Ir ao conteúdo
  • Cadastre-se
Highlender

Virus desapareceu com meu desktop

Recommended Posts

Olá,

Estou com um grande problema no meu computador. Toda vez que eu o ligo ele fica desse jeito aqui:

Untitled-1.jpg

Eu tenho que acessar ele por essa pasta inicial que aparece aberta quando eu ligo.

Todas as funções continuam funcionando normalmente, exceto que eu tenho que acessar por pastas.

Eu tava com bastante virus esses dias, acho que ficou desse jeito por causa de algum virus. Eu tava com um serio virus no meu svchost.exe. Meu anti-virus era o avast, e nao tava adiantando muita coisa, quando aconteceu isso com meu computador eu baixei um programa do kaspersky que parece ter removido todos os virus, porém meu computador continua desse jeito. e eu nao queria formatar...

Será que tem como arrumar isso?

Desde já agradeço.

Logs:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Usuario at 16:56:31,76 on 04/05/2011

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.2047.915 [GMT -3:00]

.

AV: Windows Live OneCare *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: Windows Live OneCare *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Windows Live OneCare *Disabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe

C:\Program Files\Microsoft Windows OneCare Live\winss.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Usuario\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.orkut.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Shell=explorer.exe rundll32.exe "c:\windows\temp\grpq.ooo" ysrqi

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\users\usuario\program files\dna\btdna.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [fsm]

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\usuario\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"

dRun: [wuaucldt] c:\windows\system32\config\systemprofile\wuaucldt.exe

StartupFolder: c:\users\usuario\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\usuario\desktop\virus removal tool\setup_9.0.0.722_03.05.2011_03-33\startup.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar com o Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

Notify: hevroge - c:\windows\system32\config\systemprofile\appdata\local\hevroge.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\usuario\appdata\roaming\mozilla\firefox\profiles\b6deg8mh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\usuario\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\usuario\program files\dna\plugins\npbtdna.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 26514342;26514342 Boot Guard Driver;c:\windows\system32\drivers\26514342.sys [2011-5-2 37392]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-4-30 46600]

R1 26514341;26514341;c:\windows\system32\drivers\26514341.sys [2011-5-2 128016]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-11 165456]

R1 setup_9.0.0.722_03.05.2011_03-33drv;setup_9.0.0.722_03.05.2011_03-33drv;c:\windows\system32\drivers\2651434.sys [2011-5-2 311312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-11 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-11 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-4-30 56712]

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]

S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2004-1-1 240128]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

S3 CAM1690;SM0169 USB 2.0 Video Camera Test Driver;c:\windows\system32\drivers\cam1690.sys [2006-8-18 51200]

S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-5-3 53168]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-03 21:45:16 209960 ----a-w- c:\progra~2\microsoft\oc\channels\ch3\dplugins\2.0.1.600\OneCareDiagPlugin.dll

2011-05-03 21:38:44 29352 ----a-w- c:\progra~2\microsoft\oc\channels\ch1\html\item_templ\common\fixes\HASFix058456.dll

2011-05-03 21:38:44 23720 ----a-w- c:\progra~2\microsoft\oc\channels\ch1\html\item_templ\common\fixes\HelpAndSupport_TestContent.dll

2011-05-03 21:38:44 23056 ----a-w- c:\progra~2\microsoft\oc\channels\ch1\html\item_templ\common\fixes\HASFix101001.dll

2011-05-03 21:38:44 221208 ----a-w- c:\progra~2\microsoft\oc\channels\ch1\html\item_templ\common\fixes\HelpAndSupportCommon.dll

2011-05-03 21:38:44 21160 ----a-w- c:\progra~2\microsoft\oc\channels\ch1\html\item_templ\common\fixes\HASFix056479.dll

2011-05-03 21:38:44 110248 ----a-w- c:\progra~2\microsoft\oc\channels\ch1\html\item_templ\common\fixes\HelpAndSupportInterface.dll

2011-05-03 21:28:35 37440 ----a-w- c:\windows\system32\drivers\msfwhlpr.sys

2011-05-03 21:28:33 91200 ----a-w- c:\windows\system32\drivers\msfwdrv.sys

2011-05-03 21:28:27 3308624 ----a-w- c:\progra~2\microsoft\onecare protection\definition updates\backup\mpengine.dll

2011-05-03 21:28:18 7071056 ----a-w- c:\progra~2\microsoft\onecare protection\definition updates\{45ac3818-17cf-4ad9-b64e-f6911807753f}\mpengine.dll

2011-05-03 21:27:39 -------- d-----w- c:\program files\common files\PX Storage Engine

2011-05-03 21:27:21 53168 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2011-05-03 21:13:09 -------- d-----w- c:\program files\Microsoft Windows OneCare Live

2011-05-03 14:14:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-05-03 14:14:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-05-03 14:14:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-05-03 14:14:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-03 14:07:51 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f2554db7-ff89-4123-af49-69ca4c93a692}\mpengine.dll

2011-05-03 02:18:45 -------- d-----w- c:\progra~2\Kaspersky Lab

2011-05-03 02:17:19 37392 ----a-w- c:\windows\system32\drivers\26514342.sys

2011-05-03 02:17:19 311312 ----a-w- c:\windows\system32\drivers\2651434.sys

2011-05-03 02:17:19 128016 ----a-w- c:\windows\system32\drivers\26514341.sys

2011-05-01 01:18:30 46600 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2011-05-01 01:18:14 -------- d-----w- c:\program files\GbPlugin

2011-05-01 01:18:14 -------- d-----w- c:\progra~2\GbPlugin

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-12 21:42:25 -------- d-----w- c:\windows\windupdate

2011-04-06 20:15:46 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-04-06 20:15:46 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-04-06 20:15:46 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-04-06 20:15:46 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-04-06 20:15:46 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-04-06 20:15:46 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-04-06 20:15:46 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-04-06 20:15:46 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-04-06 20:15:46 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-04-06 20:15:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

==================== Find3M ====================

.

2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll

2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec

2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll

2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 16:56:54,52 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft® Windows Vista™ Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 07/04/2009 18:39:18

System Uptime: 04/05/2011 12:44:14 (4 hours ago)

.

Motherboard: PCWARE | | PW-945GCX

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 53,007 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador do Microsoft 6to4

Device ID: ROOT\*6TO4MP\0002

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP\0002

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador do Microsoft ISATAP

Device ID: ROOT\*ISATAP\0009

Manufacturer: Microsoft

Name: isatap.{2D68E7B6-27D4-4EE0-95AF-D62F8D2553EA}

PNP Device ID: ROOT\*ISATAP\0009

Service: tunnel

.

==== System Restore Points ===================

.

RP632: 03/05/2011 11:03:57 - Windows Update

RP634: 03/05/2011 21:06:40 - Microsoft OneCare Protection Checkpoint

RP635: 04/05/2011 03:01:07 - Windows Update

RP636: 04/05/2011 16:10:15 - Ponto de Verificação Agendado

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 4.65

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Drive CS4

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Linguistics CS4

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader 9.4.3 - Português

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Any Video Converter 2.7.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV Player

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

avast! Free Antivirus

Barra de Ferramentas do Yahoo!

BitTorrent

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 6.0.1

Bonjour

BufferChm

Connect

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang EN

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

CustomerResearchQFolder

D2400

D2400_Help

dBpoweramp Music Converter

DeviceDiscovery

DeviceManagementQFolder

dj_sf_ProductContext

dj_sf_software

dj_sf_software_req

DNA

DVD Shrink 3.2

eMule

eSupportQFolder

Ferramenta de Carregamento do Windows Live

Free Download Manager 3.0

Free Mp3 Wma Converter V 1.9

getTube 2010 - Downloader de áudio e vídeo

Google Books Download

Google Chrome

GTOneCare

Harry Potter e o Enigma do Príncipe™

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 9.0

HP Deskjet Printer Driver Software 9.0

HP Imaging Device Functions 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Smart Web Printing 4.60

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

iTunes

Java Auto Updater

Java 6 Update 24

JPEG USB Video Camera Driver v0.5

kuler

Last.fm 1.5.4.27091

MarketResearch

Messenger Plus! Live

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Protection Service

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows Live OneCare Resources v2.5.2900.30

Microsoft Windows OneCare Live AntiSpyware and AntiVirus

Microsoft Windows OneCare Live v2.5.2900.30

Microsoft Windows OneCare Live v2.5.2900.30 Idcrl Install

mIRC

Mozilla Firefox 4.0.1 (x86 pt-BR)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

Octoshape add-in for Adobe Flash Player

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

PanoStandAlone

PDF Settings CS4

Photoshop Camera Raw

Picasa 3

PowerDVD

PSSWCORE

PX Engine

QuickTime

Real Alternative 1.9.0

Replay Music

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype Toolbars

Skype™ 5.1

SmartWebPrinting

Software Informer 1.0 BETA

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Status

Suite Shared Configuration CS4

Super Mario 3 : Mario Forever

Toolbox

TrayApp

Tunatic

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Outlook 2007 Junk Email Filter (KB2522999)

VDownloader 2.7.322

VideoToolkit01

VirtualCloneDrive

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

VLC media player 1.0.5

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Messenger

Windows Live Movie Maker

Windows Live OneCare

Windows Live Sync

WorldUnlock Codes Calculator

Yahoo! Messenger

Yahoo! Software Update

.

==== End Of File ===========================

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-04 16:56:06

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250310AS rev.4.AAA

Running: gmer.exe; Driver: C:\Users\Usuario\AppData\Local\Temp\kxtiafow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8DFB9B9C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8DFB99C0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8DFB9AFA]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwLoadDriver 8296C30C 7 Bytes JMP 8DFB9AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 829ABF32 5 Bytes JMP 8DFB55B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntoskrnl.exe!ObInsertObject 829F9B96 5 Bytes JMP 8DFB6F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntoskrnl.exe!NtCreateSection 82A1208F 7 Bytes JMP 8DFB99C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 82A9088C 7 Bytes JMP 8DFB9BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8D004340, 0x40E2A7, 0xE8000020]

? C:\Users\Usuario\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[724] kernel32.dll!FreeLibrary 772F08F8 5 Bytes JMP 100BD190 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Windows\system32\services.exe[724] kernel32.dll!FreeLibraryAndExitThread 772F4CBB 5 Bytes JMP 100BD020 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[724] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00780002

IAT C:\Windows\system32\services.exe[724] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00780000

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [75088864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [750C9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7508B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7507FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [75087A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7507EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [750BB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7508BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [75080756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [750806BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [750771B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7510D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [750A7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7507E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7507697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [750769A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\explorer.exe[3600] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [75082475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você possui dois antivírus instalados, escolha um e desinstale o outro.

Feito isso, poste novo log do DDS.

Compartilhar este post


Link para o post
Compartilhar em outros sites

tá aqui o novo log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Usuario at 20:21:50,84 on 06/05/2011

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.2047.917 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Usuario\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.orkut.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Shell=explorer.exe rundll32.exe "c:\windows\temp\grpq.ooo" ysrqi

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\users\usuario\program files\dna\btdna.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [fsm]

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\usuario\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [wuaucldt] c:\windows\system32\config\systemprofile\wuaucldt.exe

StartupFolder: c:\users\usuario\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\usuario\desktop\virus removal tool\setup_9.0.0.722_03.05.2011_03-33\startup.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar com o Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

Notify: hevroge - c:\windows\system32\config\systemprofile\appdata\local\hevroge.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\usuario\appdata\roaming\mozilla\firefox\profiles\b6deg8mh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\usuario\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\usuario\program files\dna\plugins\npbtdna.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 26514342;26514342 Boot Guard Driver;c:\windows\system32\drivers\26514342.sys [2011-5-2 37392]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-4-30 46600]

R1 26514341;26514341;c:\windows\system32\drivers\26514341.sys [2011-5-2 128016]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-11 165456]

R1 setup_9.0.0.722_03.05.2011_03-33drv;setup_9.0.0.722_03.05.2011_03-33drv;c:\windows\system32\drivers\2651434.sys [2011-5-2 311312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-11 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-11 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-4-30 56712]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]

S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2004-1-1 240128]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

S3 CAM1690;SM0169 USB 2.0 Video Camera Test Driver;c:\windows\system32\drivers\cam1690.sys [2006-8-18 51200]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-06 22:24:25 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{25a147e8-3860-4c0d-9373-0c9d162d1351}\mpengine.dll

2011-05-04 20:06:42 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-05-04 20:06:42 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2011-05-03 14:14:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-05-03 14:14:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-05-03 14:14:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-05-03 14:14:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-03 02:18:45 -------- d-----w- c:\progra~2\Kaspersky Lab

2011-05-03 02:17:19 37392 ----a-w- c:\windows\system32\drivers\26514342.sys

2011-05-03 02:17:19 311312 ----a-w- c:\windows\system32\drivers\2651434.sys

2011-05-03 02:17:19 128016 ----a-w- c:\windows\system32\drivers\26514341.sys

2011-05-01 01:18:30 46600 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2011-05-01 01:18:14 -------- d-----w- c:\program files\GbPlugin

2011-05-01 01:18:14 -------- d-----w- c:\progra~2\GbPlugin

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-12 21:42:25 -------- d-----w- c:\windows\windupdate

.

==================== Find3M ====================

.

2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll

2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec

2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll

2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 20:22:55,24 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: c:\windows\system32\config\systemprofile\wuaucldt.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: c:\windows\system32\config\systemprofile\wuaucldt.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Não consegui fazer o upload do arquivo... O arquivo não foi encontrado ou não existe.

E agora?

Valeu!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você configurou para visualizar os arquivos ocultos? Clique no botão procurar e navegue até o caminho, não copie e cole.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Estranho...

Poste novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui está:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Usuario at 2:29:16,49 on 10/05/2011

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.55.1046.18.2047.859 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Usuario\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.orkut.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Shell=explorer.exe rundll32.exe "c:\windows\temp\grpq.ooo" ysrqi

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\program files\gbplugin\gbieh.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL

TB: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "c:\users\usuario\program files\dna\btdna.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [fsm]

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\usuario\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [wuaucldt] c:\windows\system32\config\systemprofile\wuaucldt.exe

StartupFolder: c:\users\usuario\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup_~1.lnk - c:\users\usuario\desktop\virus removal tool\setup_9.0.0.722_03.05.2011_03-33\startup.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Baixar com o Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll

Notify: hevroge - c:\windows\system32\config\systemprofile\appdata\local\hevroge.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\program files\gbplugin\gbieh.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\usuario\appdata\roaming\mozilla\firefox\profiles\b6deg8mh.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\usuario\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\usuario\program files\dna\plugins\npbtdna.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 26514342;26514342 Boot Guard Driver;c:\windows\system32\drivers\26514342.sys [2011-5-2 37392]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-4-30 46600]

R1 26514341;26514341;c:\windows\system32\drivers\26514341.sys [2011-5-2 128016]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-11 165456]

R1 setup_9.0.0.722_03.05.2011_03-33drv;setup_9.0.0.722_03.05.2011_03-33drv;c:\windows\system32\drivers\2651434.sys [2011-5-2 311312]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-11 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-11 50256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-4-30 56712]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]

S0 OemBiosDevice;Royalty OEM BIOS Extension;c:\windows\system32\drivers\royal.sys [2004-1-1 240128]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-1 40384]

S3 CAM1690;SM0169 USB 2.0 Video Camera Test Driver;c:\windows\system32\drivers\cam1690.sys [2006-8-18 51200]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-05-06 22:24:25 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{25a147e8-3860-4c0d-9373-0c9d162d1351}\mpengine.dll

2011-05-04 20:06:42 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-05-04 20:06:42 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2011-05-03 14:14:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-05-03 14:14:55 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-05-03 14:14:36 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-05-03 14:14:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-05-03 02:18:45 -------- d-----w- c:\progra~2\Kaspersky Lab

2011-05-03 02:17:19 37392 ----a-w- c:\windows\system32\drivers\26514342.sys

2011-05-03 02:17:19 311312 ----a-w- c:\windows\system32\drivers\2651434.sys

2011-05-03 02:17:19 128016 ----a-w- c:\windows\system32\drivers\26514341.sys

2011-05-01 01:18:30 46600 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2011-05-01 01:18:14 -------- d-----w- c:\program files\GbPlugin

2011-05-01 01:18:14 -------- d-----w- c:\progra~2\GbPlugin

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-04-12 21:42:25 -------- d-----w- c:\windows\windupdate

.

==================== Find3M ====================

.

2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys

2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll

2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec

2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll

2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 2:30:26,66 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×