Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
gabriel_ufv

Log - Problema Autorun.inf

Recommended Posts

Segue abaixo os dois logs requeridos no tópico "Como postar":

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-27 08:48:26

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT splt.sys ZwCreateKey [0xBA6A80E0]

SSDT BAFC0E14 ZwCreateThread

SSDT splt.sys ZwEnumerateKey [0xBA6C6CA2]

SSDT splt.sys ZwEnumerateValueKey [0xBA6C7030]

SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBA496020]

SSDT splt.sys ZwOpenKey [0xBA6A80C0]

SSDT BAFC0E00 ZwOpenProcess

SSDT BAFC0E05 ZwOpenThread

SSDT splt.sys ZwQueryKey [0xBA6C7108]

SSDT splt.sys ZwQueryValueKey [0xBA6C6F88]

SSDT splt.sys ZwSetValueKey [0xBA6C719A]

SSDT BAFC0E0F ZwTerminateProcess

SSDT BAFC0E0A ZwWriteVirtualMemory

INT 0x62 ? 8AA4FBF8

INT 0x63 ? 8AA4FBF8

INT 0x63 ? 8AA4FBF8

INT 0x63 ? 8A7E0BF8

INT 0x63 ? 8A7E0BF8

INT 0x63 ? 8AA4FBF8

INT 0x74 ? 8A7E0BF8

INT 0x82 ? 8AA4FBF8

INT 0x84 ? 8A7E0BF8

INT 0x94 ? 8A7E0BF8

INT 0xB4 ? 8A9E1BF8

---- Kernel code sections - GMER 1.0.14 ----

? splt.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload B9BC08AC 5 Bytes JMP 8A7E01D8

.text a6ywliv1.SYS B9A53386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text a6ywliv1.SYS B9A533AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text a6ywliv1.SYS B9A533C4 3 Bytes [ 00, 70, 02 ]

.text a6ywliv1.SYS B9A533C9 1 Byte [ 2E ]

.text a6ywliv1.SYS B9A533CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 1006B280 C:\ARQUIV~1\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!FreeLibraryAndExitThread 7C80C200 5 Bytes JMP 1006AFB0 C:\ARQUIV~1\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1680] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003CA0 D:\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[1680] ole32.dll!CoInitializeEx 774DEF7B 5 Bytes JMP 28002100 D:\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6A9040] splt.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6A913C] splt.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6A90BE] splt.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6A97FC] splt.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6A96D2] splt.sys

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!KeGetCurrentIrql] 57B80974

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!KfRaiseIrql] 8B000000

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!KfLowerIrql] 56C35DE5

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!HalGetInterruptVector] 8D08758B

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520

IAT \SystemRoot\System32\Drivers\a6ywliv1.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6B9048] splt.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A9DD1F8

Device \Driver\usbuhci \Device\USBPDO-0 8A7DE1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9DF1F8

Device \Driver\dmio \Device\DmControl\DmConfig 8A9DF1F8

Device \Driver\dmio \Device\DmControl\DmPnP 8A9DF1F8

Device \Driver\dmio \Device\DmControl\DmInfo 8A9DF1F8

Device \Driver\usbuhci \Device\USBPDO-1 8A7DE1F8

Device \Driver\usbuhci \Device\USBPDO-2 8A7DE1F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{CF5BC847-094E-4C5A-93B3-2B5F8D757EAC} 8A55E500

Device \Driver\usbuhci \Device\USBPDO-3 8A7DE1F8

Device \Driver\usbehci \Device\USBPDO-4 8A7AF1F8

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA501F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 8AA501F8

Device \Driver\Cdrom \Device\CdRom0 8A81F1F8

Device \Driver\Cdrom \Device\CdRom1 8A81F1F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 8A55E500

Device \Driver\sptd \Device\431907174 splt.sys

Device \Driver\NetBT \Device\NetbiosSmb 8A55E500

Device \Driver\PCI_PNP3424 \Device\0000004c splt.sys

Device \Driver\usbuhci \Device\USBFDO-0 8A7DE1F8

Device \Driver\usbuhci \Device\USBFDO-1 8A7DE1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A70E500

Device \Driver\usbuhci \Device\USBFDO-2 8A7DE1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A70E500

Device \Driver\usbuhci \Device\USBFDO-3 8A7DE1F8

Device \Driver\usbehci \Device\USBFDO-4 8A7AF1F8

Device \Driver\Ftdisk \Device\FtControl 8AA501F8

Device \Driver\a6ywliv1 \Device\Scsi\a6ywliv11 8A6DF500

Device \Driver\JRAID \Device\Scsi\JRAID1 8A9DE1F8

Device \Driver\a6ywliv1 \Device\Scsi\a6ywliv11Port5Path0Target0Lun0 8A6DF500

Device \FileSystem\Cdfs \Cdfs 8A6DD500

---- Services - GMER 1.0.14 ----

Service C:\Arquivos de programas\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\Arquivos de programas\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 17212550

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -445964231

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0x0E 0x8B 0xF2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC3 0xD3 0xDA 0x80 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x21 0x51 0xD7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0x3B 0x46 0x0F ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0x0E 0x8B 0xF2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x91 0xF5 0x69 0xCD ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\Arquivos de programas\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0x0E 0x8B 0xF2 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC3 0xD3 0xDA 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0A 0x21 0x51 0xD7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xFA 0x3B 0x46 0x0F ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.14 ----

Logfile of random's system information tool 1.04 (written by random/random)

Run by Gabriel_UFV at 2008-11-27 08:52:43

Microsoft Windows XP Professional Service Pack 3

System drive C: has 14 GB (47%) free of 31 GB

Total RAM: 2558 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:52, on 2008-11-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

D:\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\PerfectDisk\PDAgent.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

D:\PerfectDisk\PDEngine.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Gabriel_UFV\Desktop\GMER\RSIT.exe

D:\HijackThis\Gabriel_UFV.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {34E74C4B-2355-40D4-AEFF-D648BDA4856B} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sysctrls] win32dll.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunServices: [sysctrls] win32dll.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sysctrls] win32dll.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188498381750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212031561328

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5BC847-094E-4C5A-93B3-2B5F8D757EAC}: NameServer = 200.165.132.147,200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: ljJayyxy - ljJayyxy.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - D:\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\PerfectDisk\PDEngine.exe

O23 - Service: PDExchange - Raxco Software, Inc. - D:\PerfectDisk\PDExchange.exe

--

End of file - 11980 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E74C4B-2355-40D4-AEFF-D648BDA4856B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

ActivationManager Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehabn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-14 16050176]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-08-14 352256]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-13 7557120]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-02-13 86016]

"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-28 544768]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"Windows Defender"=D:\Windows Defender\MSASCui.exe [2006-11-03 866584]

"ISUSPM Startup"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

"ISUSScheduler"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"Sysctrls"=win32dll.exe []

"Acrobat Assistant 8.0"=C:\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

""= []

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

"Sysctrls"=win32dll.exe []

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-09-09 3513344]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJayyxy]

ljJayyxy.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\Arquivos de programas\GbPlugin\gbiehabn.dll []

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-09-01 384840]

"{483910AC-20E0-42A6-B6F5-3902EEF878D0}"= []

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=D:\WINDOW~1\MpShHook.dll [2006-11-03 83224]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\WINDOWS\system32\vtUkIyYO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39ba781-339d-11dc-901c-0018f37fde02}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"

.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

.scr - open -

.scr - install -

.scr - config -

======List of files/folders created in the last 1 months======

2008-11-27 08:48:42 ----D---- C:\rsit

2008-11-27 08:39:37 ----A---- C:\WINDOWS\gmer.ini

2008-11-27 08:39:36 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-27 08:39:36 ----A---- C:\WINDOWS\gmer.exe

2008-11-27 08:39:36 ----A---- C:\WINDOWS\gmer.dll

2008-11-26 22:40:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-11-26 22:40:48 ----D---- C:\Arquivos de programas\Avira

2008-11-26 22:12:26 ----D---- C:\ComboFix

2008-11-26 22:12:25 ----A---- C:\WINDOWS\system32\CF1891.exe

2008-11-26 21:46:42 ----A---- C:\WINDOWS\system32\CF29620.exe

2008-11-26 21:39:45 ----A---- C:\WINDOWS\system32\CF28255.exe

2008-11-26 21:29:52 ----A---- C:\WINDOWS\system32\CF26322.exe

2008-11-25 21:24:43 ----A---- C:\Boot.bak

2008-11-25 21:24:39 ----RASHD---- C:\cmdcons

2008-11-25 21:13:35 ----A---- C:\WINDOWS\zip.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\VFIND.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\SWSC.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\SWREG.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\sed.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\grep.exe

2008-11-25 21:13:35 ----A---- C:\WINDOWS\fdsv.exe

2008-11-25 21:13:29 ----A---- C:\WINDOWS\system32\CF3113.exe

2008-11-25 21:11:09 ----A---- C:\WINDOWS\system32\CF2652.exe

2008-11-25 21:03:29 ----D---- C:\WINDOWS\ERDNT

2008-11-25 21:03:29 ----D---- C:\Qoobox

2008-11-25 21:03:28 ----A---- C:\WINDOWS\system32\CF1147.exe

2008-11-24 10:48:36 ----RSHD---- C:\RESTORE

2008-11-20 21:51:30 ----D---- C:\Arquivos de programas\Microsoft

2008-11-20 21:31:33 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-11-13 00:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-13 00:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-13 00:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-13 00:29:48 ----D---- C:\Arquivos de programas\MSXML 4.0

======List of files/folders modified in the last 1 months======

2008-11-27 08:52:44 ----D---- C:\WINDOWS\Prefetch

2008-11-27 08:40:45 ----D---- C:\WINDOWS\Temp

2008-11-27 08:40:43 ----SD---- C:\WINDOWS\Tasks

2008-11-27 08:39:38 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-27 08:39:37 ----D---- C:\WINDOWS

2008-11-27 08:39:36 ----D---- C:\WINDOWS\system32\drivers

2008-11-27 06:57:33 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-27 00:02:35 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-26 22:51:33 ----D---- C:\Arquivos de programas\GbPlugin

2008-11-26 22:40:48 ----D---- C:\Arquivos de programas

2008-11-26 22:14:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-11-26 22:13:58 ----D---- C:\WINDOWS\Minidump

2008-11-26 22:12:43 ----D---- C:\WINDOWS\system32

2008-11-26 22:02:34 ----SD---- C:\Documents and Settings\Gabriel_UFV\Dados de aplicativos\Microsoft

2008-11-26 22:02:06 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-11-25 21:24:43 ----RASH---- C:\boot.ini

2008-11-21 07:54:29 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-20 21:54:00 ----SHD---- C:\Config.Msi

2008-11-20 21:53:59 ----SHD---- C:\WINDOWS\Installer

2008-11-20 21:51:43 ----D---- C:\WINDOWS\WinSxS

2008-11-20 21:51:17 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-11-20 21:51:17 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2008-11-20 21:50:58 ----RSD---- C:\WINDOWS\Fonts

2008-11-20 21:50:51 ----D---- C:\Arquivos de programas\Windows Live

2008-11-20 21:50:36 ----HD---- C:\WINDOWS\inf

2008-11-20 21:31:33 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-20 21:20:30 ----D---- C:\WINDOWS\Help

2008-11-18 18:41:12 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-11-14 22:17:30 ----D---- C:\Documents and Settings\Gabriel_UFV\Dados de aplicativos\Skype

2008-11-13 00:31:12 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-13 00:30:46 ----A---- C:\WINDOWS\imsins.BAK

2008-11-08 09:00:16 ----D---- C:\Acrobat 8.0

2008-11-03 22:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-08 5632]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-09 278984]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-09 25416]

R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-15 4368896]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-31 81280]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-10 923826]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 eeCtrl;Symantec Eraser Control driver; C:\WINDOWS\system32\drivers\eeCtrl.sys []

S3 a6ywliv1;a6ywliv1; C:\WINDOWS\system32\drivers\a6ywliv1.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-27 85969]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-05-10 513152]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 V0250Dev;Live! Cam Notebook Pro; C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-04-05 163840]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-13 143426]

R2 PDAgent;PDAgent; D:\PerfectDisk\PDAgent.exe [2007-11-06 414984]

R2 WinDefend;Windows Defender; D:\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-22 654848]

R3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

R3 PDEngine;PDEngine; D:\PerfectDisk\PDEngine.exe [2007-11-06 734472]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2007-02-18 77944]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PDExchange;PDExchange; D:\PerfectDisk\PDExchange.exe [2007-11-06 201992]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, Bem Vindo ao Fórum do Clube Hardware!

Imprima ou salve estas instruções, pois vais segui-las sem acesso à internet

# Etapa nº 1 #

Faça o download SDFix

  • Salve-o no seu desktop.
  • Dê o duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix
  • (Normalmente para o drive que contém o Windows. Habitualmente: C:\SDFix).
  • Não o utilize ainda

# Etapa nº 2 #
Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)
# Etapa nº 3 #
Rode o SDFix.
  • Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
  • Tecle Y para que a ferramenta inicie o processo de remoção
  • Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
  • Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
  • Uma janela com o relatório do SDFix irá aparecer.
  • Copie e cole este relatório na sua resposta. Caso você tenha fechado a janela, uma cópia do relatório estará na pasta SDFix com o nome Report.txt
  • Gere e cole também um novo log do HijackThis.

-- Caso uma janela abra e feche de repente, por favor vá até Iniciar -> Executar -> e copie e cole o seguinte texto:

%systemdrive%\SDFix\apps\FixPath.exe /Q

Reinicie o PC e rode novamente o SDFix.

-- Se mesmo assim o SDFix não rodar, verifique a variável %comspec%. Clique direito do mouse em Meu Computador -> Propriedades -> Avançadas -> Variáveis do Ambiente e verifique se a variável ComSpec tê o valor para o cmd.exe.

%SystemRoot%\system32\cmd.exe

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os logs requisitados depois dos passos propostos. Muito obrigado!!!

SDFix: Version 1.240

Run by Gabriel_UFV on 2008-11-30 at 23:47

Microsoft Windows XP [versão 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp32.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp4F.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp5.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp90.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp92.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp94.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp96.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp98.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp9A.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp9C.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmp9E.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmpA0.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmpA2.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmpA4.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmpA6.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmpA8.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\tmpAA.tmp - Deleted

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\removalfile.bat - Deleted

C:\WINDOWS\pskt.ini - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-30 23:53:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"C:\Arquivos de programas\GbPlugin\GbpSv.exe"

"DisplayName"="Gbp Service"

"Group"="GbPlugin Group"

"ObjectName"="LocalSystem"

"Description"="Service for G-Buster Browser Defense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv\Security]

"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:0106a486

"s2"=dword:e56b2039

"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:85,0e,8b,f2,78,e6,ec,b2,7b,de,e6,f8,57,1e,92,20,34,4d,92,6f,c2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c3,d3,da,80,02,88,94,fd,71,dd,86,94,78,c9,0e,10,90,f8,4c,07,7a,..

"p0"="D:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,c2,29,89,3e,fa,1f,40,35,de,b7,da,b4,e2,b5,75,f0,74,..

"khjeh"=hex:0a,21,51,d7,91,d3,e7,92,16,5f,fa,92,e8,55,5e,68,de,21,63,63,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:fa,3b,46,0f,62,27,20,75,b9,ff,0e,c6,c3,cb,2b,e5,b4,b2,d1,6c,0f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:85,0e,8b,f2,78,e6,ec,b2,7b,de,e6,f8,57,1e,92,20,34,4d,92,6f,c2,..

"p0"="D:\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:91,f5,69,cd,7a,12,24,7b,14,54,a4,5b,8d,fa,f7,34,d6,6b,d5,90,b2,..

"p0"="D:\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GbpSv]

"Type"=dword:00000010

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"C:\Arquivos de programas\GbPlugin\GbpSv.exe"

"DisplayName"="Gbp Service"

"Group"="GbPlugin Group"

"ObjectName"="LocalSystem"

"Description"="Service for G-Buster Browser Defense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\GbpSv\Security]

"Security"=hex:01,00,14,80,88,00,00,00,94,00,00,00,14,00,00,00,30,00,00,00,02,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:85,0e,8b,f2,78,e6,ec,b2,7b,de,e6,f8,57,1e,92,20,34,4d,92,6f,c2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c3,d3,da,80,02,88,94,fd,71,dd,86,94,78,c9,0e,10,90,f8,4c,07,7a,..

"p0"="D:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,c2,29,89,3e,fa,1f,40,35,de,b7,da,b4,e2,b5,75,f0,74,..

"khjeh"=hex:0a,21,51,d7,91,d3,e7,92,16,5f,fa,92,e8,55,5e,68,de,21,63,63,f1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:fa,3b,46,0f,62,27,20,75,b9,ff,0e,c6,c3,cb,2b,e5,b4,b2,d1,6c,0f,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

"DeviceNotSelectedTimeout"="15"

"GDIProcessHandleQuota"=dword:00002710

"Spooler"="yes"

"swapdisk"=""

"TransmissionRetryTimeout"="90"

"USERProcessHandleQuota"=dword:00002710

"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"

Mon 14 Apr 2008 60,416 A.SH. --- "C:\Arquivos de programas\Outlook Express\msimn.exe"

Wed 8 Oct 2008 117,248 A.SHR --- "C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\dark.exe"

Mon 6 Aug 2007 56 ..SHR --- "C:\WINDOWS\system32\21675AC9AD.sys"

Mon 6 Aug 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Mon 16 Apr 2007 16 ...H. --- "C:\WINDOWS\system32\rtevd3b.dll"

Wed 21 May 2008 1,499,148 ..SH. --- "C:\WINDOWS\system32\wuenkknw.tmp"

Wed 22 Dec 2004 76,568 ..SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\Setup.exe"

Thu 13 Jan 2005 11,360 A.SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\_Setupx.dll"

Fri 4 May 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 1 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Thu 20 Nov 2008 320,392 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\58ad4967c458f39485a31fccbdd94a7b\BIT3E.tmp"

Tue 27 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6bbd86192c5acb3b9e2802d457279aa8\BIT1.tmp"

Mon 11 Feb 2008 128,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6d75b3919c2f4962e4556530b1ae2f2a\BIT16.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:03, on 2008-12-01

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

D:\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

D:\PerfectDisk\PDEngine.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {34E74C4B-2355-40D4-AEFF-D648BDA4856B} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188498381750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212031561328

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5BC847-094E-4C5A-93B3-2B5F8D757EAC}: NameServer = 200.165.132.147,200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: ljJayyxy - ljJayyxy.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - D:\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\PerfectDisk\PDEngine.exe

O23 - Service: PDExchange - Raxco Software, Inc. - D:\PerfectDisk\PDExchange.exe

--

End of file - 11736 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, Ainda temos mais algumas coisas para limpar mas preciso de mais informação.

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, o DDS.txt irá abrir.
  • Surgirá também uma nova caixa "D.D.S - Optional_Scan", clique em Não.
  • Salve o resultado e cole-o na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, beleza Lusitano?

Eu baixei o DDS mas quando clico nele aparece o seguinte erro:

"Este arquivo não tem um programa associado a ele para realizar esta ação. Crie uma associação no painel de controle 'Opções de pasta'."

Como devo proceder?? Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log requisitado:

DDS (Version 1.0) - NTFSx86

Run by Gabriel_UFV at 19:02:23.85 on 2008-12-09

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2558.2004 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

D:\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\PerfectDisk\PDAgent.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\PerfectDisk\PDEngine.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Gabriel_UFV\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uol.com.br/

uSearch Bar = hxxp://m.busca.uol.com.br/ie/

uURLSearchHooks: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - c:\arquivos de programas\arquivos comuns\uol\urlsearch\UOLSearchHook.dll

mURLSearchHooks: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - c:\arquivos de programas\arquivos comuns\uol\urlsearch\UOLSearchHook.dll

dURLSearchHooks: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - c:\arquivos de programas\arquivos comuns\uol\urlsearch\UOLSearchHook.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {34E74C4B-2355-40D4-AEFF-D648BDA4856B} -

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\arquivos de programas\windows live\messenger\wlchtc.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {86A44EF7-78FC-4e18-A564-B18F806F7F56} -

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C108AE59-C97F-4517-8B74-5590BE3C2A82} -

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\arquiv~1\gbplugin\gbieh.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [Windows Defender] "d:\windows defender\MSASCui.exe" -hide

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Acrobat Assistant 8.0] "c:\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\autoca~1.lnk - c:\arquivos de programas\arquivos comuns\autodesk shared\acstart16.exe

IE: Append to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\micros~1\office11\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {CF5BC847-094E-4C5A-93B3-2B5F8D757EAC} = 200.165.132.147,200.165.132.154

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\arquiv~1\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

Notify: klogon - c:\windows\system32\klogon.dll

Notify: ljJayyxy - ljJayyxy.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\arquiv~1\gbplugin\gbieh.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - d:\window~1\MpShHook.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

SEH: {C108AE59-C97F-4517-8B74-5590BE3C2A82} -

LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUkIyYO

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 110096]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-2-17 11264]

R1 avgio;avgio;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgio.sys [2008-11-26 11840]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\arquivos de programas\avira\antivir personaledition classic\sched.exe" [2008-11-26 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\arquivos de programas\avira\antivir personaledition classic\avguard.exe" [2008-11-26 151297]

R2 WinDefend;Windows Defender;"d:\windows defender\MsMpEng.exe" [2006-11-3 13592]

R3 avgntflt;avgntflt;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgntflt.sys [2008-11-26 52032]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-10-5 163840]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

piffile="%1" %*"

=============== Created Last 30 ================

2008-12-03 06:32 161,792 a------- c:\windows\SWREG.exe

2008-12-03 06:32 98,816 a------- c:\windows\sed.exe

2008-12-03 06:32 <DIR> --d----- C:\ComboFix

2008-12-03 06:32 400,896 a------- c:\windows\system32\CF23269.exe

2008-12-03 06:29 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Sports Interactive

2008-12-02 23:57 <DIR> --d----- c:\windows\Logs

2008-12-02 23:30 <DIR> --dsh--- c:\documents and settings\gabriel_ufv\UserData

2008-12-02 20:41 <DIR> --d-h--- c:\windows\system32\GroupPolicy

2008-12-01 19:21 410,976 a------- c:\windows\system32\deploytk.dll

2008-12-01 00:37 200 a------- C:\sqmnoopt19.sqm

2008-12-01 00:37 200 a------- C:\sqmdata19.sqm

2008-11-30 23:46 579,072 ac------ c:\windows\system32\dllcache\user32.dll

2008-11-30 23:43 <DIR> --d----- c:\windows\ERUNT

2008-11-30 23:40 200 a------- C:\sqmdata18.sqm

2008-11-30 23:40 200 a------- C:\sqmnoopt18.sqm

2008-11-30 23:35 <DIR> --d----- C:\SDFix

2008-11-28 19:32 200 a------- C:\sqmnoopt17.sqm

2008-11-28 19:32 200 a------- C:\sqmdata17.sqm

2008-11-27 19:42 236 a------- C:\sqmdata14.sqm

2008-11-27 19:42 200 a------- C:\sqmnoopt14.sqm

2008-11-27 19:33 236 a------- C:\sqmdata16.sqm

2008-11-27 19:33 200 a------- C:\sqmnoopt16.sqm

2008-11-27 08:54 236 a------- C:\sqmdata13.sqm

2008-11-27 08:54 200 a------- C:\sqmnoopt13.sqm

2008-11-27 08:39 250 a------- c:\windows\gmer.ini

2008-11-27 07:42 236 a------- C:\sqmdata15.sqm

2008-11-27 07:42 200 a------- C:\sqmnoopt15.sqm

2008-11-27 07:38 400,896 a------- c:\windows\system32\CF14594.exe

2008-11-26 22:40 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2008-11-26 22:40 <DIR> --d----- c:\arquivos de programas\Avira

2008-11-26 22:12 400,896 a------- c:\windows\system32\CF1891.exe

2008-11-26 21:46 400,896 a------- c:\windows\system32\CF29620.exe

2008-11-26 21:39 400,896 a------- c:\windows\system32\CF28255.exe

2008-11-26 21:36 236 a------- C:\sqmdata12.sqm

2008-11-26 21:36 200 a------- C:\sqmnoopt12.sqm

2008-11-26 21:29 400,896 a------- c:\windows\system32\CF26322.exe

2008-11-25 21:24 <DIR> a-dshr-- C:\cmdcons

2008-11-25 21:13 400,896 a------- c:\windows\system32\CF3113.exe

2008-11-25 21:11 400,896 a------- c:\windows\system32\CF2652.exe

2008-11-25 21:03 400,896 a------- c:\windows\system32\CF1147.exe

2008-11-25 21:00 236 a------- C:\sqmdata11.sqm

2008-11-25 21:00 200 a------- C:\sqmnoopt11.sqm

2008-11-24 10:48 <DIR> --dshr-- C:\RESTORE

2008-11-20 21:54 <DIR> --d----- c:\documents and settings\gabriel_ufv\Tracing

2008-11-20 21:51 <DIR> --d----- c:\arquivos de programas\Microsoft

2008-11-20 21:31 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Windows Live

2008-11-13 00:29 <DIR> --d----- c:\arquivos de programas\MSXML 4.0

2008-11-12 21:48 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 21:37 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll

2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll

2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll

2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

2008-10-24 09:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 10:52 469,136 a------- c:\windows\system32\perfh016.dat

2008-10-12 10:52 78,760 a------- c:\windows\system32\perfc016.dat

2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll

2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-15 13:26 1,846,528 a------- c:\windows\system32\win32k.sys

2006-10-28 03:30 463,152 a------- c:\docume~1\gabrie~1\dadosd~1\setup.exe

2007-08-06 21:05 56 ---shr-- c:\windows\system32\21675AC9AD.sys

2007-08-06 21:05 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-05-29 01:17 38,708 a--sh--- c:\windows\system32\OYyIkUtv.ini2

2008-05-29 08:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008052920080530\index.dat

2008-05-28 19:52 16,384 a--sh--- c:\windows\temp\cookies\index.dat

2008-05-28 19:52 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat

2008-05-28 19:52 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:02:50.96 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Realizei o download da ferramenta e segui os passos, desabilitando o antivirus e o firewall.

Porém, os passos 4 e 5 não aconteceram, e quando o combofix realizou a mudança das configurações de hora, ele reiniciou o computador.

Quando o windows iniciou, apareceu uma msg dizendo que o sistema havia se recuperado de um erro grave, e o log é o seguinte:

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\WERce0a.dir00\Mini121008-01.dmp

C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\WERce0a.dir00\sysdata.xml

Logo depois estava tudo normal, mas o combofix não continuou e o log do mesmo não foi feito. O que devo fazer? :confused:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Não rodou convenientemente porque você já tinha utilizado indevidamente a ferramenta em finais de Novembro.

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Elmine agora os seguintes arquivos e pastas, caso encontre:

Arquivos:

c:\windows\system32\CF23269.exe

c:\windows\system32\CF1891.exe

c:\windows\system32\CF29620.exe

c:\windows\system32\CF28255.exe

c:\windows\system32\CF26322.exe

c:\windows\system32\CF3113.exe

c:\windows\system32\CF2652.exe

c:\windows\system32\CF1147.exe

c:\windows\system32\OYyIkUtv.ini2

Pasta:

C:\ComboFix

Tente agora novamente o Combofix.

[]'s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Efetuei o procedimento anterior, mas quando rodei o combofix ocorreu a mesma coisa, ele reiniciou o pc mas não continuou o processo.

[]'s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos ter de fazer de forma mais trabalhosa então :)

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

beleza, uma hora vai dar certo! :D

Logfile of random's system information tool 1.04 (written by random/random)

Run by Gabriel_UFV at 2008-12-11 22:54:01

Microsoft Windows XP Professional Service Pack 3

System drive C: has 15 GB (49%) free of 31 GB

Total RAM: 2558 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54, on 2008-12-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

D:\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

D:\PerfectDisk\PDEngine.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Gabriel_UFV\Desktop\RSIT.exe

D:\HijackThis\Gabriel_UFV.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://m.busca.uol.com.br/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {34E74C4B-2355-40D4-AEFF-D648BDA4856B} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C108AE59-C97F-4517-8B74-5590BE3C2A82} - (no file)

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188498381750

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212031561328

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5BC847-094E-4C5A-93B3-2B5F8D757EAC}: NameServer = 200.165.132.147,200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: ljJayyxy - ljJayyxy.dll (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - D:\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\PerfectDisk\PDEngine.exe

O23 - Service: PDExchange - Raxco Software, Inc. - D:\PerfectDisk\PDExchange.exe

--

End of file - 12034 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E74C4B-2355-40D4-AEFF-D648BDA4856B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Arquivos de programas\Java\jre6\bin\ssv.dll [2008-12-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]

ActivationManager Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbiehabn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2008-12-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-14 16050176]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-08-14 352256]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-13 7557120]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-02-13 86016]

"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2004-12-28 544768]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2008-12-01 136600]

"Windows Defender"=D:\Windows Defender\MSASCui.exe [2006-11-03 866584]

"ISUSPM Startup"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

"ISUSScheduler"=C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"Acrobat Assistant 8.0"=C:\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-09-09 3513344]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJayyxy]

ljJayyxy.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\Arquivos de programas\GbPlugin\gbiehabn.dll []

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-09-01 384840]

"{483910AC-20E0-42A6-B6F5-3902EEF878D0}"= []

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=D:\WINDOW~1\MpShHook.dll [2006-11-03 83224]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\WINDOWS\system32\vtUkIyYO

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\eMule\emule.exe"="D:\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Jogos\Football Manager 2009\fm.exe"="D:\Jogos\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39ba781-339d-11dc-901c-0018f37fde02}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"

.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

.scr - open -

.scr - install -

.scr - config -

======List of files/folders created in the last 1 months======

2008-12-10 22:23:33 ----A---- C:\WINDOWS\zip.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\VFIND.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\SWSC.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\SWREG.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\sed.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\grep.exe

2008-12-10 22:23:33 ----A---- C:\WINDOWS\fdsv.exe

2008-12-10 22:23:28 ----D---- C:\Qoobox

2008-12-10 22:23:28 ----D---- C:\ComboFix

2008-12-10 22:23:27 ----A---- C:\WINDOWS\system32\CF21940.exe

2008-12-10 10:47:05 ----A---- C:\WINDOWS\system32\CF16567.exe

2008-12-03 06:29:36 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sports Interactive

2008-12-03 00:28:35 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2008-12-03 00:28:35 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2008-12-03 00:28:35 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2008-12-03 00:28:34 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2008-12-03 00:28:34 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2008-12-03 00:28:34 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2008-12-03 00:28:34 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2008-12-03 00:28:33 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2008-12-03 00:28:33 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2008-12-03 00:28:33 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2008-12-03 00:28:33 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2008-12-03 00:28:33 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2008-12-03 00:28:32 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2008-12-03 00:28:32 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2008-12-03 00:28:32 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2008-12-03 00:28:31 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2008-12-03 00:28:31 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2008-12-03 00:28:31 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2008-12-03 00:28:31 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2008-12-03 00:28:31 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2008-12-03 00:28:30 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2008-12-03 00:28:30 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2008-12-03 00:28:29 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2008-12-03 00:28:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2008-12-03 00:28:29 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2008-12-03 00:28:29 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2008-12-03 00:28:28 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2008-12-03 00:28:28 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2008-12-03 00:28:28 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2008-12-03 00:28:27 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2008-12-03 00:28:27 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2008-12-03 00:28:27 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2008-12-03 00:28:27 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2008-12-03 00:28:26 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2008-12-03 00:28:26 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2008-12-03 00:28:26 ----A---- C:\WINDOWS\system32\d3dx9_35.dll

2008-12-03 00:28:26 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2008-12-03 00:28:26 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2008-12-03 00:28:25 ----A---- C:\WINDOWS\system32\xinput1_3.dll

2008-12-03 00:28:25 ----A---- C:\WINDOWS\system32\xactengine2_7.dll

2008-12-03 00:28:25 ----A---- C:\WINDOWS\system32\d3dx10_33.dll

2008-12-03 00:28:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll

2008-12-03 00:28:23 ----A---- C:\WINDOWS\system32\xactengine2_6.dll

2008-12-03 00:28:23 ----A---- C:\WINDOWS\system32\d3dx9_33.dll

2008-12-03 00:28:22 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2008-12-03 00:28:22 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2008-12-03 00:28:22 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2008-12-03 00:28:22 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll

2008-12-03 00:28:22 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2008-12-03 00:28:21 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2008-12-03 00:28:21 ----A---- C:\WINDOWS\system32\xactengine2_2.dll

2008-12-03 00:28:20 ----A---- C:\WINDOWS\system32\xinput1_1.dll

2008-12-03 00:28:20 ----A---- C:\WINDOWS\system32\xactengine2_1.dll

2008-12-03 00:28:16 ----A---- C:\WINDOWS\system32\xactengine2_0.dll

2008-12-03 00:28:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll

2008-12-03 00:28:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll

2008-12-03 00:28:15 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll

2008-12-03 00:28:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll

2008-12-03 00:28:15 ----A---- C:\WINDOWS\system32\d3dx9_24.dll

2008-12-02 23:57:45 ----D---- C:\WINDOWS\Logs

2008-12-02 20:41:46 ----HD---- C:\WINDOWS\system32\GroupPolicy

2008-12-01 19:21:55 ----A---- C:\WINDOWS\system32\javaws.exe

2008-12-01 19:21:55 ----A---- C:\WINDOWS\system32\javaw.exe

2008-12-01 19:21:55 ----A---- C:\WINDOWS\system32\java.exe

2008-12-01 19:21:55 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-11-30 23:43:54 ----D---- C:\WINDOWS\ERUNT

2008-11-30 23:42:09 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-27 08:48:42 ----D---- C:\rsit

2008-11-27 07:38:59 ----A---- C:\WINDOWS\system32\CF14594.exe

2008-11-26 22:40:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-11-26 22:40:48 ----D---- C:\Arquivos de programas\Avira

2008-11-25 21:24:43 ----A---- C:\Boot.bak

2008-11-25 21:24:39 ----RASHD---- C:\cmdcons

2008-11-25 21:03:29 ----D---- C:\WINDOWS\ERDNT

2008-11-24 10:48:36 ----RSHD---- C:\RESTORE

2008-11-20 21:51:30 ----D---- C:\Arquivos de programas\Microsoft

2008-11-20 21:31:33 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-11-13 00:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-13 00:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-13 00:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-13 00:29:48 ----D---- C:\Arquivos de programas\MSXML 4.0

======List of files/folders modified in the last 1 months======

2008-12-11 22:53:36 ----D---- C:\WINDOWS\Prefetch

2008-12-11 22:47:05 ----D---- C:\WINDOWS\Temp

2008-12-11 22:30:02 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-11 22:29:59 ----SD---- C:\WINDOWS\Tasks

2008-12-11 22:27:11 ----D---- C:\WINDOWS

2008-12-11 22:26:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-12-11 18:54:45 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-11 16:37:21 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-10 22:24:04 ----D---- C:\WINDOWS\system32

2008-12-10 22:11:36 ----D---- C:\WINDOWS\system32\drivers

2008-12-03 00:28:37 ----D---- C:\WINDOWS\system32\DirectX

2008-12-03 00:28:35 ----HD---- C:\WINDOWS\inf

2008-12-03 00:28:20 ----RSD---- C:\WINDOWS\assembly

2008-12-02 23:48:34 ----D---- C:\Documents and Settings\Gabriel_UFV\Dados de aplicativos\Sports Interactive

2008-12-01 19:22:06 ----SHD---- C:\WINDOWS\Installer

2008-12-01 19:22:00 ----SHD---- C:\Config.Msi

2008-12-01 19:21:37 ----D---- C:\Arquivos de programas\Java

2008-11-30 23:46:21 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-27 07:32:11 ----D---- C:\Arquivos de programas\GbPlugin

2008-11-26 22:40:48 ----D---- C:\Arquivos de programas

2008-11-26 22:13:58 ----D---- C:\WINDOWS\Minidump

2008-11-26 22:02:34 ----SD---- C:\Documents and Settings\Gabriel_UFV\Dados de aplicativos\Microsoft

2008-11-26 22:02:06 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-11-25 21:24:43 ----RASH---- C:\boot.ini

2008-11-20 21:51:43 ----D---- C:\WINDOWS\WinSxS

2008-11-20 21:51:17 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-11-20 21:51:17 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2008-11-20 21:50:58 ----RSD---- C:\WINDOWS\Fonts

2008-11-20 21:50:51 ----D---- C:\Arquivos de programas\Windows Live

2008-11-20 21:31:33 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-20 21:20:30 ----D---- C:\WINDOWS\Help

2008-11-18 18:41:12 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-11-14 22:17:30 ----D---- C:\Documents and Settings\Gabriel_UFV\Dados de aplicativos\Skype

2008-11-13 00:31:12 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-13 00:30:46 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-08 5632]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-09 278984]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-09 25416]

R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-15 4368896]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-13 3642784]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-08-31 81280]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-10 923826]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 eeCtrl;Symantec Eraser Control driver; C:\WINDOWS\system32\drivers\eeCtrl.sys []

S3 a1br6oax;a1br6oax; C:\WINDOWS\system32\drivers\a1br6oax.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-05-10 513152]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 V0250Dev;Live! Cam Notebook Pro; C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-04-05 163840]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2008-12-01 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-13 143426]

R2 PDAgent;PDAgent; D:\PerfectDisk\PDAgent.exe [2007-11-06 414984]

R2 WinDefend;Windows Defender; D:\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-22 654848]

R3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

R3 PDEngine;PDEngine; D:\PerfectDisk\PDEngine.exe [2007-11-06 734472]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2007-02-18 77944]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PDExchange;PDExchange; D:\PerfectDisk\PDExchange.exe [2007-11-06 201992]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

O outro log:

info.txt logfile of random's system information tool 1.04 2008-11-27 08:48:46

======Uninstall list======

-->D:\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x416

-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x416

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

AC3Filter (remove only)-->D:\Codecs\AC3Filter\uninstall.exe

Acessar Yahoo! Messenger-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x416 /remove

Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Age of Empires III-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}

AgriBombas-->C:\WINDOWS\uninst.exe -fD:\AgriBombas\DeIsL1.isu -cD:\AgriBombas\_ISREG32.DLL

Assistente de Conexão do Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}

Autodesk DWF Viewer-->C:\ARQUIV~1\Autodesk\AUTODE~1\Setup.exe /remove

AVIcodec (remove only)-->"D:\Codecs\AVIcodec\uninst.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}

Creative Live! Cam Notebook Pro Driver (1.01.03.0405)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl

Creative Photo Calendar-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x416 /remove

Creative Photo Manager-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x416 /remove

Creative Software AutoUpdate-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x416 /remove

Creative WebCam Center-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x416 /remove

DAEMON Tools Toolbar-->C:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe

Emule Speed Booster 2.9.0.0-->"D:\eMule\Emule Speed Booster\unins000.exe"

eMule-->"D:\eMule\Uninstall.exe"

FLV Player 1.3.3-->"D:\FLVPlayer\uninstall.exe"

FM Modifier 2.25-->MsiExec.exe /I{AE86AE81-CD7F-496F-A39F-0210C985E71B}

FreeRIP v2.53-->D:\FreeRIP2\unins000.exe

Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

Guia do Usuário da Creative Live! Cam Notebook Pro (Português)-->C:\WINDOWS\IsUn0416.exe -f"D:\Creative\Creative Live! Cam Notebook Pro\Guia do Usuário da Creative Live! Cam Notebook Pro\Brazil\CTManual.isu"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"D:\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Informações do Sistema Creative-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x416 /remove

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

JMB36X Raid Configurer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly

Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}

K-Lite Mega Codec Pack 2.01-->"D:\K-Lite Codec Pack\unins000.exe"

MathType 6-->"D:\MathType\Setup.exe" -R

Messenger Plus! Live-->"D:\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Language Pack - PTB-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack-->MsiExec.exe /X{F407D6FB-D3AD-44CC-B77B-5B3F0FF1F22C}

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe

Mozilla Firefox (3.0.4)-->D:\Mozilla Firefox\uninstall\helper.exe

MS Access 97 SP2-->C:\Program Files\Microsoft Office\setup\setup.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Multimedia Transcoding Tool-->"D:\Multimedia Transcoding Tool\unins000.exe"

MV RegClean 5.5-->"D:\MV RegClean 5.5\unins000.exe"

Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301046}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NSIS Media Extension-->C:\Arquivos de programas\Arquivos comuns\NSIS\uninst.exe

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack\setup.exe

PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}

PowerISO-->"D:\PowerISO\uninstall.exe"

QuickTime Alternative 1.78-->"D:\QuickTime Alternative\unins000.exe"

Real Alternative 1.8.2-->"D:\Real Alternative\unins000.exe"

RealMedia (remove only)-->"C:\Arquivos de programas\RealMedia\uninstall.exe"

REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\Setup.exe" -l0x416 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x416 -removeonly

Ref-ET-->C:\WINDOWS\st6unst.exe -n "D:\Ref-ET\ST6UNST.LOG"

SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3-->"C:\Arquivos de programas\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0416 -removeonly

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SightSpeed (remove only)-->C:\Arquivos de programas\SightSpeed\uninst.exe

SigmaPlot 10.0-->MsiExec.exe /I{43224D30-5941-47A4-9AD7-9250EE794396}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SpeedFan (remove only)-->"D:\SpeedFan\uninstall.exe"

Theme Hospital-->C:\WINDOWS\uninst.exe -fd:\jogos\hospital\DeIsL1.isu

Twinsen's Odyssey-->C:\WINDOWS\IsUn0816.exe -f"D:\Jogos\Twinsen's Odyssey\Uninst.isu"

upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}

Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}

Utilitário Vídeo FX avançado-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x416 /remove

VIA Platform Device Manager-->C:\ARQUIV~1\ARQUIV~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

Visualizador Achei Concursos-->"D:\Achei Concursos\unins000.exe"

WinAVIVideoConverter-->D:\WinAVIVideoConverter\unins000.exe

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Beta (todos os programas)-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Beta (todos os programas)-->MsiExec.exe /I{4FE37B71-AB78-4F4A-8327-A8401E5BD12A}

Windows Live Call-->MsiExec.exe /I{F99EE599-A088-4037-831E-587E9BB35826}

Windows Live Messenger-->MsiExec.exe /X{2B3D758E-DEE0-4868-B2F6-9CE435A13400}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Presentation Foundation Language Pack (PTB)-->MsiExec.exe /X{93676FC6-C7DB-45A6-A62B-74A324F17313}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation BR Language Pack-->MsiExec.exe /I{6A288CAE-32D0-4CA7-8166-210D380A8045}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->D:\WinRAR\uninstall.exe

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

XviD MPEG-4 Codec-->"D:\Codecs\XviD\UninstXviD.exe"

======Hosts File======

127.255.255.255 serial.alcohol-soft.com

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared;D:\Samsung\Samsung PC Studio 3

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=0407

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Obrigado!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:


:processes
explorer.exe
:files
C:\WINDOWS\system32\drivers\a1br6oax.sys
:services
a1br6oax
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E74C4B-2355-40D4-AEFF-D648BDA4856B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJayyxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{483910AC-20E0-42A6-B6F5-3902EEF878D0}"=-
"{C108AE59-C97F-4517-8B74-5590BE3C2A82}"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39ba781-339d-11dc-901c-0018f37fde02}]
:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Gere e cole também um novo log do DDS.

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta, juntamente com um novo log do HijackThis.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Faça o download DAFT e salve no desktop:

  1. Duplo clique no icone daft.exe
  2. Clique no botão "Scan".
  3. Selecione tudo o que aparecer.
  4. Clique no botão "Fix".
  5. Depois, faça novamente um scan com o DAFT. Deverá aparecer: "All associations are OK"
  6. Feche o DAFT se essa mensagem apareça, pois isso quer dizer que a associação de arquivos foi corrigida.

Faça o download do FixPolicies

  • Duplo clique no arquivo FixPolicies e depois em Executar
  • Uma pasta com o nome FixPolicies será criada.
  • Dentro dessa pasta, dê duplo clique no arquivo FixPolicies.cmd
  • Terá um icone como este fixvd3.gif
  • Uma tela preta e aparecerá e desaparecerá, rapidamente. Isso é normal e ignore qualquer aviso de erro
  • Reinicie o computador e informe se o problema ainda persiste

Na sua próxima resposta, cole:

O resultado do OTMoveIt3

O resultado do Malwarebytes Anti-Malware

Novo log do DDS e informe o estado do seu computador.

[]'s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então aí vai a primeira parte da "operação": OTMoveIt3 by OldTimer + DDS

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\WINDOWS\system32\drivers\a1br6oax.sys not found.

========== SERVICES/DRIVERS ==========

Unable to stop service a1br6oax .

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E74C4B-2355-40D4-AEFF-D648BDA4856B}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C108AE59-C97F-4517-8B74-5590BE3C2A82}\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJayyxy\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{483910AC-20E0-42A6-B6F5-3902EEF878D0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{483910AC-20E0-42A6-B6F5-3902EEF878D0}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{C108AE59-C97F-4517-8B74-5590BE3C2A82} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C108AE59-C97F-4517-8B74-5590BE3C2A82}\ deleted successfully.

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39ba781-339d-11dc-901c-0018f37fde02}\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\~DFD81D.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_774.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_175811

Files moved on Reboot...

File C:\DOCUME~1\GABRIE~1\CONFIG~1\Temp\~DFD81D.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_774.dat not found!

DDS (Version 1.0.1) - NTFSx86

Run by Gabriel_UFV at 19:48:24.00 on 2008-12-14

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2558.1922 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

D:\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Arquivos de programas\UOL\Acelerador UOL\vcn.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\PerfectDisk\PDAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

D:\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\UOL\Acelerador UOL\AcUOLClt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

D:\PerfectDisk\PDEngine.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

D:\PerfectDisk\PDExchange.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Discador UOL 10.0 Light\Discador Light.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Gabriel_UFV\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.uol.com.br/

uSearch Bar = hxxp://m.busca.uol.com.br/ie/

uURLSearchHooks: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - c:\arquivos de programas\arquivos comuns\uol\urlsearch\UOLSearchHook.dll

mURLSearchHooks: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - c:\arquivos de programas\arquivos comuns\uol\urlsearch\UOLSearchHook.dll

dURLSearchHooks: {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - c:\arquivos de programas\arquivos comuns\uol\urlsearch\UOLSearchHook.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - c:\arquivos de programas\windows live\messenger\wlchtc.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\arquiv~1\gbplugin\gbieh.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\arquivos de programas\daemon tools toolbar\DTToolbar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [Windows Defender] "d:\windows defender\MSASCui.exe" -hide

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [Acrobat Assistant 8.0] "c:\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [avgnt] "c:\arquivos de programas\avira\antivir personaledition classic\avgnt.exe" /min

mRun: [AceleradorUOL] "c:\arquivos de programas\uol\acelerador uol\AcUOLClt.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\autoca~1.lnk - c:\arquivos de programas\arquivos comuns\autodesk shared\acstart16.exe

IE: Append to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\micros~1\office11\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {CF5BC847-094E-4C5A-93B3-2B5F8D757EAC} = 200.165.132.147,200.165.132.154

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\arquiv~1\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399007} - c:\arquivos de programas\gbplugin\gbiehabn.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\arquiv~1\gbplugin\gbieh.dll

SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - d:\window~1\MpShHook.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUkIyYO

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 110096]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-2-17 11264]

R1 avgio;avgio;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgio.sys [2008-11-26 11840]

R2 Acelerador UOL;Acelerador UOL;"c:\arquivos de programas\uol\acelerador uol\vcn.exe" -f "c:\arquivos de programas\uol\acelerador uol\acelerador.cfg" -Srun []

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;"c:\arquivos de programas\avira\antivir personaledition classic\sched.exe" [2008-11-26 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;"c:\arquivos de programas\avira\antivir personaledition classic\avguard.exe" [2008-11-26 151297]

R2 WinDefend;Windows Defender;"d:\windows defender\MsMpEng.exe" [2006-11-3 13592]

R3 avgntflt;avgntflt;\??\c:\arquivos de programas\avira\antivir personaledition classic\avgntflt.sys [2008-11-26 52032]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2008-10-5 163840]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

piffile="%1" %*"

=============== Created Last 30 ================

2008-12-14 17:58 <DIR> --d----- C:\_OTMoveIt

2008-12-10 22:23 161,792 a------- c:\windows\SWREG.exe

2008-12-10 22:23 98,816 a------- c:\windows\sed.exe

2008-12-10 22:23 <DIR> --d----- C:\ComboFix

2008-12-10 22:23 400,896 a------- c:\windows\system32\CF21940.exe

2008-12-10 10:47 400,896 a------- c:\windows\system32\CF16567.exe

2008-12-03 06:29 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Sports Interactive

2008-12-02 23:57 <DIR> --d----- c:\windows\Logs

2008-12-02 23:30 <DIR> --dsh--- c:\documents and settings\gabriel_ufv\UserData

2008-12-02 20:41 <DIR> --d-h--- c:\windows\system32\GroupPolicy

2008-12-01 19:21 410,976 a------- c:\windows\system32\deploytk.dll

2008-12-01 00:37 200 a------- C:\sqmnoopt19.sqm

2008-12-01 00:37 200 a------- C:\sqmdata19.sqm

2008-11-30 23:46 579,072 ac------ c:\windows\system32\dllcache\user32.dll

2008-11-30 23:43 <DIR> --d----- c:\windows\ERUNT

2008-11-30 23:40 200 a------- C:\sqmdata18.sqm

2008-11-30 23:40 200 a------- C:\sqmnoopt18.sqm

2008-11-28 19:32 200 a------- C:\sqmnoopt17.sqm

2008-11-28 19:32 200 a------- C:\sqmdata17.sqm

2008-11-27 19:42 236 a------- C:\sqmdata14.sqm

2008-11-27 19:42 200 a------- C:\sqmnoopt14.sqm

2008-11-27 19:33 236 a------- C:\sqmdata16.sqm

2008-11-27 19:33 200 a------- C:\sqmnoopt16.sqm

2008-11-27 08:54 236 a------- C:\sqmdata13.sqm

2008-11-27 08:54 200 a------- C:\sqmnoopt13.sqm

2008-11-27 07:42 236 a------- C:\sqmdata15.sqm

2008-11-27 07:42 200 a------- C:\sqmnoopt15.sqm

2008-11-27 07:38 400,896 a------- c:\windows\system32\CF14594.exe

2008-11-26 22:40 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Avira

2008-11-26 22:40 <DIR> --d----- c:\arquivos de programas\Avira

2008-11-26 21:36 236 a------- C:\sqmdata12.sqm

2008-11-26 21:36 200 a------- C:\sqmnoopt12.sqm

2008-11-25 21:24 <DIR> a-dshr-- C:\cmdcons

2008-11-25 21:00 236 a------- C:\sqmdata11.sqm

2008-11-25 21:00 200 a------- C:\sqmnoopt11.sqm

2008-11-24 10:48 <DIR> --dshr-- C:\RESTORE

2008-11-20 21:54 <DIR> --d----- c:\documents and settings\gabriel_ufv\Tracing

2008-11-20 21:51 <DIR> --d----- c:\arquivos de programas\Microsoft

2008-11-20 21:31 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Windows Live

==================== Find3M ====================

2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll

2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll

2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll

2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

2008-10-24 09:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 10:52 469,136 a------- c:\windows\system32\perfh016.dat

2008-10-12 10:52 78,760 a------- c:\windows\system32\perfc016.dat

2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll

2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll

2008-10-03 08:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2006-10-28 03:30 463,152 a------- c:\docume~1\gabrie~1\dadosd~1\setup.exe

2007-08-06 21:05 56 ---shr-- c:\windows\system32\21675AC9AD.sys

2007-08-06 21:05 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-05-29 01:17 38,708 a--sh--- c:\windows\system32\OYyIkUtv.ini2

2008-05-29 08:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008052920080530\index.dat

============= FINISH: 19:48:48.60 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 11 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u11-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Se não utiliza roteador, utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigado! Agora vou procurar manter o pc longe desses malwares!

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×