Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
ComboFix 10-06-10.06 - windows 11/06/2010 23:19:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.893.468 [GMT -3:00]
Executando de: c:\documents and settings\windows\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dados de aplicativos\6a15cc7
c:\documents and settings\All Users\Dados de aplicativos\6a15cc7\8121.mof
c:\documents and settings\All Users\Dados de aplicativos\6a15cc7\mozcrt19.dll
c:\documents and settings\All Users\Dados de aplicativos\6a15cc7\SMAV.ico
c:\documents and settings\All Users\Dados de aplicativos\6a15cc7\SMAVSys\vd952342.bd
c:\documents and settings\All Users\Dados de aplicativos\6a15cc7\sqlite3.dll
c:\documents and settings\windows\Dados de aplicativos\inst.exe
c:\documents and settings\windows\Recent\cb.tmp
c:\documents and settings\windows\Recent\eb.exe
c:\documents and settings\windows\Recent\eb.tmp
c:\documents and settings\windows\Recent\energy.exe
c:\documents and settings\windows\Recent\energy.sys
c:\documents and settings\windows\Recent\exec.dll
c:\documents and settings\windows\Recent\exec.tmp
c:\documents and settings\windows\Recent\kernel32.exe
c:\documents and settings\windows\Recent\kernel32.sys
c:\documents and settings\windows\Recent\PE.exe
c:\documents and settings\windows\Recent\PE.sys
c:\documents and settings\windows\Recent\PE.tmp
c:\documents and settings\windows\Recent\sld.sys
c:\documents and settings\windows\Recent\SM.sys
c:\documents and settings\windows\Recent\snl2w.dll
c:\documents and settings\windows\Recent\snl2w.drv
c:\documents and settings\windows\Recent\tjd.sys
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))
.
2010-06-11 23:32 . 2010-06-12 00:02 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\GetRightToGo
2010-06-11 21:08 . 2010-06-11 21:08 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2010-06-11 03:42 . 2010-06-11 03:42 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\IObit
2010-06-11 03:42 . 2010-06-11 03:42 -------- d-----w- c:\arquivos de programas\IObit
2010-06-11 03:28 . 2010-06-11 03:44 -------- d-----w- c:\arquivos de programas\Wise Registry Cleaner
2010-06-11 03:09 . 2010-06-11 03:09 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-11 03:09 . 2010-06-11 03:09 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-11 03:09 . 2010-06-11 22:44 -------- d-----w- c:\arquivos de programas\AVG
2010-06-11 03:09 . 2010-06-11 22:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Malwarebytes
2010-06-11 02:34 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-06-11 02:34 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-06-11 01:37 . 2010-06-11 01:37 -------- d-----w- c:\arquivos de programas\Crawler
2010-06-11 01:28 . 2010-06-11 01:28 -------- d-----w- c:\arquivos de programas\SpywareBlaster
2010-06-10 23:54 . 2010-06-10 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2010-06-10 23:06 . 2010-06-10 23:06 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\SMOCNAFQHYAV
2010-06-07 03:15 . 2010-06-07 03:15 -------- d-----w- C:\Ares
2010-06-03 05:17 . 2005-05-03 21:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-06-03 02:44 . 2010-06-03 02:44 -------- d-----w- c:\arquivos de programas\Positivo
2010-06-03 02:25 . 2010-06-03 02:25 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-06-03 02:24 . 2010-06-03 02:24 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Uniblue
2010-06-03 02:24 . 2010-06-03 02:24 -------- d-----w- c:\arquivos de programas\Uniblue
2010-06-03 01:27 . 2010-06-03 01:28 -------- d-----w- C:\audio
2010-05-20 23:47 . 2010-06-10 16:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-05-20 23:03 . 2010-05-20 23:03 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Yahoo!
2010-05-20 23:03 . 2010-06-10 22:32 -------- d-----w- c:\arquivos de programas\Yahoo!
2010-05-20 23:03 . 2010-05-20 23:03 -------- d-----w- c:\arquivos de programas\CCleaner
2010-05-20 13:51 . 2004-08-04 03:45 4096 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll
2010-05-20 13:06 . 2010-02-10 14:18 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
2010-05-18 23:55 . 2010-05-18 23:55 -------- d-----w- c:\windows\Sun
2010-05-15 17:26 . 2010-05-15 17:26 -------- d-----w- c:\arquivos de programas\Avatar Sizer
2010-05-13 22:49 . 2010-05-13 22:49 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Astroburn Lite
2010-05-13 22:49 . 2010-05-20 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Astroburn Lite
2010-05-13 22:25 . 2010-05-14 01:24 -------- d-----w- C:\DRIVES 1.500
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 02:19 . 2010-04-28 17:18 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\uTorrent
2010-06-12 01:27 . 2010-04-28 19:46 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\vlc
2010-06-11 13:41 . 2010-04-29 02:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 11:44 . 2010-04-28 17:48 -------- d-----w- c:\arquivos de programas\DreaMule
2010-06-11 03:18 . 2010-04-28 17:19 -------- d-----w- c:\arquivos de programas\uTorrent
2010-06-11 01:13 . 2010-03-14 01:40 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-06-11 01:11 . 2010-03-14 02:11 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Nero
2010-06-11 01:11 . 2010-03-14 00:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2010-06-11 00:57 . 2010-05-02 13:25 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\dvdcss
2010-06-10 22:44 . 2010-04-28 23:38 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Vso
2010-06-10 22:44 . 2010-04-28 23:38 47360 ----a-w- c:\documents and settings\windows\Dados de aplicativos\pcouffin.sys
2010-06-10 22:44 . 2010-04-28 23:38 47360 ----a-w- c:\documents and settings\windows\Dados de aplicativos\pcouffin.sys
2010-06-08 22:12 . 2010-04-28 05:22 -------- d-----w- c:\arquivos de programas\sisagp
2010-06-03 02:43 . 2010-03-14 01:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-05-27 22:35 . 2001-10-28 12:07 50002 ----a-w- c:\windows\system32\perfc016.dat
2010-05-27 22:35 . 2001-10-28 12:07 347886 ----a-w- c:\windows\system32\perfh016.dat
2010-05-20 21:14 . 2010-04-28 17:19 -------- d-----w- c:\arquivos de programas\Ask.com
2010-05-06 16:47 . 2010-05-06 16:47 -------- d-----w- c:\arquivos de programas\Opera
2010-05-03 14:40 . 2010-04-28 20:47 -------- d-----w- c:\arquivos de programas\Ares
2010-04-30 00:07 . 2010-04-30 00:07 1109 ----a-w- c:\arquivos de programas\Ares_Portable_2.1.5.3039[Uploader By DeLL].rar[www.b2s-share.com].torrent
2010-04-30 00:00 . 2010-04-30 00:00 2818209 ----a-w- c:\arquivos de programas\Ares_Installer.exe
2010-04-29 23:57 . 2010-04-29 23:56 2439433 ----a-w- c:\arquivos de programas\aresregular215_installer.exe
2010-04-29 00:46 . 2010-04-29 00:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-04-28 23:38 . 2010-04-28 23:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-28 18:47 . 2010-04-28 18:47 -------- d-----w- c:\arquivos de programas\VideoLAN
2010-04-28 17:43 . 2010-04-28 17:43 0 ----a-w- c:\windows\nsreg.dat
2010-04-28 17:29 . 2010-04-28 17:29 -------- d-----w- c:\arquivos de programas\VS Revo Group
2010-04-28 16:57 . 2010-04-28 16:57 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\CyberLink
2010-04-28 16:56 . 2010-04-28 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-04-28 05:25 . 2010-04-28 05:25 -------- d-----w- c:\arquivos de programas\REALTEK RTL8187B Wireless LAN Driver
2010-04-28 05:25 . 2010-04-28 05:25 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\InstallShield
2010-04-28 05:21 . 2010-04-28 05:21 -------- d-----w- c:\arquivos de programas\Synaptics
2010-04-28 05:20 . 2010-04-28 05:20 -------- d-----w- c:\arquivos de programas\Motorola
2010-04-28 04:34 . 2010-04-28 04:34 -------- d-----w- c:\arquivos de programas\Realtek
2010-04-28 04:34 . 2010-04-28 04:34 315392 ----a-w- c:\windows\HideWin.exe
2010-04-28 03:48 . 2010-04-28 03:48 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Media Player Classic
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-06-11 322352]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-02-08 1015808]
"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-03-14 149280]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-19 634880]
"SynTPStart"="c:\arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=
"c:\\Documents and Settings\\windows\\Meus documentos\\Downloads\\ares\\Ares_Portable_2.1.5.3039[Uploader By DeLL]\\Ares.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28/4/2010 01:34 77968]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [28/4/2010 02:25 288000]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/6/2010 00:09 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/6/2010 00:09 29208]
S3 cpuz129;cpuz129; [x]
.
Conteúdo da pasta 'Tarefas Agendadas'
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Crawler Search - tbr:iemenu
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {1B47C712-BCAA-499F-9F11-7D1D76CF5EAC} = 201.10.120.2,201.10.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\gdyxi5p1.default\
FF - prefs.js: browser.startup.homepage - www.disponivel.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORFÃOS REMOVIDOS - - - -
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-11 23:22
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\imon.dll
.
Tempo para conclusão: 2010-06-11 23:23:30
ComboFix-quarantined-files.txt 2010-06-12 02:23
Pré-execução: 11 pasta(s) 13.517.787.136 bytes disponíveis
Pós execução: 13 pasta(s) 14.036.529.152 bytes disponíveis
- - End Of File - - C284129829F437EF6BE57259F97A5BB4
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
igoreso
Super Participante
Registrado
704 Mensagens
22 Curtidas
Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
Selecione e copie o texto dentro da codebox. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
File::
c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
c:\arquivos de programas\Ask.com
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"=-
Driver::
cpuz129
Firefox::
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_ BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm .dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshar ed.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupp ort.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg. dll
FF - ProfilePath - c:\documents and settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\gdyxi5p1.defa ult\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_ BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm .dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshar ed.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupp ort.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg. dll
DDS::
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.
O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Cole o relatório criado em C:\combofix.txt e novo log do HTJ.
Não respondo duvidas por MP, e-mail e msn! Use o fórum!
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
ComboFix 10-06-10.06 - windows 12/06/2010 1:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.893.584 [GMT -3:00]
Executando de: c:\documents and settings\windows\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\windows\Desktop\CFScript.txt..txt
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))
.
2010-06-11 23:32 . 2010-06-12 00:02 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\GetRightToGo
2010-06-11 21:08 . 2010-06-11 21:08 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2010-06-11 03:42 . 2010-06-11 03:42 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\IObit
2010-06-11 03:42 . 2010-06-11 03:42 -------- d-----w- c:\arquivos de programas\IObit
2010-06-11 03:28 . 2010-06-11 03:44 -------- d-----w- c:\arquivos de programas\Wise Registry Cleaner
2010-06-11 03:09 . 2010-06-11 03:09 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-11 03:09 . 2010-06-11 03:09 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-11 03:09 . 2010-06-11 22:44 -------- d-----w- c:\arquivos de programas\AVG
2010-06-11 03:09 . 2010-06-11 22:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Malwarebytes
2010-06-11 02:34 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-06-11 02:34 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-06-11 01:37 . 2010-06-11 01:37 -------- d-----w- c:\arquivos de programas\Crawler
2010-06-11 01:28 . 2010-06-11 01:28 -------- d-----w- c:\arquivos de programas\SpywareBlaster
2010-06-10 23:54 . 2010-06-10 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2010-06-10 23:06 . 2010-06-10 23:06 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\SMOCNAFQHYAV
2010-06-07 03:15 . 2010-06-07 03:15 -------- d-----w- C:\Ares
2010-06-03 05:17 . 2005-05-03 21:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-06-03 02:44 . 2010-06-03 02:44 -------- d-----w- c:\arquivos de programas\Positivo
2010-06-03 02:25 . 2010-06-03 02:25 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-06-03 02:24 . 2010-06-03 02:24 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Uniblue
2010-06-03 02:24 . 2010-06-03 02:24 -------- d-----w- c:\arquivos de programas\Uniblue
2010-06-03 01:27 . 2010-06-03 01:28 -------- d-----w- C:\audio
2010-05-20 23:47 . 2010-06-10 16:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-05-20 23:03 . 2010-05-20 23:03 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Yahoo!
2010-05-20 23:03 . 2010-06-10 22:32 -------- d-----w- c:\arquivos de programas\Yahoo!
2010-05-20 23:03 . 2010-05-20 23:03 -------- d-----w- c:\arquivos de programas\CCleaner
2010-05-20 13:51 . 2004-08-04 03:45 4096 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll
2010-05-20 13:06 . 2010-02-10 14:18 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
2010-05-18 23:55 . 2010-05-18 23:55 -------- d-----w- c:\windows\Sun
2010-05-15 17:26 . 2010-05-15 17:26 -------- d-----w- c:\arquivos de programas\Avatar Sizer
2010-05-13 22:49 . 2010-05-13 22:49 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Astroburn Lite
2010-05-13 22:49 . 2010-05-20 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Astroburn Lite
2010-05-13 22:25 . 2010-05-14 01:24 -------- d-----w- C:\DRIVES 1.500
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 04:11 . 2010-04-28 17:18 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\uTorrent
2010-06-12 02:58 . 2010-06-12 02:58 -------- d-----w- c:\arquivos de programas\ESET
2010-06-12 01:27 . 2010-04-28 19:46 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\vlc
2010-06-11 13:41 . 2010-04-29 02:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 11:44 . 2010-04-28 17:48 -------- d-----w- c:\arquivos de programas\DreaMule
2010-06-11 03:18 . 2010-04-28 17:19 -------- d-----w- c:\arquivos de programas\uTorrent
2010-06-11 01:13 . 2010-03-14 01:40 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-06-11 01:11 . 2010-03-14 02:11 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Nero
2010-06-11 01:11 . 2010-03-14 00:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2010-06-11 00:57 . 2010-05-02 13:25 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\dvdcss
2010-06-10 22:44 . 2010-04-28 23:38 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Vso
2010-06-10 22:44 . 2010-04-28 23:38 47360 ----a-w- c:\documents and settings\windows\Dados de aplicativos\pcouffin.sys
2010-06-10 22:44 . 2010-04-28 23:38 47360 ----a-w- c:\documents and settings\windows\Dados de aplicativos\pcouffin.sys
2010-06-08 22:12 . 2010-04-28 05:22 -------- d-----w- c:\arquivos de programas\sisagp
2010-06-03 02:43 . 2010-03-14 01:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-05-27 22:35 . 2001-10-28 12:07 50002 ----a-w- c:\windows\system32\perfc016.dat
2010-05-27 22:35 . 2001-10-28 12:07 347886 ----a-w- c:\windows\system32\perfh016.dat
2010-05-20 21:14 . 2010-04-28 17:19 -------- d-----w- c:\arquivos de programas\Ask.com
2010-05-06 16:47 . 2010-05-06 16:47 -------- d-----w- c:\arquivos de programas\Opera
2010-05-03 14:40 . 2010-04-28 20:47 -------- d-----w- c:\arquivos de programas\Ares
2010-04-30 00:07 . 2010-04-30 00:07 1109 ----a-w- c:\arquivos de programas\Ares_Portable_2.1.5.3039[Uploader By DeLL].rar[www.b2s-share.com].torrent
2010-04-30 00:00 . 2010-04-30 00:00 2818209 ----a-w- c:\arquivos de programas\Ares_Installer.exe
2010-04-29 23:57 . 2010-04-29 23:56 2439433 ----a-w- c:\arquivos de programas\aresregular215_installer.exe
2010-04-29 00:46 . 2010-04-29 00:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-04-28 23:38 . 2010-04-28 23:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-28 18:47 . 2010-04-28 18:47 -------- d-----w- c:\arquivos de programas\VideoLAN
2010-04-28 17:43 . 2010-04-28 17:43 0 ----a-w- c:\windows\nsreg.dat
2010-04-28 17:29 . 2010-04-28 17:29 -------- d-----w- c:\arquivos de programas\VS Revo Group
2010-04-28 16:57 . 2010-04-28 16:57 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\CyberLink
2010-04-28 16:56 . 2010-04-28 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-04-28 05:25 . 2010-04-28 05:25 -------- d-----w- c:\arquivos de programas\REALTEK RTL8187B Wireless LAN Driver
2010-04-28 05:25 . 2010-04-28 05:25 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\InstallShield
2010-04-28 05:21 . 2010-04-28 05:21 -------- d-----w- c:\arquivos de programas\Synaptics
2010-04-28 05:20 . 2010-04-28 05:20 -------- d-----w- c:\arquivos de programas\Motorola
2010-04-28 04:34 . 2010-04-28 04:34 -------- d-----w- c:\arquivos de programas\Realtek
2010-04-28 04:34 . 2010-04-28 04:34 315392 ----a-w- c:\windows\HideWin.exe
2010-04-28 03:48 . 2010-04-28 03:48 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Media Player Classic
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-06-11 322352]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-02-08 1015808]
"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-03-14 149280]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-19 634880]
"SynTPStart"="c:\arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=
"c:\\Documents and Settings\\windows\\Meus documentos\\Downloads\\ares\\Ares_Portable_2.1.5.3039[Uploader By DeLL]\\Ares.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28/4/2010 01:34 77968]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [28/4/2010 02:25 288000]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/6/2010 00:09 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/6/2010 00:09 29208]
S3 cpuz129;cpuz129; [x]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Crawler Search - tbr:iemenu
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {1B47C712-BCAA-499F-9F11-7D1D76CF5EAC} = 201.10.120.2,201.10.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\gdyxi5p1.default\
FF - prefs.js: browser.startup.homepage - www.disponivel.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 01:13
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-06-12 01:15:00
ComboFix-quarantined-files.txt 2010-06-12 04:14
ComboFix2.txt 2010-06-12 02:23
Pré-execução: 12 pasta(s) 16.454.049.792 bytes disponíveis
Pós execução: 13 pasta(s) 16.555.597.824 bytes disponíveis
- - End Of File - - B8F1E5A32D93C6EA835713F4B9E86E7C
.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:21:16, on 12/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\windows\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60342
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60342
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B47C712-BCAA-499F-9F11-7D1D76CF5EAC}: NameServer = 201.10.120.2,201.10.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B47C712-BCAA-499F-9F11-7D1D76CF5EAC}: NameServer = 201.10.120.2,201.10.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B47C712-BCAA-499F-9F11-7D1D76CF5EAC}: NameServer = 201.10.120.2,201.10.128.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 5872 bytes
igoreso
Super Participante
Registrado
704 Mensagens
22 Curtidas
Selecione e copie o texto dentro da codebox. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
[code=rich]File::
c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
c:\arquivos de programas\Ask.com
c:\windows\HideWin.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"=-
Driver::
cpuz129
Firefox::
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_ BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm .dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshar ed.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupp ort.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg. dll
FF - ProfilePath - c:\documents and settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\gdyxi5p1.defa ult\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_ BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm .dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshar ed.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupp ort.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg. dll
FF - prefs.js: browser.startup.homepage - www.disponivel.com
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
DDS::
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll
[/code]Voce não segui os passos acima! Uma pergunta foi voce que pós á pagina inicial do Firefox para esse site abaixo? Se desconhece me avise isso pode ser atividade de malware!
www.disponivel.com
Não respondo duvidas por MP, e-mail e msn! Use o fórum!
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
Os passos complico para mim quando vc citou codebox.Nao sabia que era para selicionar -copiar o que estava logo abaixo ,(dentro do quadrado). E agora, como podemos continuar?
obs-EU JA INSTALEI O NOVO ANTIVIRUS (SINAL QUE OS OUTROS FORAO REMOVIDOS).
quanto aquela pagina que vc me perguntou eu desconheço.
igoreso
Super Participante
Registrado
704 Mensagens
22 Curtidas
Os passos complico para mim quando vc citou codebox.Nao sabia que era para selicionar -copiar o que estava logo abaixo ,(dentro do quadrado). E agora, como podemos continuar?
obs-EU JA INSTALEI O NOVO ANTIVIRUS (SINAL QUE OS OUTROS FORAO REMOVIDOS).
quanto aquela pagina que vc me perguntou eu desconheço.
Basta copiar o texto dentro do quadrado abrir o bloco de notas colar lá e salvar com o CFScript.txt e arrastar contra o combofix.exe, desligue o AVG!
Não respondo duvidas por MP, e-mail e msn! Use o fórum!
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
ComboFix 10-06-10.06 - windows 12/06/2010 1:11.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.893.584 [GMT -3:00]
Executando de: c:\documents and settings\windows\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\windows\Desktop\CFScript.txt..txt
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))
.
2010-06-11 23:32 . 2010-06-12 00:02 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\GetRightToGo
2010-06-11 21:08 . 2010-06-11 21:08 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security
2010-06-11 03:42 . 2010-06-11 03:42 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\IObit
2010-06-11 03:42 . 2010-06-11 03:42 -------- d-----w- c:\arquivos de programas\IObit
2010-06-11 03:28 . 2010-06-11 03:44 -------- d-----w- c:\arquivos de programas\Wise Registry Cleaner
2010-06-11 03:09 . 2010-06-11 03:09 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-06-11 03:09 . 2010-06-11 03:09 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-06-11 03:09 . 2010-06-11 22:44 -------- d-----w- c:\arquivos de programas\AVG
2010-06-11 03:09 . 2010-06-11 22:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Malwarebytes
2010-06-11 02:34 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-06-11 02:34 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 02:34 . 2010-06-11 02:34 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-06-11 01:37 . 2010-06-11 01:37 -------- d-----w- c:\arquivos de programas\Crawler
2010-06-11 01:28 . 2010-06-11 01:28 -------- d-----w- c:\arquivos de programas\SpywareBlaster
2010-06-10 23:54 . 2010-06-10 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files
2010-06-10 23:06 . 2010-06-10 23:06 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\SMOCNAFQHYAV
2010-06-07 03:15 . 2010-06-07 03:15 -------- d-----w- C:\Ares
2010-06-03 05:17 . 2005-05-03 21:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-06-03 02:44 . 2010-06-03 02:44 -------- d-----w- c:\arquivos de programas\Positivo
2010-06-03 02:25 . 2010-06-03 02:25 -------- d-----w- c:\documents and settings\All Users\Uniblue
2010-06-03 02:24 . 2010-06-03 02:24 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Uniblue
2010-06-03 02:24 . 2010-06-03 02:24 -------- d-----w- c:\arquivos de programas\Uniblue
2010-06-03 01:27 . 2010-06-03 01:28 -------- d-----w- C:\audio
2010-05-20 23:47 . 2010-06-10 16:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP
2010-05-20 23:03 . 2010-05-20 23:03 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Yahoo!
2010-05-20 23:03 . 2010-06-10 22:32 -------- d-----w- c:\arquivos de programas\Yahoo!
2010-05-20 23:03 . 2010-05-20 23:03 -------- d-----w- c:\arquivos de programas\CCleaner
2010-05-20 13:51 . 2004-08-04 03:45 4096 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\USMT\iconlib.dll
2010-05-20 13:06 . 2010-02-10 14:18 2131336 ----a-w- c:\arquivos de programas\Arquivos comuns\AskToolbarInstaller.exe
2010-05-18 23:55 . 2010-05-18 23:55 -------- d-----w- c:\windows\Sun
2010-05-15 17:26 . 2010-05-15 17:26 -------- d-----w- c:\arquivos de programas\Avatar Sizer
2010-05-13 22:49 . 2010-05-13 22:49 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Astroburn Lite
2010-05-13 22:49 . 2010-05-20 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Astroburn Lite
2010-05-13 22:25 . 2010-05-14 01:24 -------- d-----w- C:\DRIVES 1.500
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 04:11 . 2010-04-28 17:18 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\uTorrent
2010-06-12 02:58 . 2010-06-12 02:58 -------- d-----w- c:\arquivos de programas\ESET
2010-06-12 01:27 . 2010-04-28 19:46 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\vlc
2010-06-11 13:41 . 2010-04-29 02:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-11 11:44 . 2010-04-28 17:48 -------- d-----w- c:\arquivos de programas\DreaMule
2010-06-11 03:18 . 2010-04-28 17:19 -------- d-----w- c:\arquivos de programas\uTorrent
2010-06-11 01:13 . 2010-03-14 01:40 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-06-11 01:11 . 2010-03-14 02:11 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Nero
2010-06-11 01:11 . 2010-03-14 00:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero
2010-06-11 00:57 . 2010-05-02 13:25 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\dvdcss
2010-06-10 22:44 . 2010-04-28 23:38 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Vso
2010-06-10 22:44 . 2010-04-28 23:38 47360 ----a-w- c:\documents and settings\windows\Dados de aplicativos\pcouffin.sys
2010-06-10 22:44 . 2010-04-28 23:38 47360 ----a-w- c:\documents and settings\windows\Dados de aplicativos\pcouffin.sys
2010-06-08 22:12 . 2010-04-28 05:22 -------- d-----w- c:\arquivos de programas\sisagp
2010-06-03 02:43 . 2010-03-14 01:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2010-05-27 22:35 . 2001-10-28 12:07 50002 ----a-w- c:\windows\system32\perfc016.dat
2010-05-27 22:35 . 2001-10-28 12:07 347886 ----a-w- c:\windows\system32\perfh016.dat
2010-05-20 21:14 . 2010-04-28 17:19 -------- d-----w- c:\arquivos de programas\Ask.com
2010-05-06 16:47 . 2010-05-06 16:47 -------- d-----w- c:\arquivos de programas\Opera
2010-05-03 14:40 . 2010-04-28 20:47 -------- d-----w- c:\arquivos de programas\Ares
2010-04-30 00:07 . 2010-04-30 00:07 1109 ----a-w- c:\arquivos de programas\Ares_Portable_2.1.5.3039[Uploader By DeLL].rar[www.b2s-share.com].torrent
2010-04-30 00:00 . 2010-04-30 00:00 2818209 ----a-w- c:\arquivos de programas\Ares_Installer.exe
2010-04-29 23:57 . 2010-04-29 23:56 2439433 ----a-w- c:\arquivos de programas\aresregular215_installer.exe
2010-04-29 00:46 . 2010-04-29 00:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\vsosdk
2010-04-28 23:38 . 2010-04-28 23:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-28 18:47 . 2010-04-28 18:47 -------- d-----w- c:\arquivos de programas\VideoLAN
2010-04-28 17:43 . 2010-04-28 17:43 0 ----a-w- c:\windows\nsreg.dat
2010-04-28 17:29 . 2010-04-28 17:29 -------- d-----w- c:\arquivos de programas\VS Revo Group
2010-04-28 16:57 . 2010-04-28 16:57 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\CyberLink
2010-04-28 16:56 . 2010-04-28 16:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink
2010-04-28 05:25 . 2010-04-28 05:25 -------- d-----w- c:\arquivos de programas\REALTEK RTL8187B Wireless LAN Driver
2010-04-28 05:25 . 2010-04-28 05:25 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\InstallShield
2010-04-28 05:21 . 2010-04-28 05:21 -------- d-----w- c:\arquivos de programas\Synaptics
2010-04-28 05:20 . 2010-04-28 05:20 -------- d-----w- c:\arquivos de programas\Motorola
2010-04-28 04:34 . 2010-04-28 04:34 -------- d-----w- c:\arquivos de programas\Realtek
2010-04-28 04:34 . 2010-04-28 04:34 315392 ----a-w- c:\windows\HideWin.exe
2010-04-28 03:48 . 2010-04-28 03:48 -------- d-----w- c:\documents and settings\windows\Dados de aplicativos\Media Player Classic
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-06-11 322352]
"ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-02-08 1015808]
"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2010-03-14 149280]
"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-19 634880]
"SynTPStart"="c:\arquivos de programas\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"c:\\Arquivos de programas\\DreaMule\\emule.exe"=
"c:\\Documents and Settings\\windows\\Meus documentos\\Downloads\\ares\\Ares_Portable_2.1.5.3039[Uploader By DeLL]\\Ares.exe"=
"c:\\Arquivos de programas\\Ares\\Ares.exe"=
"c:\\Arquivos de programas\\Opera\\opera.exe"=
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [28/4/2010 01:34 77968]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [28/4/2010 02:25 288000]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/6/2010 00:09 29208]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/6/2010 00:09 29208]
S3 cpuz129;cpuz129; [x]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
IE: Crawler Search - tbr:iemenu
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {1B47C712-BCAA-499F-9F11-7D1D76CF5EAC} = 201.10.120.2,201.10.128.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\windows\Dados de aplicativos\Mozilla\Firefox\Profiles\gdyxi5p1.default\
FF - prefs.js: browser.startup.homepage - www.disponivel.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=en_BR&q=
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\arquivos de programas\Crawler\Toolbar\firefox\components\xwsg.dll
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 01:13
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\imon.dll
- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tempo para conclusão: 2010-06-12 01:15:00
ComboFix-quarantined-files.txt 2010-06-12 04:14
ComboFix2.txt 2010-06-12 02:23
Pré-execução: 12 pasta(s) 16.454.049.792 bytes disponíveis
Pós execução: 13 pasta(s) 16.555.597.824 bytes disponíveis
- - End Of File - - B8F1E5A32D93C6EA835713F4B9E86E7C
................................................................................................
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:59:43, on 12/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe
C:\Arquivos de programas\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARQUIV~1\AVG\AVG9\avgtray.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\AVG\AVG9\avgam.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\windows\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60342
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60342
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B47C712-BCAA-499F-9F11-7D1D76CF5EAC}: NameServer = 201.10.120.2,201.10.128.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B47C712-BCAA-499F-9F11-7D1D76CF5EAC}: NameServer = 201.10.120.2,201.10.128.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B47C712-BCAA-499F-9F11-7D1D76CF5EAC}: NameServer = 201.10.120.2,201.10.128.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\avgfws9.exe (file missing)
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - C:\Arquivos de programas\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 7294 bytes
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
Iniciar->Executar.... digite combofix /Uninstall e tecle enter..
Execute o hijackthis->do a system scan only. Selecione os itens:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
clique em fix checked.
* aguardando a verificação online.
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
Oi.Os 2 passos acima forao feitos....Combofix foi desinstalado e os intens selecionados no hijckthis forao excluido tbem....aguardo.
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
NO THREATS FOUND.
Esse resultado da verificação online com o programa que me passou.
Espírita
Cyber Highlander
Registrado
9.6K Mensagens
2.1K Curtidas
Ok! veja se consegues instalar o antivirus que escolheu.
BIDU65
Membro Senior
Registrado
202 Mensagens
1 Curtida
Ja esta instalado e tbem ja rodei ele e elimei mias 3 malwares rsrs valeuu abrss e obrigado...pela ajuda...
Não respondo duvidas por MP, e-mail e msn! Use o fórum! 
Fazer pergunta
