-06-19 10:17 1241088 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]

C:\Arquivos de programas\POPDiscador\POPDiscador.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

-----c--- 2003-12-08 15:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

-----c--- 2004-09-23 10:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-----c--- 2004-10-14 07:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 13:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-02-23 10:00]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2psvc;Configuração de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-17 23:51:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-02-17 23:31:17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{82F9AE9A-AF43-4CF7-9639-FBFBA3382F7A}.job"

- C:\WINDOWS\system32\msfeedssync.exe

"2008-02-18 01:53:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 22:06:31

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Arquivos de programas\epson\share\pihook.dll

.

Tempo para conclusão: 2008-02-17 22:07:29

ComboFix-quarantined-files.txt 2008-02-18 02:07:13

ComboFix2.txt 2008-02-17 23:19:28

ComboFix3.txt 2008-02-07 03:36:58

ComboFix4.txt 2008-01-20 21:22:47

.

2008-02-15 00:02:46 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 22:08, on 2008-02-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178419977406

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://edneiandrade.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {96108FA5-58CE-11D5-B3E4-0040C7A63343} (CentralWebMain Control) - http://universitario.educacional.com.br/comunicador/CentralWeb.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link para o comentário
Compartilhar em outros sites

ComboFix 08-02-17.2 - Proprietario 2008-02-17 22:03:36.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.131 [GMT -4:00]Executando de: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Proprietario\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))

.

2008-02-17 19:42 . 2008-02-17 20:55 <DIR> d-------- C:\DURO_DE_MATAR_4_0

2008-02-14 00:17 . 2008-02-14 00:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-02-13 23:47 . 2008-02-13 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-13 23:47 . 2008-02-13 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-13 23:22 . 2007-03-07 19:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-02-13 22:32 . 2008-02-13 22:32 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-12 20:51 . 2008-02-12 20:52 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d--h----- C:\WINDOWS\PIF

2008-02-09 18:23 . 2008-02-09 18:23 77,627 --a------ C:\D87.tmp

2008-02-08 00:58 . 2008-02-09 18:27 <DIR> d-------- C:\LinhaDefensiva

2008-02-07 12:00 . 2008-02-09 15:16 2,416 --a------ C:\WINDOWS\mssnmsgr.dll

2008-02-07 00:16 . 2008-02-09 18:49 1,088 --a------ C:\WINDOWS\winhlp.dll

2008-02-06 22:33 . 2008-02-09 22:48 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-06 22:31 . 2008-02-09 22:47 9,722,720 --a------ C:\Arquivos de programas\spybotsd152.exe

2008-02-06 12:37 . 2008-02-06 12:37 198,656 --a------ C:\WINDOWS\system\intimacao005.exe

2008-02-06 12:34 . 2008-02-06 12:34 <DIR> d-------- C:\WINDOWS\_tmp

2008-02-06 12:33 . 2008-02-06 12:36 198,656 --a------ C:\WINDOWS\system\intimacao005[1].exe

2008-01-27 17:07 . 2008-01-27 13:30 75,960 --a------ C:\mediamp3.dat

2008-01-27 17:07 . 2008-01-27 17:07 72 --a------ C:\WINDOWS\MediaManager.INI

2008-01-27 16:58 . 2008-01-27 16:58 <DIR> d-------- C:\Documents and Settings\leidyanne\Dados de aplicativos\Uniblue

2008-01-21 20:06 . 2008-01-21 20:07 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-21 20:06 . 2008-01-21 20:06 2,733,928 --a------ C:\Arquivos de programas\ccsetup204.exe

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Proprietario\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\LocalService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\leidyanne\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Default User\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Convidado\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-01-20 01:45 . 2007-12-04 09:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-20 01:45 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-20 01:45 . 2007-12-04 08:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-20 01:45 . 2007-12-04 10:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-20 01:45 . 2007-12-04 10:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-20 01:45 . 2007-12-04 10:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-20 01:45 . 2007-12-04 10:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-20 01:45 . 2007-12-04 10:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-20 01:22 . 2008-01-20 16:26 31,793 --a------ C:\WINDOWS\system32\video8192.drv

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-18 00:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-13 00:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-02-10 02:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Defender

2008-02-09 22:08 --------- d-----w C:\Arquivos de programas\Google

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\D'Accord_Music_Software_BR

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\BraZip

2008-02-04 06:16 --------- d-----w C:\Arquivos de programas\Altiris

2008-02-04 05:40 --------- d-----w C:\Arquivos de programas\eMule

2008-01-31 23:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-01-31 23:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-25 03:59 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Vso

2008-01-18 01:42 --------- d-----w C:\Arquivos de programas\MP3 Player Utilities 4.17

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-01-17 01:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-15 20:15 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Grisoft

2008-01-15 05:24 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Leadertech

2008-01-12 18:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-01-12 18:31 --------- d-----w C:\Arquivos de programas\Disc2Phone

2008-01-11 21:44 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Teleca

2008-01-11 21:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-09 23:50 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Leadertech

2008-01-09 02:34 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Sony Ericsson

2008-01-08 19:38 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Teleca

2008-01-08 19:37 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Sony Ericsson

2008-01-08 07:00 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\LimeWire

2008-01-05 03:11 5,149,696 ----a-w C:\Arquivos de programas\WindowsDefender.msi

2008-01-04 04:15 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-01-04 03:58 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-01-04 03:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-01-04 03:42 2,403,344 ----a-w C:\Arquivos de programas\WLinstaller.exe

2007-12-26 20:04 --------- d-----w C:\Arquivos de programas\PhotoFiltre Studio

2007-12-26 18:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\epson

2007-12-25 00:05 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\CopyToDvd

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-11 00:42 33,285,592 ----a-w C:\Arquivos de programas\GoogleSketchUpWEN.exe

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 23:31 10,072,368 ----a-w C:\Arquivos de programas\copytodvd4_setup.exe

2007-12-04 23:22 47,360 ----a-w C:\Documents and Settings\Proprietario\Dados de aplicativos\pcouffin.sys

2007-12-04 23:21 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-03 21:02 693,426 ----a-w C:\Arquivos de programas\dp_cd_dvd_burner.exe

2007-12-02 22:17 1,332,736 ----a-w C:\Documents and Settings\leidyanne\winsql.dat

2007-11-27 20:31 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

2007-11-27 20:29 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\HJYWCPNGNWPP.SYS

2007-11-27 19:29 1,332,736 ----a-w C:\Documents and Settings\Proprietario\winsql.dat

2007-11-13 16:31 1,332,736 -c--a-w C:\Documents and Settings\Convidado\Dados de aplicativos\winsql.dat

2007-11-02 19:25 101,583 ----a-w C:\Arquivos de programas\DICIONÁRIO PORTUGUES.gadget

2007-10-07 14:03 39,427,360 ----a-w C:\Arquivos de programas\NVE-3.1.0.21.exe

2007-10-03 19:18 13,411,824 ----a-w C:\Arquivos de programas\Google_Earth_BZXD.exe

2007-09-14 20:00 17,070,630 ----a-w C:\Arquivos de programas\klmcodec340.exe

2007-08-27 21:03 3,378,248 ----a-w C:\Arquivos de programas\LimeWireWin.exe

2007-08-27 03:02 1,606,904 ----a-w C:\Arquivos de programas\googletalk-setup-pt-BR.exe

2007-08-23 03:26 505,144 ----a-w C:\Arquivos de programas\magentic_install.exe

2007-08-22 04:18 1,576,960 ----a-w C:\Arquivos de programas\winLAME-prerelease4.msi

2007-08-19 20:48 1,879,752 ----a-w C:\Arquivos de programas\SetupAnyDVD6170.exe

2007-08-14 05:36 10,511,904 ----a-w C:\Arquivos de programas\RealPlayer10-5GOLD.exe

2007-08-10 19:32 16,381,000 ----a-w C:\Arquivos de programas\setupporpro.exe

2007-06-18 01:25 3,858,985 ----a-w C:\Arquivos de programas\eMule0.48a-Installer.exe

2007-06-05 05:56 372,784 ----a-w C:\Arquivos de programas\ymjsetup.exe

2007-05-26 05:00 20,006,472 ----a-w C:\Arquivos de programas\QuickTimeInstaller.exe

2007-05-23 20:11 14,226,920 ----a-w C:\Arquivos de programas\Babylon6_setup_eng_ptg_eng.exe

2007-05-14 04:28 330 ----a-w C:\Arquivos de programas\3D_Warehouse.kmz

2007-05-11 23:39 15,714,552 ----a-w C:\Arquivos de programas\GoogleEarthWin.exe

2007-05-08 04:05 3,217,896 ----a-w C:\Arquivos de programas\wbsamp.exe

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of C:\WINDOWS\_tmp ----

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

2007-12-09 16:16 1502232 --a------ C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{EE5D279F-081B-4404-994D-C6B60AAEBA6D}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=C:\WINDOWS\pss\Software Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-----c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-----c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-----c--- 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2004-10-13 12:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 15:10 271360 C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2007-06-19 10:17 1241088 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]

C:\Arquivos de programas\POPDiscador\POPDiscador.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

-----c--- 2003-12-08 15:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

-----c--- 2004-09-23 10:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-----c--- 2004-10-14 07:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 13:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-02-23 10:00]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2psvc;Configuração de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-17 23:51:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-02-17 23:31:17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{82F9AE9A-AF43-4CF7-9639-FBFBA3382F7A}.job"

- C:\WINDOWS\system32\msfeedssync.exe

"2008-02-18 01:53:01 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 22:06:31

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]

-> C:\Arquivos de programas\epson\share\pihook.dll

.

Tempo para conclusão: 2008-02-17 22:07:29

ComboFix-quarantined-files.txt 2008-02-18 02:07:13

ComboFix2.txt 2008-02-17 23:19:28

ComboFix3.txt 2008-02-07 03:36:58

ComboFix4.txt 2008-01-20 21:22:47

.

2008-02-15 00:02:46 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 22:08, on 2008-02-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178419977406

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://edneiandrade.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {96108FA5-58CE-11D5-B3E4-0040C7A63343} (CentralWebMain Control) - http://universitario.educacional.com.br/comunicador/CentralWeb.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Desative o SpyBot também.

Noto que foi a 5ª vez que executou o ComboFix, você seguindo orientações em outro fórum?

Desative temporariamente seu antivírus ou qualquer outro software de segurança, tais como firewall, antispyware, etc.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

File::
C:\WINDOWS\mssnmsgr.dll
C:\WINDOWS\winhlp.dll
C:\WINDOWS\_tmp
C:\WINDOWS\system\intimacao005[1].exe
C:\WINDOWS\gbiehbsb.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

  • Salve este arquivo como: CFScript.txt
    cfscriptuq2.gif
  • Tal como exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Link para o comentário
Compartilhar em outros sites

Cara, acho que o problema já foi resolvido.

Reiniciei o computador e a mensagem não apareceu.

Estou seguindo apenas as dicas desse fórum, pois é o único que consegue realmente solucionar os problemas, vocês estão de parabéns.

Estou mandando as análises.

Obrigado.

ComboFix 08-02-17.2 - Proprietario 2008-02-18 15:00:19.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.171 [GMT -4:00]

Executando de: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Proprietario\Desktop\CFScript.txt.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\_tmp

C:\WINDOWS\system\intimacao005.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system\intimacao005.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))

.

2008-02-17 19:42 . 2008-02-17 22:31 <DIR> d-------- C:\DURO_DE_MATAR_4_0

2008-02-14 00:17 . 2008-02-14 00:17 1,190 --a------ C:\WINDOWS\mozver.dat

2008-02-13 23:47 . 2008-02-13 23:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-13 23:47 . 2008-02-13 23:47 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-13 23:22 . 2007-03-07 19:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2008-02-13 22:32 . 2008-02-13 22:32 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-12 20:51 . 2008-02-12 20:52 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-02-10 12:17 . 2008-02-10 12:17 <DIR> d--h----- C:\WINDOWS\PIF

2008-02-09 18:23 . 2008-02-09 18:23 77,627 --a------ C:\D87.tmp

2008-02-08 00:58 . 2008-02-09 18:27 <DIR> d-------- C:\LinhaDefensiva

2008-02-06 22:33 . 2008-02-09 22:48 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-02-06 22:31 . 2008-02-09 22:47 9,722,720 --a------ C:\Arquivos de programas\spybotsd152.exe

2008-02-06 12:34 . 2008-02-06 12:34 <DIR> d-------- C:\WINDOWS\_tmp

2008-01-27 17:07 . 2008-01-27 13:30 75,960 --a------ C:\mediamp3.dat

2008-01-27 17:07 . 2008-01-27 17:07 72 --a------ C:\WINDOWS\MediaManager.INI

2008-01-27 16:58 . 2008-01-27 16:58 <DIR> d-------- C:\Documents and Settings\leidyanne\Dados de aplicativos\Uniblue

2008-01-21 20:06 . 2008-01-21 20:07 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-01-21 20:06 . 2008-01-21 20:06 2,733,928 --a------ C:\Arquivos de programas\ccsetup204.exe

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Proprietario\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\LocalService\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\leidyanne\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Default User\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Convidado\Configura‡äes locais

2008-01-20 17:22 . 2008-01-20 17:22 <DIR> d-------- C:\Documents and Settings\Administrador\Configura‡äes locais

2008-01-20 01:45 . 2007-12-04 09:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-20 01:45 . 2004-01-09 06:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-20 01:45 . 2007-12-04 08:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-20 01:45 . 2007-12-04 10:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-20 01:45 . 2007-12-04 10:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-20 01:45 . 2007-12-04 10:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-20 01:45 . 2007-12-04 10:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-20 01:45 . 2007-12-04 10:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-20 01:22 . 2008-01-20 16:26 31,793 --a------ C:\WINDOWS\system32\video8192.drv

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-18 00:54 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

2008-02-13 00:52 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-02-10 02:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Live Favorites

2008-02-09 22:12 --------- d-----w C:\Arquivos de programas\Windows Defender

2008-02-09 22:08 --------- d-----w C:\Arquivos de programas\Google

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\D'Accord_Music_Software_BR

2008-02-09 22:07 --------- d-----w C:\Arquivos de programas\BraZip

2008-02-04 06:16 --------- d-----w C:\Arquivos de programas\Altiris

2008-02-04 05:40 --------- d-----w C:\Arquivos de programas\eMule

2008-01-31 23:55 --------- d-----w C:\Arquivos de programas\Windows Live

2008-01-31 23:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2008-01-25 03:59 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Vso

2008-01-18 01:42 --------- d-----w C:\Arquivos de programas\MP3 Player Utilities 4.17

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Symantec

2008-01-18 01:18 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-01-17 01:26 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-01-15 20:15 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Grisoft

2008-01-15 05:24 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Leadertech

2008-01-12 18:51 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Teleca Shared

2008-01-12 18:31 --------- d-----w C:\Arquivos de programas\Disc2Phone

2008-01-11 21:44 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Teleca

2008-01-11 21:32 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-01-09 23:50 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Leadertech

2008-01-09 02:34 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\Sony Ericsson

2008-01-08 19:38 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Teleca

2008-01-08 19:37 --------- d-----w C:\Documents and Settings\leidyanne\Dados de aplicativos\Sony Ericsson

2008-01-08 07:00 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\LimeWire

2008-01-05 03:11 5,149,696 ----a-w C:\Arquivos de programas\WindowsDefender.msi

2008-01-04 04:15 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-01-04 03:58 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-01-04 03:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-01-04 03:42 2,403,344 ----a-w C:\Arquivos de programas\WLinstaller.exe

2007-12-26 20:04 --------- d-----w C:\Arquivos de programas\PhotoFiltre Studio

2007-12-26 18:55 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\LimeWire

2007-12-26 01:31 --------- d-----w C:\Arquivos de programas\epson

2007-12-25 00:05 --------- d-----w C:\Documents and Settings\Proprietario\Dados de aplicativos\CopyToDvd

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-11 00:42 33,285,592 ----a-w C:\Arquivos de programas\GoogleSketchUpWEN.exe

2007-12-07 02:09 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 23:31 10,072,368 ----a-w C:\Arquivos de programas\copytodvd4_setup.exe

2007-12-04 23:22 47,360 ----a-w C:\Documents and Settings\Proprietario\Dados de aplicativos\pcouffin.sys

2007-12-04 23:21 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-03 21:02 693,426 ----a-w C:\Arquivos de programas\dp_cd_dvd_burner.exe

2007-12-02 22:17 1,332,736 ----a-w C:\Documents and Settings\leidyanne\winsql.dat

2007-11-27 20:31 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

2007-11-27 20:29 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\HJYWCPNGNWPP.SYS

2007-11-27 19:29 1,332,736 ----a-w C:\Documents and Settings\Proprietario\winsql.dat

2007-11-13 16:31 1,332,736 -c--a-w C:\Documents and Settings\Convidado\Dados de aplicativos\winsql.dat

2007-11-02 19:25 101,583 ----a-w C:\Arquivos de programas\DICIONÁRIO PORTUGUES.gadget

2007-10-07 14:03 39,427,360 ----a-w C:\Arquivos de programas\NVE-3.1.0.21.exe

2007-10-03 19:18 13,411,824 ----a-w C:\Arquivos de programas\Google_Earth_BZXD.exe

2007-09-14 20:00 17,070,630 ----a-w C:\Arquivos de programas\klmcodec340.exe

2007-08-27 21:03 3,378,248 ----a-w C:\Arquivos de programas\LimeWireWin.exe

2007-08-27 03:02 1,606,904 ----a-w C:\Arquivos de programas\googletalk-setup-pt-BR.exe

2007-08-23 03:26 505,144 ----a-w C:\Arquivos de programas\magentic_install.exe

2007-08-22 04:18 1,576,960 ----a-w C:\Arquivos de programas\winLAME-prerelease4.msi

2007-08-19 20:48 1,879,752 ----a-w C:\Arquivos de programas\SetupAnyDVD6170.exe

2007-08-14 05:36 10,511,904 ----a-w C:\Arquivos de programas\RealPlayer10-5GOLD.exe

2007-08-10 19:32 16,381,000 ----a-w C:\Arquivos de programas\setupporpro.exe

2007-06-18 01:25 3,858,985 ----a-w C:\Arquivos de programas\eMule0.48a-Installer.exe

2007-06-05 05:56 372,784 ----a-w C:\Arquivos de programas\ymjsetup.exe

2007-05-26 05:00 20,006,472 ----a-w C:\Arquivos de programas\QuickTimeInstaller.exe

2007-05-23 20:11 14,226,920 ----a-w C:\Arquivos de programas\Babylon6_setup_eng_ptg_eng.exe

2007-05-14 04:28 330 ----a-w C:\Arquivos de programas\3D_Warehouse.kmz

2007-05-11 23:39 15,714,552 ----a-w C:\Arquivos de programas\GoogleEarthWin.exe

2007-05-08 04:05 3,217,896 ----a-w C:\Arquivos de programas\wbsamp.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

2007-12-09 16:16 1502232 --a------ C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

{EE5D279F-081B-4404-994D-C6B60AAEBA6D}

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

[HKEY_CLASSES_ROOT\clsid\{c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:26 68856]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^KODAK Software Updater.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\KODAK Software Updater.lnk

backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=C:\WINDOWS\pss\Software Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 23:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-----c--- 2005-09-20 08:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-----c--- 2005-09-20 08:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-----c--- 2005-09-20 08:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2004-10-13 12:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2007-06-18 15:10 271360 C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2007-06-19 10:17 1241088 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPDiscador]

C:\Arquivos de programas\POPDiscador\POPDiscador.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

-----c--- 2003-12-08 15:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

-----c--- 2004-09-23 10:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-----c--- 2004-10-14 07:11 1388544 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 13:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-02-23 10:00]

S3 p2pgasvc;Autenticação de grupo de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2pimsvc;Gerenciador de identidades ponto-a-ponto da Microsoft;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 p2psvc;Configuração de rede ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 PNRPSvc;Protocolo de resolução de nomes ponto-a-ponto;C:\WINDOWS\system32\svchost.exe [2004-08-03 23:45]

S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-02-18 18:19:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

"2008-02-17 23:31:17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{82F9AE9A-AF43-4CF7-9639-FBFBA3382F7A}.job"

- C:\WINDOWS\system32\msfeedssync.exe

"2008-02-18 18:53:29 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-18 15:02:14

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-02-18 15:02:52

ComboFix-quarantined-files.txt 2008-02-18 19:02:45

ComboFix2.txt 2008-02-18 18:48:35

ComboFix3.txt 2008-02-18 02:07:30

ComboFix4.txt 2008-02-17 23:19:28

ComboFix5.txt 2008-02-07 03:36:58

.

2008-02-15 00:02:46 --- E O F ---

Logfile of HijackThis v1.99.1

Scan saved at 15:03, on 2008-02-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\DOCUME~1\PROPRI~1\CONFIG~1\Temp\E_S10.tmp" /EF "HKCU"

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178419977406

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://edneiandrade.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {96108FA5-58CE-11D5-B3E4-0040C7A63343} (CentralWebMain Control) - http://universitario.educacional.com.br/comunicador/CentralWeb.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o componente ActiveX, clique em Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

      Extended (if available otherwise Standard)

    • Scan Options:

      Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será iniciado o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e poste na sua próxima resposta.

    [*]Gere e cole também um novo log do HijackThis.

Link para o comentário
Compartilhar em outros sites

Não consegui fazer o Online Scan em kaspersky Virusscanner,

quando clique em Accept apareceu a seguinte mensagem:

Kaspersky OnlineScanner service is based on MS´s ActiveX technology.

This service works only with Microsoft Windows 2000 and Internet Explorer 6.0 or highter, 32-bit.

Não entendi muito, mas meu Internet Explorer é o 7.0, ou seja, ele é superior ao que é pedido. Não teria como fazer um Online Scan com outro anti vírus?:confused:

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Você deve usar o Internet Explorer para isso e não o FireFox.

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Clique AQUI para ser efetuado um online scan no Clipboard06.jpg ActiveScan

  • Quando estiver no site da Panda, clique no botão 33ptol3.gif
  • Uma nova janela será aberta:
  • Selecione o seu País
  • Coloque o seu Distrito/região
  • Coloque o seu E-mail válido e clique em send
  • Selecione Utilizador em casa ou Empresa
  • Clique no botão buttoninijf4.gif
  • Se aparecer uma janela perguntando para instalar um componente ActiveX, aceite
  • Começará o download dos arquivos necessários para o scan ser efetuado. (Nota: Poderá demorar alguns minutos. Seja paciente)
  • Quando o download estiver completo, clique em pandamycomputer.gif para iniciar o scan
  • Quando o scan terminar, e caso sejam detectados arquivos maliciosos, clique no botão pandaseereport.gif, depois em pandasavereport.gif e salve esse resultado no seu PC.
  • Na sua próxima resposta, gere e cole um novo log do HijackThis e o resultado do Panda ActiveScan

Link para o comentário
Compartilhar em outros sites

Fiz o Online Scan conforme descrito, não foram detectados nenhum vírus.

Estou enviando a análise do Hijack This.

Obrigado!

Logfile of HijackThis v1.99.1

Scan saved at 01:20, on 2008-02-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\Proprietario\Desktop\HijackThis.exe

C:\Arquivos de programas\Windows Live Toolbar\msn_sl.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Yahoo! Barra de Ferramentas - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: D'Accord Music Software BR Toolbar - {c6684bb3-d1ce-4c5e-be04-62e5ec0d85ad} - C:\Arquivos de programas\D'Accord_Music_Software_BR\tbD'A0.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Arquivos de programas\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVL.EXE /FU "C:\DOCUME~1\PROPRI~1\CONFIG~1\Temp\E_S10.tmp" /EF "HKCU"

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178419977406

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://edneiandrade.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {96108FA5-58CE-11D5-B3E4-0040C7A63343} (CentralWebMain Control) - http://universitario.educacional.com.br/comunicador/CentralWeb.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{019E00F4-996B-48E4-8B17-E54C34AD8B0C}: NameServer = 10.1.1.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

Link para o comentário
Compartilhar em outros sites

  • Coordenador

Parabéns, seu log está limpo.

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite combofix /u. Isso desinstalará o ComboFix de sua máquina.

Desative e reative a Restauração do Sistema

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Mais algum problema com o computador?

Link para o comentário
Compartilhar em outros sites

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

minicurso-montagem-popup.jpg

MINICURSO GRÁTIS!

Como ganhar dinheiro montando computadores!

CLIQUE AQUI E INSCREVA-SE AGORA MESMO!