Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
carlosibarreto

Pc Infectado Por Malware

Recommended Posts

Olá meu Pc anda lento esses dias e toda hora o Avast acusa um Malware, ele acusa esse erro

HTML: Malware-gen e não consigo retirar de maneira alguma! Tenta me ajudar ae na moral!

Grato

Ae abaixo vai o LOG do HijackThis

________________________________

Logfile of HijackThis v1.99.1

Scan saved at 10:35, on 2008-04-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Keyboard\Ikeymain.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Carlos\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iKeyWorks] C:\ARQUIV~1\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GameXL] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - HKCU\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download by NetAnts - C:\ARQUIV~1\NETANTS\NAGet.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &All by NetAnts - C:\ARQUIV~1\NETANTS\NAGetAll.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\ARQUIV~1\NETANTS\NetAnts.exe (file missing)

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\ARQUIV~1\NETANTS\NetAnts.exe (file missing)

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe (file missing)

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www2.driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

__________________________________________

Aguardo Ajuda...

valeu ae

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix

  • Desative, temporariamente, o antivírus;
  • Feche todas as janelas abertas;
  • Dê um duplo-clique no ComboFix.exe, clique em "Executar" e digite "1" + Enter para prosseguir o Fix. Pode demorar algum tempo.
  • O ComboFix poderá reiniciar o PC automaticamente para completar o processo de remoção.
  • Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.
  • Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, não mova o mouse e não use o teclado, pois senão irá parar e seu desktop ficará em branco.
  • Para parar ou sair do ComboFix, tecle "N".
  • Cole o ComboFix.txt na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-04-08.7 - Carlos 2008-04-08 20:49:52.4 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.246 [GMT -3:00]

Executando de: C:\Documents and Settings\Carlos\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

Apareceu isso ae no combofix.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eita, Foi mesmo, bem que eu achei estranho!

Foi mal ae!

Ta ae o certo agora.

_______________________________________

ComboFix 08-04-08.7 - Carlos 2008-04-10 8:53:23.5 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.197 [GMT -3:00]

Executando de: C:\Documents and Settings\Carlos\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))

.

2008-04-09 21:47 . 2008-04-09 21:49 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-04-09 08:21 . 2008-04-09 08:21 360,064 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS.ORIGINAL

2008-04-08 17:48 . 2008-04-08 17:48 <DIR> d-------- C:\WINDOWS\Application Data\HP

2008-04-06 17:03 . 2008-04-06 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

2008-04-06 17:01 . 2008-04-06 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-04-06 17:01 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll

2008-04-06 16:58 . 2008-04-06 16:58 <DIR> d-------- C:\WINDOWS\Application Data\HPAppData

2008-04-06 16:58 . 2008-04-06 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2008-04-06 16:54 . 2008-04-06 16:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-04-06 16:54 . 2007-03-08 16:20 49,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys

2008-04-06 16:54 . 2007-03-08 16:20 21,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys

2008-04-06 16:54 . 2007-03-08 16:20 16,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys

2008-04-06 16:53 . 2008-04-06 16:53 <DIR> d-------- C:\Arquivos de programas\HP

2008-04-06 16:53 . 2007-03-17 17:39 958,464 --a------ C:\WINDOWS\SYSTEM32\hpotiop4.dll

2008-04-06 16:53 . 2007-03-17 17:39 675,840 --a------ C:\WINDOWS\SYSTEM32\hpowiax4.dll

2008-04-06 16:53 . 2007-03-08 16:20 364,544 --a------ C:\WINDOWS\SYSTEM32\hppldcoi.dll

2008-04-06 16:53 . 2007-03-17 17:39 303,104 --a------ C:\WINDOWS\SYSTEM32\hpovst11.dll

2008-04-06 16:53 . 2007-03-31 02:29 267,864 --a------ C:\WINDOWS\SYSTEM32\hpzids01.dll

2008-04-06 16:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys

2008-04-06 16:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbprint.sys

2008-04-06 08:38 . 2008-04-06 10:26 150,092 --------- C:\WINDOWS\hpoins15.dat.temp

2008-04-06 08:38 . 2007-09-20 17:06 1,039 --------- C:\WINDOWS\hpomdl15.dat.temp

2008-04-06 08:20 . 2008-04-06 17:03 150,657 --a------ C:\WINDOWS\hpoins15.dat

2008-04-06 08:20 . 2007-09-21 10:35 1,039 --------- C:\WINDOWS\hpomdl15.dat

2008-04-05 14:24 . 2008-04-05 14:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\Temp

2008-04-05 14:24 . 2008-04-05 14:24 376,832 --a------ C:\WINDOWS\SYSTEM32\MPIWIN32.DLL

2008-04-05 14:24 . 2008-04-05 14:24 45,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CBUSB.SYS

2008-04-05 14:24 . 2008-04-05 14:24 43,520 --a------ C:\WINDOWS\SYSTEM32\CBNDLL.DLL

2008-04-05 08:51 . 2008-04-05 08:44 691,545 --a------ C:\WINDOWS\unins000.exe

2008-04-05 06:26 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys

2008-04-05 06:26 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys

2008-04-02 10:20 . 2008-04-02 10:20 <DIR> d--hs---- C:\FOUND.053

2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\Arquivos de programas\Gogglebox TV

2008-03-28 23:28 . 2008-03-28 23:28 <DIR> d-------- C:\Arquivos de programas\Infogrames

2008-03-27 16:53 . 2008-03-27 16:53 <DIR> d-------- C:\Arquivos de programas\Orkut Lite

2008-03-25 21:47 . 2008-03-25 21:47 <DIR> d--hs---- C:\FOUND.052

2008-03-24 14:59 . 2008-03-24 15:35 107,888 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll

2008-03-24 14:38 . 2008-03-24 14:38 <DIR> d-------- C:\Arquivos de programas\KONAMI

2008-03-24 13:05 . 2003-07-20 15:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd

2008-03-24 13:05 . 2005-01-04 06:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys

2008-03-23 15:00 . 2008-03-23 15:00 <DIR> d-------- C:\Arquivos de programas\Aspyr

2008-03-23 14:57 . 2008-03-23 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-03-22 07:30 . 2008-03-22 07:30 <DIR> d--hs---- C:\FOUND.051

2008-03-18 12:50 . 2008-03-18 12:50 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-18 06:18 . 2008-03-18 06:18 <DIR> d--hs---- C:\FOUND.050

2008-03-16 09:10 . 2008-03-16 09:10 <DIR> d--hs---- C:\FOUND.049

2008-03-15 23:17 . 2008-03-15 23:17 <DIR> d--hs---- C:\FOUND.048

2008-03-15 19:43 . 2008-03-15 19:43 <DIR> d--hs---- C:\FOUND.047

2008-03-14 12:52 . 2008-03-14 12:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-03-12 08:23 . 2008-03-12 08:23 <DIR> d-------- C:\Arquivos de programas\Apache Software Foundation

2008-03-11 08:10 . 2008-03-11 08:10 <DIR> d-------- C:\WINDOWS\Application Data\InstallShield

2008-03-11 08:09 . 2008-03-11 08:09 <DIR> d-------- C:\WINDOWS\Application Data\DAEMON Tools

2008-03-11 08:09 . 2008-03-11 08:09 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2008-03-11 08:09 . 2008-03-11 08:09 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2008-03-10 23:16 . 2008-03-10 23:16 <DIR> d--hs---- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-10 23:15 . 2008-03-10 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-10 12:19 . 2008-04-05 08:51 6,739 --a------ C:\WINDOWS\unins000.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2017-09-18 17:32 --------- d-----w C:\WINDOWS\Application Data\Symantec

2017-09-18 17:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2017-09-18 17:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2017-09-18 17:26 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2017-09-18 17:25 --------- d-----w C:\Arquivos de programas\VIA

2017-09-18 17:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2017-09-18 17:08 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2017-09-18 17:06 --------- d-----w C:\Arquivos de programas\Serviços on-line

2017-09-18 02:30 33,792 --sh--w C:\VIDEOROM.BIN

2017-09-18 02:29 --------- d-----w C:\Arquivos de programas\DirectX

2017-09-18 02:28 266 --sh--w C:\Arquivos de programas\desktop.ini

2017-09-18 02:28 11,280 ---h--w C:\Arquivos de programas\folder.htt

2017-09-18 02:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SERVIÇOS

2017-09-18 02:19 --------- d-----w C:\Arquivos de programas\PLUS!

2017-09-18 02:19 --------- d-----w C:\Arquivos de programas\CHAT

2017-09-18 02:19 --------- d-----r C:\Arquivos de programas\Acessórios

2008-04-09 11:21 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-04-09 11:21 360,064 ----a-w C:\WINDOWS\SYSTEM32\dllcache\TCPIP.SYS

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\SYSTEM32\AvastSS.scr

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys

2008-03-08 12:01 83,208 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL

2008-03-07 02:28 --------- d-----w C:\WINDOWS\Application Data\TVU networks

2008-03-07 02:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TVU networks

2008-03-07 01:25 --------- d-----w C:\Arquivos de programas\Project64 1.6

2008-03-01 21:32 3,591,680 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll

2008-02-29 09:00 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe

2008-02-29 08:59 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe

2008-02-29 04:45 --------- d-----w C:\WINDOWS\Application Data\GetRightToGo

2008-02-29 00:32 --------- d-----w C:\WINDOWS\Application Data\Nvu

2008-02-29 00:07 --------- d-----w C:\WINDOWS\Application Data\FileZilla

2008-02-29 00:06 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-02-27 14:34 --------- d-----w C:\Arquivos de programas\Green Land Studios

2008-02-27 14:04 716,272 ----a-w C:\WINDOWS\system32\drivers\SPTD.sys

2008-02-26 23:14 936 ----a-w C:\logMX500.dat

2008-02-26 22:40 --------- d-----w C:\Arquivos de programas\LG Link

2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll

2007-03-27 02:19 87,608 ----a-w C:\WINDOWS\Application Data\ezpinst.exe

2007-03-27 02:19 47,360 ----a-w C:\WINDOWS\Application Data\pcouffin.sys

2005-07-05 21:49 925,572 ----a-w C:\Documents and Settings\Carlos\SmSerial.sys

2005-07-05 21:47 81,920 ----a-w C:\Documents and Settings\Carlos\sm56co.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56spn.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56itl.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56eng.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56brz.dll

2005-07-05 21:47 61,440 ----a-w C:\Documents and Settings\Carlos\sm56ger.dll

2005-07-05 21:47 61,440 ----a-w C:\Documents and Settings\Carlos\sm56fra.dll

2005-07-05 21:47 544,768 ----a-w C:\Documents and Settings\Carlos\sm56hlpr.exe

2005-07-05 21:47 53,248 ----a-w C:\Documents and Settings\Carlos\sm56jpn.dll

2005-07-05 21:47 49,152 ----a-w C:\Documents and Settings\Carlos\sm56cht.dll

2005-07-05 21:47 49,152 ----a-w C:\Documents and Settings\Carlos\sm56chs.dll

2005-07-05 21:47 258,048 ----a-w C:\Documents and Settings\Carlos\sm56unst.exe

2005-07-05 05:47 286,975 ----a-w C:\Documents and Settings\Carlos\sm56.reg

.

------- Sigcheck -------

2008-04-09 08:21 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS

2008-04-09 08:21 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\SYSTEM32\dllcache\TCPIP.SYS

2007-10-30 15:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution.old\Download\b9fafcb4f08309cfc9fe52fdea805e5a\sp2gdr\tcpip.sys

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution.old\Download\b9fafcb4f08309cfc9fe52fdea805e5a\sp2qfe\tcpip.sys

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-04-20 08:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]

2007-10-25 14:43 8489984 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"Red Swoosh"="C:\Arquivos de programas\RSSoft\RedSwoosh.exe" [2007-04-20 23:11 62436]

"ISUSPM"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2007-08-30 10:50 205480]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-03-18 12:50 219952]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-23 16:43 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SystemTray"="SysTray.Exe" [2001-10-28 12:07 3072 C:\WINDOWS\SYSTEM32\systray.exe]

"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\SYSTEM32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2007-05-15 10:31 200704 C:\WINDOWS\SYSTEM32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 77824 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"iKeyWorks"="C:\ARQUIV~1\Keyboard\Ikeymain.exe" [2004-08-17 13:49 61440]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"Red Swoosh"="C:\Arquivos de programas\RSSoft\RedSwoosh.exe" [2007-04-20 23:11 62436]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2007-08-28 17:43 73728]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-10-01 22:08 286720]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2007-08-30 10:50 205480]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

"GameXL"="C:\Arquivos de programas\FlashGet\FlashGet.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:45 15360]

C:\WINDOWS\Menu Iniciar\Programas\Iniciar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-01-09 12:34:58 624416]

C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 0 (0x0)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"msacm.ac3acm"= ac3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide-The-IP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\iMesh Applications\\iMesh\\iMesh.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Infogrames\\Grand Prix 4\\GP4.exe"=

"C:\\Arquivos de programas\\Knight Online\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"6432:TCP"= 6432:TCP:neoemule

"6442:UDP"= 6442:UDP:neomule

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 Proteq;Proteq;C:\WINDOWS\system32\drivers\Proteq.sys [1997-11-05 17:24]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 13:24]

R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys [2002-09-26 05:36]

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

S2 Apache2.2;Apache2.2;"C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []

S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2003-01-07 17:28]

S3 mo_abus;Motorola USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\mo_abus.sys [2003-12-11 00:45]

S3 mo_amdfl;Motorola 1xEV-DO Handset Filter;C:\WINDOWS\system32\DRIVERS\mo_amdfl.sys [2003-12-11 00:46]

S3 mo_amdm;Motorola 1xEV-DO Handset Drivers;C:\WINDOWS\system32\DRIVERS\mo_amdm.sys [2003-12-11 00:46]

S3 mo_aserd;Motorola 1xEV-DO Handset Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\mo_aserd.sys [2003-12-11 00:47]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53]

S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys []

S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

S3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []

S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

S3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []

S3 XDva128;XDva128;C:\WINDOWS\system32\XDva128.sys []

S3 XDva131;XDva131;C:\WINDOWS\system32\XDva131.sys []

S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{527041fa-f1d6-11dc-a5a7-000fea28a47d}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82b19ee4-fcc3-11db-a68b-000fea28a47d}]

\Shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c65af4-f902-11dc-a5cf-000fea28a47d}]

\Shell\AutoRun\command - F:\PlayDiskStart.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-06 02:00:02 C:\WINDOWS\Tasks\Aplicativo de ajuste.job"

"2017-09-18 17:15:34 C:\WINDOWS\Tasks\Lembrete de expiração de desinstalação.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2008-04-09 18:30:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC16AD92-3EAB-41F8-AF6A-A91206BC9202}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 08:56:22

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\MySQL]

"ImagePath"="\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

Tempo para conclusão: 2008-04-10 8:57:13

ComboFix-quarantined-files.txt 2008-04-10 11:57:10

Pre-Run: 12,945,358,848 bytes disponíveis

Post-Run: 12,928,614,400 bytes disponíveis

.

2008-04-10 00:51:13 --- E O F ---

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

Clique em Executar, digite "1" e pressione "Enter" quando solicitado para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O ComboFix.txt ta ae e logo abaixo o do HijackThis

ComboFix.txt

______________________

ComboFix 08-04-08.7 - Carlos 2008-04-10 21:23:32.6 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.180 [GMT -3:00]

Executando de: C:\Documents and Settings\Carlos\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Carlos\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))

.

2008-04-09 21:47 . 2008-04-09 21:49 1,355 --a------ C:\WINDOWS\imsins.BAK

2008-04-09 08:21 . 2008-04-09 08:21 360,064 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS.ORIGINAL

2008-04-08 17:48 . 2008-04-08 17:48 <DIR> d-------- C:\WINDOWS\Application Data\HP

2008-04-06 17:03 . 2008-04-06 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

2008-04-06 17:01 . 2008-04-06 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-04-06 17:01 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\SYSTEM32\hpz3l5ha.dll

2008-04-06 16:58 . 2008-04-06 16:58 <DIR> d-------- C:\WINDOWS\Application Data\HPAppData

2008-04-06 16:58 . 2008-04-06 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-04-06 16:55 . 2008-04-06 16:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2008-04-06 16:54 . 2008-04-06 16:54 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-04-06 16:54 . 2007-03-08 16:20 49,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys

2008-04-06 16:54 . 2007-03-08 16:20 21,568 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys

2008-04-06 16:54 . 2007-03-08 16:20 16,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys

2008-04-06 16:53 . 2008-04-06 16:53 <DIR> d-------- C:\Arquivos de programas\HP

2008-04-06 16:53 . 2007-03-17 17:39 958,464 --a------ C:\WINDOWS\SYSTEM32\hpotiop4.dll

2008-04-06 16:53 . 2007-03-17 17:39 675,840 --a------ C:\WINDOWS\SYSTEM32\hpowiax4.dll

2008-04-06 16:53 . 2007-03-08 16:20 364,544 --a------ C:\WINDOWS\SYSTEM32\hppldcoi.dll

2008-04-06 16:53 . 2007-03-17 17:39 303,104 --a------ C:\WINDOWS\SYSTEM32\hpovst11.dll

2008-04-06 16:53 . 2007-03-31 02:29 267,864 --a------ C:\WINDOWS\SYSTEM32\hpzids01.dll

2008-04-06 16:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys

2008-04-06 16:53 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbprint.sys

2008-04-06 08:38 . 2008-04-06 10:26 150,092 --------- C:\WINDOWS\hpoins15.dat.temp

2008-04-06 08:38 . 2007-09-20 17:06 1,039 --------- C:\WINDOWS\hpomdl15.dat.temp

2008-04-06 08:20 . 2008-04-06 17:03 150,657 --a------ C:\WINDOWS\hpoins15.dat

2008-04-06 08:20 . 2007-09-21 10:35 1,039 --------- C:\WINDOWS\hpomdl15.dat

2008-04-05 14:24 . 2008-04-05 14:24 <DIR> d-------- C:\WINDOWS\SYSTEM32\Temp

2008-04-05 14:24 . 2008-04-05 14:24 376,832 --a------ C:\WINDOWS\SYSTEM32\MPIWIN32.DLL

2008-04-05 14:24 . 2008-04-05 14:24 45,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CBUSB.SYS

2008-04-05 14:24 . 2008-04-05 14:24 43,520 --a------ C:\WINDOWS\SYSTEM32\CBNDLL.DLL

2008-04-05 08:51 . 2008-04-05 08:44 691,545 --a------ C:\WINDOWS\unins000.exe

2008-04-05 06:26 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys

2008-04-05 06:26 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys

2008-04-02 10:20 . 2008-04-02 10:20 <DIR> d--hs---- C:\FOUND.053

2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\Arquivos de programas\Gogglebox TV

2008-03-28 23:28 . 2008-03-28 23:28 <DIR> d-------- C:\Arquivos de programas\Infogrames

2008-03-27 16:53 . 2008-03-27 16:53 <DIR> d-------- C:\Arquivos de programas\Orkut Lite

2008-03-25 21:47 . 2008-03-25 21:47 <DIR> d--hs---- C:\FOUND.052

2008-03-24 14:59 . 2008-03-24 15:35 107,888 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll

2008-03-24 14:38 . 2008-03-24 14:38 <DIR> d-------- C:\Arquivos de programas\KONAMI

2008-03-24 13:05 . 2003-07-20 15:17 5,174 --a------ C:\WINDOWS\SYSTEM32\nppt9x.vxd

2008-03-24 13:05 . 2005-01-04 06:43 4,682 --a------ C:\WINDOWS\SYSTEM32\npptNT2.sys

2008-03-23 15:00 . 2008-03-23 15:00 <DIR> d-------- C:\Arquivos de programas\Aspyr

2008-03-23 14:57 . 2008-03-23 14:57 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools Lite

2008-03-22 07:30 . 2008-03-22 07:30 <DIR> d--hs---- C:\FOUND.051

2008-03-18 12:50 . 2008-03-18 12:50 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-03-18 06:18 . 2008-03-18 06:18 <DIR> d--hs---- C:\FOUND.050

2008-03-16 09:10 . 2008-03-16 09:10 <DIR> d--hs---- C:\FOUND.049

2008-03-15 23:17 . 2008-03-15 23:17 <DIR> d--hs---- C:\FOUND.048

2008-03-15 19:43 . 2008-03-15 19:43 <DIR> d--hs---- C:\FOUND.047

2008-03-14 12:52 . 2008-03-14 12:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-03-12 08:23 . 2008-03-12 08:23 <DIR> d-------- C:\Arquivos de programas\Apache Software Foundation

2008-03-11 08:10 . 2008-03-11 08:10 <DIR> d-------- C:\WINDOWS\Application Data\InstallShield

2008-03-11 08:09 . 2008-03-11 08:09 <DIR> d-------- C:\WINDOWS\Application Data\DAEMON Tools

2008-03-11 08:09 . 2008-03-11 08:09 <DIR> d-------- C:\Arquivos de programas\LG Electronics

2008-03-11 08:09 . 2008-03-11 08:09 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2017-09-18 17:32 --------- d-----w C:\WINDOWS\Application Data\Symantec

2017-09-18 17:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

2017-09-18 17:32 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2017-09-18 17:26 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2017-09-18 17:25 --------- d-----w C:\Arquivos de programas\VIA

2017-09-18 17:25 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2017-09-18 17:08 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2017-09-18 17:06 --------- d-----w C:\Arquivos de programas\Serviços on-line

2017-09-18 02:30 33,792 --sh--w C:\VIDEOROM.BIN

2017-09-18 02:29 --------- d-----w C:\Arquivos de programas\DirectX

2017-09-18 02:28 266 --sh--w C:\Arquivos de programas\desktop.ini

2017-09-18 02:28 11,280 ---h--w C:\Arquivos de programas\folder.htt

2017-09-18 02:22 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SERVIÇOS

2017-09-18 02:19 --------- d-----w C:\Arquivos de programas\PLUS!

2017-09-18 02:19 --------- d-----w C:\Arquivos de programas\CHAT

2017-09-18 02:19 --------- d-----r C:\Arquivos de programas\Acessórios

2008-04-09 11:21 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS

2008-04-09 11:21 360,064 ----a-w C:\WINDOWS\SYSTEM32\dllcache\TCPIP.SYS

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\SYSTEM32\AvastSS.scr

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\SYSTEM32\dllcache\win32k.sys

2008-03-11 02:16 --------- d-sh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-03-11 02:15 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-03-08 12:01 83,208 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL

2008-03-07 02:28 --------- d-----w C:\WINDOWS\Application Data\TVU networks

2008-03-07 02:28 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TVU networks

2008-03-07 01:25 --------- d-----w C:\Arquivos de programas\Project64 1.6

2008-03-01 21:32 3,591,680 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll

2008-02-29 09:00 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe

2008-02-29 08:59 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe

2008-02-29 04:45 --------- d-----w C:\WINDOWS\Application Data\GetRightToGo

2008-02-29 00:32 --------- d-----w C:\WINDOWS\Application Data\Nvu

2008-02-29 00:07 --------- d-----w C:\WINDOWS\Application Data\FileZilla

2008-02-29 00:06 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-02-27 14:34 --------- d-----w C:\Arquivos de programas\Green Land Studios

2008-02-27 14:04 716,272 ----a-w C:\WINDOWS\system32\drivers\SPTD.sys

2008-02-26 23:14 936 ----a-w C:\logMX500.dat

2008-02-26 22:40 --------- d-----w C:\Arquivos de programas\LG Link

2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll

2008-02-20 05:38 45,568 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ------w C:\WINDOWS\SYSTEM32\dllcache\dnsapi.dll

2008-02-15 05:44 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll

2007-03-27 02:19 87,608 ----a-w C:\WINDOWS\Application Data\ezpinst.exe

2007-03-27 02:19 47,360 ----a-w C:\WINDOWS\Application Data\pcouffin.sys

2005-07-05 21:49 925,572 ----a-w C:\Documents and Settings\Carlos\SmSerial.sys

2005-07-05 21:47 81,920 ----a-w C:\Documents and Settings\Carlos\sm56co.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56spn.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56itl.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56eng.dll

2005-07-05 21:47 69,632 ----a-w C:\Documents and Settings\Carlos\sm56brz.dll

2005-07-05 21:47 61,440 ----a-w C:\Documents and Settings\Carlos\sm56ger.dll

2005-07-05 21:47 61,440 ----a-w C:\Documents and Settings\Carlos\sm56fra.dll

2005-07-05 21:47 544,768 ----a-w C:\Documents and Settings\Carlos\sm56hlpr.exe

2005-07-05 21:47 53,248 ----a-w C:\Documents and Settings\Carlos\sm56jpn.dll

2005-07-05 21:47 49,152 ----a-w C:\Documents and Settings\Carlos\sm56cht.dll

2005-07-05 21:47 49,152 ----a-w C:\Documents and Settings\Carlos\sm56chs.dll

2005-07-05 21:47 258,048 ----a-w C:\Documents and Settings\Carlos\sm56unst.exe

2005-07-05 05:47 286,975 ----a-w C:\Documents and Settings\Carlos\sm56.reg

.

------- Sigcheck -------

2008-04-09 08:21 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS

2008-04-09 08:21 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\SYSTEM32\dllcache\TCPIP.SYS

2007-10-30 15:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution.old\Download\b9fafcb4f08309cfc9fe52fdea805e5a\sp2gdr\tcpip.sys

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution.old\Download\b9fafcb4f08309cfc9fe52fdea805e5a\sp2qfe\tcpip.sys

2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 14:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2006-04-20 08:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-04-10_ 8.56.45.59 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-10 11:45:58 3,346 ----a-w C:\WINDOWS\Application Data\HPAppData\ClipData.dat

+ 2008-04-11 00:21:42 3,346 ----a-w C:\WINDOWS\Application Data\HPAppData\ClipData.dat

+ 2008-04-10 17:42:46 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_4bc.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]

2007-10-25 14:43 8489984 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:45 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]

"Red Swoosh"="C:\Arquivos de programas\RSSoft\RedSwoosh.exe" [2007-04-20 23:11 62436]

"ISUSPM"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2007-08-30 10:50 205480]

"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2008-03-18 12:50 219952]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-02-13 20:09 486856]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-23 16:43 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SystemTray"="SysTray.Exe" [2001-10-28 12:07 3072 C:\WINDOWS\SYSTEM32\systray.exe]

"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\SYSTEM32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2007-05-15 10:31 200704 C:\WINDOWS\SYSTEM32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-05-17 07:48 77824 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"iKeyWorks"="C:\ARQUIV~1\Keyboard\Ikeymain.exe" [2004-08-17 13:49 61440]

"UnlockerAssistant"="C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]

"Red Swoosh"="C:\Arquivos de programas\RSSoft\RedSwoosh.exe" [2007-04-20 23:11 62436]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2007-08-28 17:43 73728]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-10-01 22:08 286720]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]

"ISUSPM Startup"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2007-08-30 10:50 205480]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]

"GameXL"="C:\Arquivos de programas\FlashGet\FlashGet.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:45 15360]

C:\WINDOWS\Menu Iniciar\Programas\Iniciar\

Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe [2008-01-09 12:34:58 624416]

C:\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

Monitor Apache Servers.lnk - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-01-18 00:38:50 41041]

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoChangeAnimation"= 0 (0x0)

"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStrCmpLogical"= 0 (0x0)

"MemCheckBoxInRunDlg"= 0 (0x0)

"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Arquivos de programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"msacm.ac3acm"= ac3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide-The-IP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Motorola\\RSD Lite\\SDL.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Arquivos de programas\\iMesh Applications\\iMesh\\iMesh.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Infogrames\\Grand Prix 4\\GP4.exe"=

"C:\\Arquivos de programas\\Knight Online\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"6432:TCP"= 6432:TCP:neoemule

"6442:UDP"= 6442:UDP:neomule

R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-03-26 15:26]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-03-26 15:26]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

R2 Proteq;Proteq;C:\WINDOWS\system32\drivers\Proteq.sys [1997-11-05 17:24]

R3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;C:\WINDOWS\system32\drivers\psxpad.sys [2002-05-15 13:24]

R3 PsxPortEnumerator;Psx Port Enumerator;C:\WINDOWS\system32\Drivers\psxenum.sys [2002-09-26 05:36]

S2 Apache2.2;Apache2.2;"C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []

S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2003-01-07 17:28]

S3 mo_abus;Motorola USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\mo_abus.sys [2003-12-11 00:45]

S3 mo_amdfl;Motorola 1xEV-DO Handset Filter;C:\WINDOWS\system32\DRIVERS\mo_amdfl.sys [2003-12-11 00:46]

S3 mo_amdm;Motorola 1xEV-DO Handset Drivers;C:\WINDOWS\system32\DRIVERS\mo_amdm.sys [2003-12-11 00:46]

S3 mo_aserd;Motorola 1xEV-DO Handset Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\mo_aserd.sys [2003-12-11 00:47]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

S3 usb2vcom;USB to Serial Bridge Controller;C:\WINDOWS\system32\Drivers\usb2vcom.sys [2006-07-16 22:53]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys []

S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

S3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []

S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

S3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []

S3 XDva128;XDva128;C:\WINDOWS\system32\XDva128.sys []

S3 XDva131;XDva131;C:\WINDOWS\system32\XDva131.sys []

S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{527041fa-f1d6-11dc-a5a7-000fea28a47d}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82b19ee4-fcc3-11db-a68b-000fea28a47d}]

\Shell\readit\command - notepad readme.doc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c65af4-f902-11dc-a5cf-000fea28a47d}]

\Shell\AutoRun\command - F:\PlayDiskStart.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-06 02:00:02 C:\WINDOWS\Tasks\Aplicativo de ajuste.job"

"2017-09-18 17:15:34 C:\WINDOWS\Tasks\Lembrete de expiração de desinstalação.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

"2008-04-10 19:40:24 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC16AD92-3EAB-41F8-AF6A-A91206BC9202}.job"

- C:\WINDOWS\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 21:26:40

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\MySQL]

"ImagePath"="\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Arquivos de programas\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\Unlocker\UnlockerHook.dll

.

Tempo para conclusão: 2008-04-10 21:27:34

ComboFix-quarantined-files.txt 2008-04-11 00:27:30

Pre-Run: 13,482,885,120 bytes disponíveis

Post-Run: 13,462,503,424 bytes disponíveis

.

2008-04-10 00:51:13 --- E O F ---

HijackThis (LOG)

_______________________

Logfile of HijackThis v1.99.1

Scan saved at 21:33:23, on 10/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\ARQUIV~1\Keyboard\Ikeymain.exe

C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

C:\Arquivos de programas\RSSoft\RedSwoosh.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Carlos\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iKeyWorks] C:\ARQUIV~1\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GameXL] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Red Swoosh] C:\Arquivos de programas\RSSoft\RedSwoosh.exe /S

O4 - HKCU\..\Run: [iSUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download by NetAnts - C:\ARQUIV~1\NETANTS\NAGet.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download &All by NetAnts - C:\ARQUIV~1\NETANTS\NAGetAll.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\ARQUIV~1\NETANTS\NetAnts.exe (file missing)

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\ARQUIV~1\NETANTS\NetAnts.exe (file missing)

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe (file missing)

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - (no file)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www2.driveragent.com/files/driveragent.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WB - C:\Arquivos de programas\AlienGUIse\fastload.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Unknown owner - C:\Arquivos de programas\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

___________________________________

Ta ae

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- No mais, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Apague a pasta backups que está em C:\Documents and Settings\Carlos\Desktop\HijackThis;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×