patymelo

Membro
  • Content count

    30
  • Joined

  • Last visited

Community Reputation

0 Neutral

About patymelo

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. fica aparecendo uma mensagem que meu computador não tem memoria suficiente para continuar e dai não funciona mais nada, reinicio e volta tudo ok, mas dali a pouco começa de novo. pode ser malware??
  2. valeu!!! muito obrigada!!!
  3. Acho que está ok!!!
  4. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1a5804cbbe37df489439d64c9ecc2d81 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-02-24 09:43:02 # local_time=2012-02-24 07:43:02 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 39793968 39793968 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=68579 # found=4 # cleaned=4 # scan_time=4429 C:\Documents and Settings\Ana\Dados de aplicativos\OpenCandy\OpenCandy_6398BC1C5FFD4E2EA25CE52C6A8A1F3F\registrybooster25.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Ana\Dados de aplicativos\OpenCandy\OpenCandy_6398BC1C5FFD4E2EA25CE52C6A8A1F3F\registrybooster25Wrapped.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C C:\downloads\aTube_Catcher.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C C:\downloads\RevelationV2.zip Win32/PSWTool.SnadBoy.2011 application (deleted - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1a5804cbbe37df489439d64c9ecc2d81 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-02-24 11:22:40 # local_time=2012-02-24 09:22:40 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=768 16777215 100 0 39802081 39802081 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=91192 # found=0 # cleaned=0 # scan_time=5895 Logfile of HijackThis v1.99.1 Scan saved at 21:47:51, on 24/2/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\ARQUIV~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Ana\Desktop\hij\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.itau.com.br O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) - O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) - O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} (Java Plug-in 1.6.0_29) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplu...GbPluginUni.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  5. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\arquivos de programas\Facemoods.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate.
  6. BankerFix 3.1 VALKYRIE - Removedor de Bankers Linha Defensiva | http://www.linhadefensiva.org http://www.linhadefensiva.org/bankerfix/ ------------------------------------------------------- Data: 2012-02-22 - 14:12 ------------------------------------------------------- Lista de Definição: 2012-01-27-1 | CORE: 2012-01-27-1 ======================================================= Arquivo infectado detectado: C:\WINDOWS\system32\wingfr_4411.gif Arquivo infectado removido com sucesso! Arquivo infectado detectado: C:\WINDOWS\system32\wingfr_580A.gif Arquivo infectado removido com sucesso! Arquivo infectado detectado: C:\WINDOWS\system32\wingfr_7001.gif Arquivo infectado removido com sucesso! Arquivo infectado detectado: C:\WINDOWS\system32\winloc_0003.gif Arquivo infectado removido com sucesso! Arquivo infectado detectado: C:\WINDOWS\system32\winstl_3125.gif Arquivo infectado removido com sucesso! ----- Fim -------------------------
  7. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Ana at 16:17:14 on 2012-02-17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1014.629 [GMT -2:00] . AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* . ============== Running Processes =============== . C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\ARQUIV~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\arquiv~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll BHO: {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - No File BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540008} - c:\arquiv~1\gbplugin\gbiehuni.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\arquiv~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll também: Barra de Ferramentas do Yahoo!: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquiv~1\yahoo!\companion\installs\cpn\yt.dll também: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\arquivos de programas\alwil software\avast5\aswWebRepIE.dll também: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\arquivos de programas\google\google toolbar\GoogleToolbar_32.dll uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background uRun: [Messenger (Yahoo!)] "c:\arquiv~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ares] "c:\arquivos de programas\ares\Ares.exe" -h uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized mRun: [intelZeroConfig] "c:\arquivos de programas\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\arquivos de programas\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [PDVDDXSrv] "c:\arquivos de programas\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [alarmme.exe] c:\alarmme\Alarmme.exe mRun: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m mRun: [avast5] "c:\arquivos de programas\alwil software\avast5\avastUI.exe" /nogui mRun: [iSUSPM Startup] c:\arquiv~1\arquiv~1\instal~1\update~1\isuspm.exe -startup mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe" mRun: [uVS10 Preload] c:\arquivos de programas\ulead systems\ulead videostudio se dvd\uvPL.exe mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\ana\menuin~1\progra~1\inicia~1\spamih~1.lnk - c:\arquivos de programas\spamihilator\spamihilator.exe StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\window~1.lnk - c:\arquivos de programas\windows desktop search\WindowsSearch.exe IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquivos de programas\spybot - search & destroy\SDHelper.dll Trusted Zone: itau.com.br\bankline Trusted Zone: itau.com.br\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{D1DE184A-B67B-4A63-92AE-153C33B44EA4} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL Notify: GbPluginUni - c:\arquiv~1\gbplugin\gbiehUni.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\arquivos de programas\windows desktop search\MSNLNamespaceMgr.dll SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399008} - c:\arquiv~1\gbplugin\gbiehuni.dll . ============= SERVICES / DRIVERS =============== . R0 91323252;91323252 Boot Guard Driver;c:\windows\system32\drivers\91323252.sys [2010-12-17 37392] R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-11-17 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-11-17 195416] R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-10-5 43688] R1 91323251;91323251;c:\windows\system32\drivers\91323251.sys [2010-12-17 128016] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-11-17 111320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-11-17 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-17 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-17 20568] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] . =============== Created Last 30 ================ . 2012-02-15 13:25:05 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-15 13:25:05 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-06 20:48:34 -------- d-----w- c:\windows\pss . ==================== Find3M ==================== . 2012-01-12 17:20:23 1860096 ----a-w- c:\windows\system32\win32k.sys 2011-12-30 16:24:12 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-20 17:30:18 43688 ----a-w- c:\windows\system32\drivers\gbpkm.sys 2011-12-17 19:42:04 916992 ----a-w- c:\windows\system32\wininet.dll 2011-12-17 19:42:04 43520 ------w- c:\windows\system32\licmgr10.dll 2011-12-17 19:42:04 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-12-16 12:23:17 385024 ----a-w- c:\windows\system32\html.iec 2011-12-10 17:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-06 16:30:12 569048 ----a-w- c:\arquivos de programas\Facemoods.exe 2011-12-06 16:09:41 7059282 ----a-w- c:\arquivos de programas\fdmftsetup.exe 2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 17:54:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53:22 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-11-25 21:57:22 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-20 06:12:20 60928 ----a-w- c:\windows\system32\packager.exe 2011-11-09 21:10:55 2368512 ----a-w- c:\arquivos de programas\Spamihilator-win32-1.0.0.exe . ============= FINISH: 16:19:57,46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 22/1/2009 17:01:52 System Uptime: 16/2/2012 20:23:40 (20 hours ago) . Motherboard: Dell Inc. | | 0NF744 Processor: Intel® Core2 CPU T5500 @ 1.66GHz | Microprocessor | 980/166mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 74 GiB total, 44,872 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 30/12/2011 14:19:48 - Ponto de verificação do sistema RP2: 31/12/2011 15:22:29 - Ponto de verificação do sistema RP3: 1/1/2012 15:30:34 - Ponto de verificação do sistema RP4: 3/1/2012 10:37:46 - Ponto de verificação do sistema RP5: 4/1/2012 14:36:38 - Software Distribution Service 3.0 RP6: 5/1/2012 21:09:57 - Ponto de verificação do sistema RP7: 7/1/2012 13:12:31 - Ponto de verificação do sistema RP8: 8/1/2012 14:11:54 - Ponto de verificação do sistema RP9: 9/1/2012 14:16:02 - Ponto de verificação do sistema RP10: 10/1/2012 17:35:13 - Ponto de verificação do sistema RP11: 11/1/2012 21:18:39 - Ponto de verificação do sistema RP12: 12/1/2012 00:02:25 - Software Distribution Service 3.0 RP13: 14/1/2012 10:24:41 - Ponto de verificação do sistema RP14: 15/1/2012 20:49:26 - Ponto de verificação do sistema RP15: 17/1/2012 11:59:23 - Ponto de verificação do sistema RP16: 18/1/2012 00:00:24 - Software Distribution Service 3.0 RP17: 19/1/2012 13:11:50 - Ponto de verificação do sistema RP18: 21/1/2012 12:38:11 - Ponto de verificação do sistema RP19: 22/1/2012 13:04:14 - Ponto de verificação do sistema RP20: 23/1/2012 15:46:02 - Ponto de verificação do sistema RP21: 24/1/2012 19:51:10 - Ponto de verificação do sistema RP22: 24/1/2012 20:19:31 - Software Distribution Service 3.0 RP23: 26/1/2012 17:03:46 - Ponto de verificação do sistema RP24: 27/1/2012 18:52:19 - Ponto de verificação do sistema RP25: 29/1/2012 16:36:23 - Ponto de verificação do sistema RP26: 30/1/2012 18:19:18 - Ponto de verificação do sistema RP27: 31/1/2012 19:52:27 - Ponto de verificação do sistema RP28: 2/2/2012 00:28:53 - Ponto de verificação do sistema RP29: 3/2/2012 10:46:04 - Ponto de verificação do sistema RP30: 4/2/2012 18:36:04 - Ponto de verificação do sistema RP31: 5/2/2012 19:18:27 - Ponto de verificação do sistema RP32: 6/2/2012 20:11:08 - Ponto de verificação do sistema RP33: 7/2/2012 23:37:06 - Ponto de verificação do sistema RP34: 9/2/2012 14:43:43 - Ponto de verificação do sistema RP35: 10/2/2012 18:39:07 - Ponto de verificação do sistema RP36: 11/2/2012 19:17:04 - Ponto de verificação do sistema RP37: 12/2/2012 20:27:29 - Ponto de verificação do sistema RP38: 13/2/2012 21:39:42 - Ponto de verificação do sistema RP39: 15/2/2012 12:17:54 - Ponto de verificação do sistema RP40: 15/2/2012 20:29:07 - Software Distribution Service 3.0 RP41: 17/2/2012 00:28:58 - Ponto de verificação do sistema . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.2) - Português Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update Ares 2.1.7 Arquivos de Suporte da Instalação do Microsoft SQL Server (Inglês) Assistente de Conexão do Windows Live Asterisk Key 10.0 Atualização de Segurança para Microsoft Windows (KB2564958) Atualização de Segurança para o Codificador do Windows Media (KB2447961) Atualização de Segurança para o Windows Media Player (KB2378111) Atualização de Segurança para o Windows Media Player (KB952069) Atualização de Segurança para o Windows Media Player (KB954155) Atualização de Segurança para o Windows Media Player (KB968816) Atualização de Segurança para o Windows Media Player (KB973540) Atualização de Segurança para o Windows Media Player (KB975558) Atualização de Segurança para o Windows Media Player (KB978695) Atualização de Segurança para o Windows Media Player (KB979402) Atualização de Segurança para o Windows Media Player 11 (KB954154) Atualização de Segurança para Windows Internet Explorer 7 (KB2360131) Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2) Atualização de Segurança para Windows Internet Explorer 7 (KB982381) Atualização de Segurança para Windows Internet Explorer 8 (KB2360131) Atualização de Segurança para Windows Internet Explorer 8 (KB2416400) Atualização de Segurança para Windows Internet Explorer 8 (KB2482017) Atualização de Segurança para Windows Internet Explorer 8 (KB2497640) Atualização de Segurança para Windows Internet Explorer 8 (KB2510531) Atualização de Segurança para Windows Internet Explorer 8 (KB2530548) Atualização de Segurança para Windows Internet Explorer 8 (KB2544521) Atualização de Segurança para Windows Internet Explorer 8 (KB2559049) Atualização de Segurança para Windows Internet Explorer 8 (KB2586448) Atualização de Segurança para Windows Internet Explorer 8 (KB2618444) Atualização de Segurança para Windows Internet Explorer 8 (KB2647516) Atualização de Segurança para Windows Internet Explorer 8 (KB971961) Atualização de Segurança para Windows Internet Explorer 8 (KB981332) Atualização de Segurança para Windows Internet Explorer 8 (KB982381) Atualização de Segurança para Windows XP (KB2079403) Atualização de Segurança para Windows XP (KB2115168) Atualização de Segurança para Windows XP (KB2121546) Atualização de Segurança para Windows XP (KB2160329) Atualização de Segurança para Windows XP (KB2229593) Atualização de Segurança para Windows XP (KB2259922) Atualização de Segurança para Windows XP (KB2279986) Atualização de Segurança para Windows XP (KB2286198) Atualização de Segurança para Windows XP (KB2296011) Atualização de Segurança para Windows XP (KB2296199) Atualização de Segurança para Windows XP (KB2347290) Atualização de Segurança para Windows XP (KB2360937) Atualização de Segurança para Windows XP (KB2387149) Atualização de Segurança para Windows XP (KB2393802) Atualização de Segurança para Windows XP (KB2412687) Atualização de Segurança para Windows XP (KB2419632) Atualização de Segurança para Windows XP (KB2423089) Atualização de Segurança para Windows XP (KB2436673) Atualização de Segurança para Windows XP (KB2440591) Atualização de Segurança para Windows XP (KB2443105) Atualização de Segurança para Windows XP (KB2476490) Atualização de Segurança para Windows XP (KB2476687) Atualização de Segurança para Windows XP (KB2478960) Atualização de Segurança para Windows XP (KB2478971) Atualização de Segurança para Windows XP (KB2479628) Atualização de Segurança para Windows XP (KB2479943) Atualização de Segurança para Windows XP (KB2481109) Atualização de Segurança para Windows XP (KB2483185) Atualização de Segurança para Windows XP (KB2485376) Atualização de Segurança para Windows XP (KB2485663) Atualização de Segurança para Windows XP (KB2503658) Atualização de Segurança para Windows XP (KB2503665) Atualização de Segurança para Windows XP (KB2506212) Atualização de Segurança para Windows XP (KB2506223) Atualização de Segurança para Windows XP (KB2507618) Atualização de Segurança para Windows XP (KB2507938) Atualização de Segurança para Windows XP (KB2508272) Atualização de Segurança para Windows XP (KB2508429) Atualização de Segurança para Windows XP (KB2509553) Atualização de Segurança para Windows XP (KB2511455) Atualização de Segurança para Windows XP (KB2524375) Atualização de Segurança para Windows XP (KB2535512) Atualização de Segurança para Windows XP (KB2536276-v2) Atualização de Segurança para Windows XP (KB2536276) Atualização de Segurança para Windows XP (KB2544893-v2) Atualização de Segurança para Windows XP (KB2544893) Atualização de Segurança para Windows XP (KB2555917) Atualização de Segurança para Windows XP (KB2562937) Atualização de Segurança para Windows XP (KB2566454) Atualização de Segurança para Windows XP (KB2567053) Atualização de Segurança para Windows XP (KB2567680) Atualização de Segurança para Windows XP (KB2570222) Atualização de Segurança para Windows XP (KB2570947) Atualização de Segurança para Windows XP (KB2584146) Atualização de Segurança para Windows XP (KB2585542) Atualização de Segurança para Windows XP (KB2592799) Atualização de Segurança para Windows XP (KB2598479) Atualização de Segurança para Windows XP (KB2603381) Atualização de Segurança para Windows XP (KB2618451) Atualização de Segurança para Windows XP (KB2619339) Atualização de Segurança para Windows XP (KB2620712) Atualização de Segurança para Windows XP (KB2624667) Atualização de Segurança para Windows XP (KB2631813) Atualização de Segurança para Windows XP (KB2633171) Atualização de Segurança para Windows XP (KB2639417) Atualização de Segurança para Windows XP (KB2646524) Atualização de Segurança para Windows XP (KB2660465) Atualização de Segurança para Windows XP (KB2661637) Atualização de Segurança para Windows XP (KB923561) Atualização de Segurança para Windows XP (KB923789) Atualização de Segurança para Windows XP (KB938464) Atualização de Segurança para Windows XP (KB941569) Atualização de Segurança para Windows XP (KB946648) Atualização de Segurança para Windows XP (KB950762) Atualização de Segurança para Windows XP (KB950974) Atualização de Segurança para Windows XP (KB951066) Atualização de Segurança para Windows XP (KB951376-v2) Atualização de Segurança para Windows XP (KB951698) Atualização de Segurança para Windows XP (KB951748) Atualização de Segurança para Windows XP (KB952004) Atualização de Segurança para Windows XP (KB952954) Atualização de Segurança para Windows XP (KB954211) Atualização de Segurança para Windows XP (KB954459) Atualização de Segurança para Windows XP (KB954600) Atualização de Segurança para Windows XP (KB955069) Atualização de Segurança para Windows XP (KB956391) Atualização de Segurança para Windows XP (KB956572) Atualização de Segurança para Windows XP (KB956744) Atualização de Segurança para Windows XP (KB956802) Atualização de Segurança para Windows XP (KB956803) Atualização de Segurança para Windows XP (KB956841) Atualização de Segurança para Windows XP (KB956844) Atualização de Segurança para Windows XP (KB957097) Atualização de Segurança para Windows XP (KB958215) Atualização de Segurança para Windows XP (KB958644) Atualização de Segurança para Windows XP (KB958687) Atualização de Segurança para Windows XP (KB958690) Atualização de Segurança para Windows XP (KB958869) Atualização de Segurança para Windows XP (KB959426) Atualização de Segurança para Windows XP (KB960225) Atualização de Segurança para Windows XP (KB960714) Atualização de Segurança para Windows XP (KB960715) Atualização de Segurança para Windows XP (KB960803) Atualização de Segurança para Windows XP (KB960859) Atualização de Segurança para Windows XP (KB961371) Atualização de Segurança para Windows XP (KB961373) Atualização de Segurança para Windows XP (KB961501) Atualização de Segurança para Windows XP (KB968537) Atualização de Segurança para Windows XP (KB969059) Atualização de Segurança para Windows XP (KB969898) Atualização de Segurança para Windows XP (KB969947) Atualização de Segurança para Windows XP (KB970238) Atualização de Segurança para Windows XP (KB970430) Atualização de Segurança para Windows XP (KB971468) Atualização de Segurança para Windows XP (KB971486) Atualização de Segurança para Windows XP (KB971557) Atualização de Segurança para Windows XP (KB971633) Atualização de Segurança para Windows XP (KB971657) Atualização de Segurança para Windows XP (KB971961) Atualização de Segurança para Windows XP (KB972270) Atualização de Segurança para Windows XP (KB973346) Atualização de Segurança para Windows XP (KB973354) Atualização de Segurança para Windows XP (KB973507) Atualização de Segurança para Windows XP (KB973525) Atualização de Segurança para Windows XP (KB973869) Atualização de Segurança para Windows XP (KB973904) Atualização de Segurança para Windows XP (KB974112) Atualização de Segurança para Windows XP (KB974318) Atualização de Segurança para Windows XP (KB974392) Atualização de Segurança para Windows XP (KB974571) Atualização de Segurança para Windows XP (KB975025) Atualização de Segurança para Windows XP (KB975467) Atualização de Segurança para Windows XP (KB975560) Atualização de Segurança para Windows XP (KB975561) Atualização de Segurança para Windows XP (KB975562) Atualização de Segurança para Windows XP (KB975713) Atualização de Segurança para Windows XP (KB977165) Atualização de Segurança para Windows XP (KB977816) Atualização de Segurança para Windows XP (KB977914) Atualização de Segurança para Windows XP (KB978037) Atualização de Segurança para Windows XP (KB978251) Atualização de Segurança para Windows XP (KB978262) Atualização de Segurança para Windows XP (KB978338) Atualização de Segurança para Windows XP (KB978542) Atualização de Segurança para Windows XP (KB978601) Atualização de Segurança para Windows XP (KB978706) Atualização de Segurança para Windows XP (KB979309) Atualização de Segurança para Windows XP (KB979482) Atualização de Segurança para Windows XP (KB979559) Atualização de Segurança para Windows XP (KB979683) Atualização de Segurança para Windows XP (KB979687) Atualização de Segurança para Windows XP (KB980195) Atualização de Segurança para Windows XP (KB980218) Atualização de Segurança para Windows XP (KB980232) Atualização de Segurança para Windows XP (KB980436) Atualização de Segurança para Windows XP (KB981322) Atualização de Segurança para Windows XP (KB981349) Atualização de Segurança para Windows XP (KB981852) Atualização de Segurança para Windows XP (KB981957) Atualização de Segurança para Windows XP (KB981997) Atualização de Segurança para Windows XP (KB982132) Atualização de Segurança para Windows XP (KB982214) Atualização de Segurança para Windows XP (KB982665) Atualização de Segurança para Windows XP (KB982802) Atualização do Microsoft Windows (KB971513) Atualização para Windows Internet Explorer 8 (KB2447568) Atualização para Windows Internet Explorer 8 (KB976662) Atualização para Windows XP (KB2141007) Atualização para Windows XP (KB2345886) Atualização para Windows XP (KB2467659) Atualização para Windows XP (KB2541763) Atualização para Windows XP (KB2607712) Atualização para Windows XP (KB2616676) Atualização para Windows XP (KB2641690) Atualização para Windows XP (KB951978) Atualização para Windows XP (KB955759) Atualização para Windows XP (KB955839) Atualização para Windows XP (KB961503) Atualização para Windows XP (KB967715) Atualização para Windows XP (KB968389) Atualização para Windows XP (KB971029) Atualização para Windows XP (KB971737) Atualização para Windows XP (KB973687) Atualização para Windows XP (KB973815) avast! Internet Security Barra de Ferramentas do Yahoo! Bonjour Broadcom 440x 10/100 Integrated Controller BurnAware Free 2.2.3 Business Contact Manager for Outlook 2007 SP2 Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities ZoomBrowser EX CCleaner Componentes de Conectividade do Microsoft Office Small Business Debut Video Capture Software Dell Resource CD Dell Wireless WLAN Card Easy Driver Pro eMule Express Burn Disc Burning Software Ferramenta de Carregamento do Windows Live Google Earth Google Toolbar for Internet Explorer Google Update Helper Gravador do Microsoft SQL Server VSS High Definition Audio Driver Package - KB835221 HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB954550-v5) Hotfix para o Windows Media Player 11 (KB939683) Hotfix para Windows XP (KB2158563) Hotfix para Windows XP (KB2443685) Hotfix para Windows XP (KB2570791) Hotfix para Windows XP (KB2633952) Hotfix para Windows XP (KB952287) Hotfix para Windows XP (KB961118) Hotfix para Windows XP (KB970653-v3) Hotfix para Windows XP (KB976098-v2) Hotfix para Windows XP (KB979306) Hotfix para Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Internet Explorer (Enable DEP) iTunes Java Auto Updater Java 6 Update 29 Junk Mail filter update Malwarebytes Anti-Malware versão 1.60.1.1000 mCore mDriver mDrWiFi MegaJogos (remove only) mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Language Pack SP1 - ptb Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Automated Troubleshooting Services Shim Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Fix it Center Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Portuguese (Brazil)) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Portuguese (Brazil)) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 Microsoft Office Small Business 2007 Microsoft Office Word MUI (Portuguese (Brazil)) 2007 Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 mIWA mLogView mMHouse mPfMgr mPfWiz mProSafe mSSO MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser mWlsSafe mWMI mXML mZConfig Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 OZ776 SCR CardBus V1.1.3.6 OZ776 SCR CardBus Windows Driver Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card PC Fixer PKR PowerDVD Prism Video File Converter QuickTime Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Update Manager Safari Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Search 4 - KB963093 Segoe UI SigmaTel Audio Skype Toolbars Skype™ 4.2 Software do Intel® PROSet/Wireless Sonic Activation Module SopCast 3.0.3 Spamihilator 1.0.0 (32 bit) Spybot - Search & Destroy swMSM Tecnobyte Agenda 2.5.1 Ulead VideoStudio SE DVD Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2583910) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Galeria de Fotos Windows Live Mail Windows Live Messenger Windows Live Sync Windows Live Writer Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Movie Maker 2.0 Windows PowerShell 1.0 Windows Search 4.0 Windows XP Service Pack 3 XML Paper Specification Shared Components Language Pack 1.0 Yahoo! Messenger . ==== End Of File ===========================
  8. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Versão da Base de Dados: v2012.02.14.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Ana :: ANA-B425CC8414B [administrador] 14/2/2012 20:50:10 mbam-log-2012-02-14 (20-50-10).txt Tipo de Verificação: Verificação Completa Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 255960 Tempo decorrido: 1 hora(s), 45 minuto(s), 37 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 1 C:\WINDOWS\Media\moduloseguranca4.dll.exe (Spyware.Banker) -> Enviado para a Quarentena e deletado com sucesso. (fim) Logfile of HijackThis v1.99.1 Scan saved at 22:48:59, on 14/2/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\ARQUIV~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Ana\Desktop\hij\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.itau.com.br O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) - O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplu...GbPluginUni.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  9. Logfile of HijackThis v1.99.1 Scan saved at 20:50:20, on 13/2/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe C:\ARQUIV~1\Yahoo!\Messenger\ymsgr_tray.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\WINDOWS\system32\calc.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Documents and Settings\Ana\Desktop\hij\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.itau.com.br O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) - O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplu...GbPluginUni.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  10. aqui esta o log Logfile of HijackThis v1.99.1 Scan saved at 18:53:19, on 6/2/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\system32\SNDVOL32.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe C:\Arquivos de programas\Outlook Express\msimn.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\calc.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Microsoft Fix it Center\Matsvc.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Documents and Settings\Ana\Desktop\hij\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.itau.com.br O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) - O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Plug-in 1.6.0_26) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplu...GbPluginUni.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  11. desconfio que estou infectada, alguém poderia me ajudar??? grata
  12. ComboFix 11-04-05.02 - Ana 06/04/2011 14:47:12.7.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1014.493 [GMT -3:00] Executando de: c:\documents and settings\Ana\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-03-06 to 2011-04-06 )))))))))))))))))))))))))))) . . 2011-03-15 02:43 . 2011-03-15 02:43 -------- d-----w- c:\arquivos de programas\iPod 2011-03-15 02:42 . 2011-03-15 02:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-03-15 02:42 . 2011-03-15 02:43 -------- d-----w- c:\arquivos de programas\iTunes 2011-03-15 02:10 . 2011-03-15 02:10 -------- d-----w- c:\arquivos de programas\Bonjour 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-03-15 01:56 . 2011-03-15 01:56 159744 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\npqtplugin.dll 2011-03-15 01:55 . 2011-03-15 01:56 -------- d-----w- c:\arquivos de programas\QuickTime 2011-03-08 21:37 . 2011-03-08 21:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-03 00:40 . 2010-06-09 19:58 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-02 22:19 . 2010-12-18 09:38 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2009-01-22 18:53 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-01-22 18:53 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 10:00 440832 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-13 08:47 . 2010-11-17 16:20 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2010-11-17 16:20 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-13 08:42 . 2010-11-17 16:23 99792 ----a-w- c:\windows\system32\drivers\aswFW.sys 2011-01-13 08:41 . 2010-11-17 16:23 357968 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-01-13 08:41 . 2010-11-17 16:23 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:41 . 2010-11-17 16:22 189904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2011-01-13 08:40 . 2010-11-17 16:22 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:40 . 2010-11-17 16:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-01-13 08:39 . 2010-11-17 16:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-01-13 08:37 . 2010-11-17 16:22 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2010-11-17 16:22 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-01-13 08:37 . 2010-11-17 16:23 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-01-13 08:47 120712 ----a-w- c:\arquivos de programas\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "Messenger (Yahoo!)"="c:\arquiv~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2010-10-27 1015808] "SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816] "IntelWireless"="c:\arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624] "PDVDDXSrv"="c:\arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "alarmme.exe"="c:\alarmme\Alarmme.exe" [2010-10-25 531968] "Tecnobyte Agenda"="c:\tecnobyte\agenda\agenda.exe" [2009-03-17 2085376] "avast5"="c:\arquivos de programas\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2011-03-07 421160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Ana\Menu Iniciar\Programas\Inicializar\ Spamihilator.lnk - c:\arquivos de programas\Spamihilator\spamihilator.exe [2010-10-17 1512448] . c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Arquivos de programas\\Spamihilator\\spamihilator.exe"= "c:\\Arquivos de programas\\Spamihilator\\cdcc.exe"= "c:\\Arquivos de programas\\Spamihilator\\dccproc.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\iTunes\\iTunes.exe"= . R0 91323252;91323252 Boot Guard Driver;c:\windows\system32\drivers\91323252.sys [17/12/2010 01:33 37392] R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [17/11/2010 13:20 12112] R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [17/11/2010 13:22 189904] R1 91323251;91323251;c:\windows\system32\drivers\91323251.sys [17/12/2010 01:33 128016] R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [17/11/2010 13:23 99792] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/11/2010 13:23 357968] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/11/2010 13:23 294608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/11/2010 13:23 17744] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 avast! Firewall;avast! Firewall;c:\arquivos de programas\Alwil Software\Avast5\afwServ.exe [17/11/2010 13:20 119200] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [18/12/2010 06:42 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\arquivos de programas\Microsoft Fix it Center\Matsvc.exe [16/11/2010 00:10 267568] . Conteúdo da pasta 'Tarefas Agendadas' . 2011-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34] . 2011-04-06 c:\windows\Tasks\ConfigExec.job - c:\arquivos de programas\Microsoft Fix it Center\MatsApi.dll [2010-11-16 03:09] . 2011-04-06 c:\windows\Tasks\DataUpload.job - c:\arquivos de programas\Microsoft Fix it Center\MatsApi.dll [2010-11-16 03:09] . 2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-18 09:42] . 2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-12-18 09:42] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} . - - - - ORFÃOS REMOVIDOS - - - - . HKCU-Run-RegistryBooster - c:\arquivos de programas\Uniblue\RegistryBooster\launcher.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-06 14:57 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'winlogon.exe'(1640) c:\windows\System32\BCMLogon.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(2652) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2011-04-06 15:01:03 ComboFix-quarantined-files.txt 2011-04-06 18:00 ComboFix2.txt 2010-12-16 01:35 . Pré-execução: 17 pasta(s) 56.216.838.144 bytes disponíveis Pós execução: 19 pasta(s) 57.018.560.512 bytes disponíveis . - - End Of File - - 8E51DA387DF460E9B06EBADCD6AA138A Logfile of HijackThis v1.99.1 Scan saved at 15:03:18, on 6/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Ana\Desktop\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232657325281 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/Game...ronGameHost.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  13. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 6248 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2/4/2011 16:50:32 mbam-log-2011-04-02 (16-50-32).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 148199 Tempo decorrido: 8 minuto(s), 25 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Logfile of HijackThis v1.99.1 Scan saved at 16:56:38, on 2/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Documents and Settings\Ana\Desktop\hijackthis\HijackThis.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [RegistryBooster] "C:\Arquivos de programas\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232657325281 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/Game...ronGameHost.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  14. Logfile of HijackThis v1.99.1 Scan saved at 07:59:35, on 1/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Arquivos de programas\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\WINDOWS\stsystra.exe C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Intel\Wireless\Bin\Dot1XCfg.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Spamihilator\spamihilator.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\internet explorer\iexplore.exe C:\Documents and Settings\Ana\Desktop\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARQUIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [intelZeroConfig] "C:\Arquivos de programas\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Arquivos de programas\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Arquivos de programas\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [alarmme.exe] C:\AlarmMe\Alarmme.exe O4 - HKLM\..\Run: [Tecnobyte Agenda] "c:\tecnobyte\agenda\agenda.exe" /m O4 - HKLM\..\Run: [avast5] "C:\Arquivos de programas\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [iSUSPM Startup] c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\ARQUIV~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [RegistryBooster] "C:\Arquivos de programas\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Spamihilator.lnk = C:\Arquivos de programas\Spamihilator\spamihilator.exe O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232657325281 O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} (Java Plug-in 1.4.2_19) - O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Plug-in 1.6.0_21) - O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23) - O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/Game...ronGameHost.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: stllssvr - Unknown owner - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  15. preciso ajuda para fazer uma varredura por virus ou malware grata