Ir ao conteúdo
  • Cadastre-se
ruaro

Malwarebyte acusa ter Rootkit.Agent! O que eu faço?

Recommended Posts

Quem puder meu log

Logfile of HijackThis v1.99.1

Scan saved at 10:55:33, on 7/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\brma\client\BRMAClient.exe

C:\Arquivos de programas\Lectra\VigiPrint\bin\tralight.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 5\firefox.exe

C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administrador\Meus documentos\Nova pasta\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181762403796

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LEctr.com.br

O17 - HKLM\Software\..\Telephony: DomainName = Lect.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: Domain = Lect.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lect.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Lect.com.br

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: LicenseServ - Unknown owner - C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui esta o log mais recente!

Logfile of HijackThis v1.99.1

Scan saved at 10:40:28, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCCL.EXE

C:\Documents and Settings\Administrador\Meus documentos\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181762403796

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lectra.com.br

O17 - HKLM\Software\..\Telephony: DomainName = lectra.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: Domain = lectra.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lectra.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lectra.com.br

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: LicenseServ - Unknown owner - C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Qaundo terminar, o DDS.txt irá abrir.
  • Salve os resultados e cole-os na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Version 1.0) - NTFSx86

Run by Administrador at 11:54:51,68 on sex 14/11/2008

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: UIHost=c:\windows\system32\logonui.exe

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot - search & destroy\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [LogMeIn GUI] "c:\arquivos de programas\logmein\x86\LogMeInSystray.exe"

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe" -startup

dRun: [EPSON Stylus C110 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticcl.exe /fu "c:\windows\temp\E_S337.tmp" /EF "HKCU"

mPolicies-explorer: NoResolveSearch = 1 (0x1)

mPolicies-system: DisableCAD = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

TCP: {E40E661F-BD79-4318-B755-35E880364FD0} = 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Notify: LMIinit - LMIinit.dll

AppInit_DLLs: avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399F83} -

============= SERVICES / DRIVERS ===============

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2008-11-11 14:30 539,136 ac------ c:\windows\system32\dllcache\spider.exe

2008-11-11 14:30 539,136 a------- c:\windows\system32\spider.exe

2008-11-07 09:46 54,624 a------- c:\windows\system32\fe0117.sys

2008-11-07 09:38 2,335,270 a------- c:\windows\system32\1eb10C.mht

2008-11-04 16:12 <DIR> --d----- c:\documents and settings\administrador\advfn

2008-11-04 11:23 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-04 11:23 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-04 08:26 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2008-11-04 08:26 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-11-04 08:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-04 08:26 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-11-04 08:26 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-10-24 15:57 262,144 a------- c:\windows\system32\ControlesUteis.ocx

2008-10-24 15:49 81,920 a------- c:\windows\system32\msado25.tlb

==================== Find3M ====================

2008-11-14 11:53 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Lectra

2008-11-14 10:41 <DIR> --d----- c:\arquivos de programas\Mozilla Firefox 3 Beta 5

2008-11-14 08:14 <DIR> --d----- c:\arquivos de programas\LogMeIn

2008-11-11 14:30 472,040 a------- c:\windows\system32\perfh016.dat

2008-11-11 14:30 79,604 a------- c:\windows\system32\perfc016.dat

2008-10-29 11:42 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Vso

2008-10-28 17:45 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll

2008-10-28 17:45 28,984 a------- c:\windows\system32\LMIport.dll

2008-10-28 17:45 23,736 a------- c:\windows\system32\lmimirr.dll

2008-10-28 17:45 10,040 a------- c:\windows\system32\lmimirr2.dll

2008-10-28 17:45 87,352 a------- c:\windows\system32\LMIinit.dll

2008-10-28 16:39 <DIR> --d----- c:\arquivos de programas\cdex

2008-10-24 16:02 <DIR> --d----- c:\arquivos de programas\arquivos comuns\InstallShield

2008-10-21 08:45 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\SolidDocuments

2008-10-14 08:55 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Nokia

2008-10-14 08:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nokia

2008-10-14 08:49 <DIR> --d----- c:\arquivos de programas\Nokia

2008-10-14 08:48 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Nokia

2008-10-14 08:47 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Installations

2008-10-13 14:31 <DIR> --d----- c:\arquivos de programas\K-Lite Codec Pack

2008-10-09 14:24 <DIR> --d----- c:\arquivos de programas\SystemRequirementsLab

2008-10-08 14:33 <DIR> --d----- c:\arquivos de programas\ASGvis

2008-10-06 17:42 <DIR> --d----- c:\arquivos de programas\Picasa2

2008-10-03 10:34 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-10-02 13:33 <DIR> --d----- c:\arquivos de programas\R-Studio

2008-09-26 09:59 59,004 a---h--- c:\windows\system32\mlfcache.dat

2008-09-22 16:19 41,984 a------- c:\windows\system32\gbpservice.exe

2008-08-28 10:01 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\PC Suite

2008-08-22 15:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\EPSON

2008-08-12 17:44 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\IObit

2008-08-06 08:15 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-08-05 17:44 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Thinstall

2008-07-17 16:26 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\GlarySoft

2008-07-10 14:31 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Nero

2008-07-08 11:41 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\iolo

2008-06-27 10:58 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\iolo

2008-06-27 08:56 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\LogMeIn

2008-05-27 15:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-04-30 13:57 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\uTorrent

2008-03-10 17:00 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PC Suite

2007-12-18 15:03 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\vlc

2007-10-23 10:26 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Morpheus Software

2007-10-11 08:40 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Aston

2007-10-10 17:56 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\AveDesk

2007-10-10 10:53 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SolidDocuments

2007-08-14 15:18 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Babylon

2007-08-14 15:18 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Babylon

2007-08-01 15:01 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Ahead

2007-06-18 08:33 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Lectra

============= FINISH: 11:55:27,92 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Vá até 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:

    • c:\windows\system32\fe0117.sys

[*] Clique no botão 688godt.jpg

[*] O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.

[*] Repita e submeta a análise, também estes arquivos:

  • c:\windows\system32\1eb10C.mht
Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esta ai.. Obrigado..

Logfile of HijackThis v1.99.1

Scan saved at 14:05:51, on 14/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCCL.EXE

C:\brma\client\BRMAClient.exe

C:\Arquivos de programas\Mozilla Firefox 3 Beta 5\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Meus documentos\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181762403796

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lectra.com.br

O17 - HKLM\Software\..\Telephony: DomainName = lectra.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: Domain = lectra.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lectra.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lectra.com.br

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: LicenseServ - Unknown owner - C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

------------------------------------------------------------

Service load:

0% 100%

File: fe0117.sys

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5: 43b0076b3ab8996b84d2cc8f990b582f

Packers detected: -

Scan taken on 14 Nov 2008 15:58:32 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

____________________________________________

Service load:

0% 100%

File: 1eb10C.mht

Status: OK

MD5: 00e7d2d63341b809bbbc01006e78e059

Packers detected: -

Scan taken on 14 Nov 2008 16:02:35 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Compartilhar este post


Link para o post
Compartilhar em outros sites

Continue com muitas duvidas nesses arquivos. Vou precisar analisá-los.

Para fazer isso, zip os arquivos e não se esqueça de colocar password (clique aqui e veja como fazer) e os envie para este meu mail.

Arquivos a enviar:

  • c:\windows\system32\fe0117.sys
    c:\windows\system32\1eb10C.mht

Mal o analise, eu voltarei a postar aqui neste topico, por favor aguarde.

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites
Continue com muitas duvidas nesses arquivos. Vou precisar analisá-los.

Para fazer isso, zip os arquivos e não se esqueça de colocar password (clique aqui e veja como fazer) e os envie para este meu mail.

Arquivos a enviar:

  • c:\windows\system32\fe0117.sys
    c:\windows\system32\1eb10C.mht

Mal o analise, eu voltarei a postar aqui neste topico, por favor aguarde.

Obrigado

Lusitano ja te enviei!

Deixa eu te perguntar uma coisa minha placa de rede esta transferindo muitos arquivos em segundo mesmo sem usar a rede será que tem algo a ver?

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ambos os arquivos são da McAfee.

Faça o download do Gmer e salve no seu desktop (Área de Trabalho).

  • Extraia/tire do zip o arquivo para uma pasta própria.
  • Feito isso, desligue o PC da Internet e feche todos os programas.
    Existe uma pequenissíma hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.
  • Duplo-clique em Gmer.exe.
  • Permita que o driver gmer.sys seja rodado, se lhe for perguntado.
  • Se receber o aviso acerca de actividade de rootkit e para fazer um scan...clique em NO.
  • Clique em "Settings", e marque as 5 (cinco) primeiras:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • Será questionado para reiniciar o PC. Reinicie.

Rode novamente o Gmer e clique em Rootkit.

  • No lado direito (debaixo de file, desmarque todos os drives excepto o seu disco (usualmente o C).
  • Certifique-se que todas as outras caixas, no lado direito do ecran estão marcadas, EXCEPTO para "Show All".
  • Clique em "Scan" e aguarde que o scan seja efectuado.
    Nota: Antes do scan, certifique-se que todos os outros programas estão fechados. Também não use o computador durente o scan.
  • Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha "Novo" e depois -> Documento de Texto. Quando o arquivo tiver sido criado, abra e novamente botão direito e Cole ou Ctrl+V. Salve o arquivo como gmer.txt e poste o conteúdo na sua próxima resposta.
  • Nota: Se tiver problemas, tente rodar o GMER em Modo Seguro

Importante! Por favor não marque a caixa "Show all" durante o scan.

depois,

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esta aqui Amigo

valeu

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-14 16:37:19

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF74650D0]

SSDT sptd.sys ZwEnumerateKey [0xF746AFB2]

SSDT sptd.sys ZwEnumerateValueKey [0xF746B340]

SSDT sptd.sys ZwOpenKey [0xF74650B0]

SSDT sptd.sys ZwQueryKey [0xF746B418]

SSDT sptd.sys ZwQueryValueKey [0xF746B298]

SSDT sptd.sys ZwSetValueKey [0xF746B4AA]

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F06C516D

INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F06C4FC2

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

.text USBPORT.SYS!DllUnload F675B62C 5 Bytes JMP 8559A3F0

? System32\Drivers\as0tclzq.SYS O sistema não pode encontrar o arquivo especificado. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F747C06C] sptd.sys

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F747C018] sptd.sys

IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F749E9AE] sptd.sys

IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F747C06C] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7465AD4] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7465C1A] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7465B9C] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7466748] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F746661E] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F747B29A] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 857D01E8

Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip6 \Device\Ip6 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 855995D0

----------------------------------------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrador at 2008-11-14 16:38:29

Microsoft Windows XP Professional Service Pack 2

System drive C: has 30 GB (59%) free of 50 GB

Total RAM: 959 MB (56% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2008-08-29 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"=C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe [2007-08-03 63048]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2008-10-01 1234712]

"ISUSPM Startup"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2006-08-01 16049664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2008-10-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a66f9be-f1ba-11dc-9f91-001a92cbc735}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86283a45-92bc-11dc-9f0f-001a92cbc735}]

shell\Auto\command - tel.xls.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6be28d7-411e-11dd-a006-001a92cbc735}]

shell\Auto\command - G:\tel.xls.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tel.xls.exe

======File associations======

.js - open - NOTEPAD.EXE %1

.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-11-14 16:38:29 ----D---- C:\rsit

2008-11-14 16:38:29 ----D---- C:\Arquivos de programas\trend micro

2008-11-14 16:20:06 ----A---- C:\WINDOWS\gmer.ini

2008-11-14 16:20:04 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-14 16:20:04 ----A---- C:\WINDOWS\gmer.exe

2008-11-14 16:20:04 ----A---- C:\WINDOWS\gmer.dll

2008-11-11 14:30:16 ----A---- C:\WINDOWS\system32\spider.exe

2008-11-04 11:23:07 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-04 11:23:07 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2008-11-04 11:12:43 ----A---- C:\WINDOWS\buwssve.txt

2008-11-04 08:26:26 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2008-11-04 08:26:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-11-04 08:26:19 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-10-21 15:02:32 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2008-11-14 16:38:29 ----RD---- C:\Arquivos de programas

2008-11-14 16:38:16 ----D---- C:\WINDOWS\Temp

2008-11-14 16:23:02 ----D---- C:\WINDOWS\system32\Lectradmin

2008-11-14 16:22:53 ----D---- C:\WINDOWS

2008-11-14 16:22:23 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-14 16:20:05 ----D---- C:\WINDOWS\Prefetch

2008-11-14 16:20:04 ----D---- C:\WINDOWS\system32\drivers

2008-11-14 16:19:16 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-14 15:58:01 ----D---- C:\Arquivos de programas\Mozilla Firefox 3 Beta 5

2008-11-14 15:54:24 ----D---- C:\WINDOWS\system32

2008-11-14 15:16:18 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Lectra

2008-11-14 08:14:13 ----D---- C:\Arquivos de programas\LogMeIn

2008-11-13 17:20:31 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-11 14:30:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-11 14:30:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-11 14:30:19 ----D---- C:\WINDOWS\security

2008-11-11 14:30:19 ----D---- C:\WINDOWS\Help

2008-10-29 11:42:47 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso

2008-10-28 17:45:30 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll

2008-10-28 17:45:28 ----A---- C:\WINDOWS\system32\LMIport.dll

2008-10-28 17:45:28 ----A---- C:\WINDOWS\system32\lmimirr2.dll

2008-10-28 17:45:28 ----A---- C:\WINDOWS\system32\lmimirr.dll

2008-10-28 17:45:27 ----A---- C:\WINDOWS\system32\LMIinit.dll

2008-10-28 16:39:17 ----D---- C:\Arquivos de programas\cdex

2008-10-24 16:02:54 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-10-24 16:02:52 ----HD---- C:\WINDOWS\inf

2008-10-24 15:47:43 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-10-21 15:05:30 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-10-21 15:02:53 ----SHD---- C:\WINDOWS\Installer

2008-10-21 15:01:48 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-10-21 08:45:42 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\SolidDocuments

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]

R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-14 85969]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2006-08-16 225664]

R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]

R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2004-05-14 76288]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-01 4356608]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-04 47360]

R3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-15 43264]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-10 244352]

S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []

S3 as0tclzq;as0tclzq; C:\WINDOWS\system32\drivers\as0tclzq.sys []

S3 fe0117;fe0117; \??\C:\WINDOWS\system32\fe0117.sys []

S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-18 42496]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]

S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgUsbDiag.sys []

S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Serviço auxiliar IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 avg8emc;AVG8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]

R2 avg8wd;AVG8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]

R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400]

R2 FontServer;Lectra Font Service; C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe [2002-07-04 456704]

R2 LicenseServ;LicenseServ; C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe [2000-07-13 365568]

R2 LpDaemon;Lectra Print Service; C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe [2002-07-04 227840]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 VPDaemon;Lectra VigiPrint Service; C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe [2003-06-16 86016]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S2 gbpdist;gbpdist; C:\WINDOWS\system32\gbpservice.exe [2008-09-22 41984]

S2 GbpSv;Gbp Service; C:\Arquivos de programas\GbPlugin\GbpSv.exe []

S2 LMIMaint;LogMeIn Maintenance Service; C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe [2008-10-28 116032]

S2 LogMeIn;LogMeIn; C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe [2007-08-03 63040]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-10 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 gusvc;Google Updater Service; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 LEC TranslateDotNet Server;LEC TranslateDotNet Server; C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe [2005-09-12 983040]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2006-02-28 229376]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-14 16:38:32

======Uninstall list======

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Arquivos de programas\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Arquivos de programas\Arquivos comuns\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 7.1.0 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A71000000002}

Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Advanced WindowsCare Personal-->"C:\Arquivos de programas\IObit\Advanced WindowsCare V2\unins000.exe"

Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Atualização para Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualização para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Atualização para Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualização para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Atualização para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Atualização para Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"

Atualização para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Atualização para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Atualização para Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Atualização para Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"

Atualização para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Atualização para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Atualização para Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Atualização para Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Atualização para Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Atualização para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

AVG Free 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

BR-->MsiExec.exe /I{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}

BRMAClient-->MsiExec.exe /I{7D0069B9-5B16-4D13-91CC-61B9FA7731C6}

ConvertXtoDVD 3.1.0.18-->"C:\Arquivos de programas\VSO\ConvertX\3\unins000.exe"

CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}

Diamino 4.2c3-->C:\WINDOWS\uninst.exe -f"C:\Arquivos de programas\Lectra Systemes\Diamino 4.2c3\DeIsL1.isu" -c"C:\Arquivos de programas\Lectra Systemes\Diamino 4.2c3\_ISREG32.DLL"

DivX Content Uploader-->C:\Arquivos de programas\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Web Player-->C:\Arquivos de programas\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DVD Shrink 3.2-->"C:\Arquivos de programas\DVD Shrink\unins000.exe"

EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}

EVEREST Ultimate Edition v4.00-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"

FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}

Fotosizer 1.16-->C:\Arquivos de programas\Fotosizer\uninst.exe

Ghostscript 5.11-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Lectra Systemes\Ghostscript 5.11\Uninst.isu"

Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}

Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

Google SketchUp 6 Exporters-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly

Google SketchUp 6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly

Google SketchUp LayOut 6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly

Google SketchUp Pro 6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 1.99.1-->C:\Documents and Settings\Administrador\Meus documentos\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Imanager 5.2C5-->C:\WINDOWS\uninst.exe -f"C:\Arquivos de programas\Lectra Systemes\Imanager 5.2\DeIsL1.isu" -c"C:\Arquivos de programas\Lectra Systemes\Imanager 5.2\_ISREG32.DLL" -c"C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\srvman.dll"

Interoperability1.2c2-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{BBDCE5CE-018A-46D0-95D9-A0BC04F5906F}\setup.exe" -l0x9

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

K-Lite Codec Pack 3.9.0 Full-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

Language Engineering Power Translator-->MsiExec.exe /I{4DBC9CA8-D0E3-40E1-8E7A-AB1F5740F90C}

Lectradmin 1.5-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Lectra\Lectradmin\Uninst.isu"

LogMeIn-->MsiExec.exe /I{3FEC3A5B-60FF-4626-B425-08E09B121A15}

LogMeIn-->MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack-->MsiExec.exe /X{F407D6FB-D3AD-44CC-B77B-5B3F0FF1F22C}

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

ModarisV5R1-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{7B33836A-D5E6-4750-BD44-4280B93C52E3}\setup.exe" -l0x9

Mozilla Firefox (3.0.4)-->C:\Arquivos de programas\Mozilla Firefox 3 Beta 5\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Nero 8-->MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1046}

Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}

Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}

Nokia PC Suite-->C:\Documents and Settings\All Users\Dados de aplicativos\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_por_br_web.exe

Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}

Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}

Pacote de Driver do Windows - Nokia Modem (05/22/2008 3.8)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf

Pacote de Driver do Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\ARQUIV~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack\setup.exe

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

perl5.001-->C:\WINDOWS\uninst.exe -f"C:\Arquivos de programas\lectra systemes\perl5.001\DeIsL1.isu" -c"C:\Arquivos de programas\lectra systemes\perl5.001\_ISREG32.DLL"

Picasa 2-->"C:\Arquivos de programas\Picasa2\Uninstall.exe"

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

R-Studio 4.5-->C:\Arquivos de programas\R-Studio\Uninstall.exe

Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Sentinel System Driver 5.42.1 (32-bit)-->MsiExec.exe /I{F02598C2-2A5F-4593-8F09-439F3317B2C8}

Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Software para Impressoras EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

System Requirements Lab-->C:\Arquivos de programas\SystemRequirementsLab\Uninstall.exe

Tcl 8.0 for Windows-->C:\ARQUIV~1\Tcl\UNWISE.EXE C:\ARQUIV~1\Tcl\INSTALL.LOG

Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}

VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}

VIA Platform Device Manager-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

VideoLAN VLC media player 1.0-->C:\Arquivos de programas\VideoLAN\VLC\uninstall.exe

VigiPrint V2.4C4-->C:\WINDOWS\uninst.exe -f"C:\Arquivos de programas\Lectra\VigiPrint\DeIsL1.isu" -c"C:\Arquivos de programas\Lectra\VigiPrint\_ISREG32.DLL" -c"C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpserv.dll"

V-Ray for SketchUp 6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{8D7BD6EE-C597-4375-B07F-A91FC78991C7}\setup.exe" -l0x9 -removeonly

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Presentation Foundation Language Pack (PTB)-->MsiExec.exe /X{93676FC6-C7DB-45A6-A62B-74A324F17313}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation BR Language Pack-->MsiExec.exe /I{6A288CAE-32D0-4CA7-8166-210D380A8045}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

192.168.2.34 Cuba

192.168.2.75 Austria

192.168.2.99 Sudão

192.168.2.100 Senegal

192.168.2.132 Togo

192.168.2.247 Madagascar

192.168.2.248 Lituania

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\Lectra\Ghostscript 5.11;C:\Arquivos de programas\Lectra Systemes\Ghostscript 5.11;C:\Arquivos de programas\Java\jre1.6.0_01\bin;C:\WINDOWS\system32\Lectradll

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=0605

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"GS_LIB"=C:\Arquivos de programas\Lectra Systemes\Ghostscript 5.11;C:\Arquivos de programas\Lectra Systemes\Ghostscript 5.11\fonts

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Baixe o ATF-Cleaner.

  • Clique em ATF-Cleaner.exe .
  • Em "Select Files To Delete", marque Select All.
  • Clique em Empty Selected.
  • Na janela Done Cleaning dê o OK e Exit.

Atenção: Se utiliza o Firefox:

  • No topo clique em Firefox e escolha: Select All
  • Depois, clique em Empty Selected.

Atenção: Se utiliza o Opera:

  • No topo clique em Opera e escolha: Select All
  • Depois, clique em Empty Selected.

Temporariamente desactive o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Clique Clipboard014.jpg

    [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

    [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

    [*]No final do Scan, clique no botão Save as Text

    [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

    [*]Gere e cole também um novo log do HijackThis.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Lusitano!! tudo bom? então passei o KASPERSKY e nao achou nd!

aqui esta o log do hijackthis..

Obrigado Lusitano!!

Logfile of HijackThis v1.99.1

Scan saved at 13:31:09, on 17/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCCL.EXE

C:\Documents and Settings\Administrador\Meus documentos\TEstes\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - (no file)

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181762403796

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lectra.com.br

O17 - HKLM\Software\..\Telephony: DomainName = lectra.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: Domain = lectra.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{E40E661F-BD79-4318-B755-35E880364FD0}: NameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lectra.com.br

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lectra.com.br

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\fontserver.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Arquivos de programas\Power Translator\LogoMedia TranslateDotNet Server.exe

O23 - Service: LicenseServ - Unknown owner - C:\Arquivos de programas\Lectra\Lectradmin\Licenses\bin\wlserv1_3.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\ARQUIV~1\LECTRA~1\IMANAG~1.2\bin\lpdaemon.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\ARQUIV~1\Lectra\VIGIPR~1\bin\vpdaemon.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Desative e ative novamente a Restauração do Sistema
  • Utilize um navegador alternativo e mais seguro: firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Lusitano..

Quero te agradecer por esse trabalho todo.. valeu mesmo!!

Muito Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×