Publicado em 27 de mai.

[Resolvido!] log para analise

#topicos-resolvidos-seguranca-malwares

S.O WINDOWS 7.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:44:09, on 26/05/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\HiYo\Bin\HiYo.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\taskeng.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: MjTunes.com Toolbar - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Program Files\MjTunes.com\tbMjTu.dll

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Blingee Plus\tbhelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MjTunes.com Toolbar - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Program Files\MjTunes.com\tbMjTu.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: BlingeeTb - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Blingee Plus\blingeetb.dll

O3 - Toolbar: Blingee Toolbar - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Program Files\Blingee Plus\blingeetb.dll

O3 - Toolbar: MjTunes.com Toolbar - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Program Files\MjTunes.com\tbMjTu.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

End of file - 6950 bytes

-------------x-----------------------

Obs: para ter mais precisão na analise :D

DDS (Ver_10-03-17.01) - NTFSx86

Run by Fabiana at 23:02:22,73 on 26/05/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2036.1385 [GMT -3:00]

AV: AntiVir Desktop On-access scanning disabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\HiYo\Bin\HiYo.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

mStart Page = hxxp://www.searchcanvas.com/?ot=6

uURLSearchHooks: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll

uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\blingee plus\tbhelper.dll

mURLSearchHooks: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: BlingeeTb Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\blingee plus\blingeetb.dll

TB: Blingee Toolbar: {d1121fe0-0145-44c9-aa35-72071ac20a9b} - c:\program files\blingee plus\blingeetb.dll

TB: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Hiyo] c:\program files\hiyo\bin\HiYo.exe /RunFromStartup

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

uPolicies-system: DisableRegistryTools = 2 (0x2)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabiana\appdata\roaming\mozilla\firefox\profiles\edcysqaz.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\fabiana\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\fabiana\appdata\roaming\mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-19 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-19 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-19 60936]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-15 20968]

R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]

R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-20 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-27 9728]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-27 3072]

=============== Created Last 30 ================

2010-05-27 02:01:42 525824 ----a-w- C:\dds.scr

2010-05-24 23:07:09 0 d-----w- c:\program files\common files\Hewlett-Packard

2010-05-24 23:06:58 126976 ----a-w- c:\windows\system32\hpfll70v.dll

2010-05-24 23:06:21 512 ------w- c:\windows\hphmdl33.dat

2010-05-24 23:06:21 141676 ----a-w- c:\windows\hphins33.dat

2010-05-24 23:06:16 452408 ----a-w- c:\windows\system32\hpzids01.dll

2010-05-24 22:56:01 512 ------w- c:\windows\hphmdl33.dat.temp

2010-05-24 22:56:01 141231 ------w- c:\windows\hphins33.dat.temp

2010-05-24 22:12:15 0 d-----w- c:\program files\HP

2010-05-24 22:11:11 0 d-----w- c:\programdata\HP

2010-05-23 15:50:38 0 d-----w- c:\program files\common files\xing shared

2010-05-23 15:50:27 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-05-23 15:50:27 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-05-23 15:50:25 0 d-----w- c:\program files\common files\Real

2010-05-23 15:50:24 0 d-----w- c:\programdata\Real

2010-05-22 16:44:25 0 d-----w- c:\program files\MP3 Player Utilities 4.05

2010-05-21 05:51:08 0 d-----w- c:\users\fabiana\appdata\roaming\HiYo

2010-05-21 05:50:08 0 d-----w- c:\program files\HiYo

2010-05-21 05:50:07 0 d-----w- c:\programdata\HiYo

2010-05-21 03:19:02 0 d-----w- c:\programdata\PhotoMail

2010-05-21 03:19:01 0 d-----w- c:\program files\PhotoMail Maker

2010-05-21 03:18:27 0 d-----w- c:\programdata\IncrediMail

2010-05-21 03:18:27 0 d-----w- c:\programdata\IM

2010-05-21 03:18:27 0 d-----w- c:\program files\IncrediMail

2010-05-20 00:02:41 468 --sha-r- c:\users\fabiana\ntuser.pol

2010-05-16 01:54:39 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys

2010-05-16 01:54:38 0 d-----w- c:\program files\CPUID

2010-05-10 20:33:31 0 d-----w- c:\program files\Photo Story 3 for Windows

2010-05-08 23:48:13 65536 --sha-w- c:\users\fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TM.blf

2010-05-08 23:48:13 524288 --sha-w- c:\users\fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000002.regtrans-ms

2010-05-08 23:48:13 524288 --sha-w- c:\users\fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000001.regtrans-ms

2010-05-07 23:34:20 0 d-----w- C:\MICHAEL_JACKSON

2010-05-07 23:27:56 0 d-----w- c:\programdata\DVD Shrink

2010-05-07 23:27:55 0 d-----w- c:\program files\DVD Shrink

2010-05-04 22:35:24 56 ---ha-w- c:\programdata\ezsidmv.dat

2010-05-04 22:11:50 0 d-----r- c:\program files\Skype

2010-05-04 22:11:48 0 d-----w- c:\programdata\Skype

2010-05-03 00:38:10 0 d-----w- c:\users\fabiana\appdata\roaming\GrabPro

2010-05-03 00:38:10 0 d-----w- C:\downloads

2010-04-30 22:40:42 0 d-----w- c:\program files\D-Link

2010-04-30 11:24:21 257024 ----a-w- c:\windows\system32\msv1_0.dll

2010-04-30 11:22:12 0 d-----w- c:\program files\MSXML 4.0

2010-04-30 11:11:54 34816 ----a-w- c:\windows\system32\msasn1.dll

2010-04-30 11:07:16 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-30 11:07:11 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-30 11:07:11 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-30 11:06:31 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2010-04-30 11:06:31 507568 ----a-w- c:\windows\system32\winload.exe

2010-04-30 11:06:31 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2010-04-30 11:06:30 442920 ----a-w- c:\windows\system32\winresume.exe

2010-04-30 11:06:30 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2010-04-30 11:05:16 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-04-30 11:05:16 465408 ----a-w- c:\windows\system32\psisdecd.dll

2010-04-30 11:05:16 417792 ----a-w- c:\windows\system32\msdri.dll

2010-04-30 11:05:16 204288 ----a-w- c:\windows\system32\MSNP.ax

2010-04-30 11:04:39 427520 ----a-w- c:\windows\system32\vbscript.dll

2010-04-30 11:04:38 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-04-30 11:04:38 85504 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-04-30 11:04:38 369152 ----a-w- c:\windows\system32\secproc.dll

2010-04-30 11:04:38 365568 ----a-w- c:\windows\system32\secproc_isv.dll

2010-04-30 11:04:38 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-04-30 11:04:38 320512 ----a-w- c:\windows\system32\RMActivate.exe

2010-04-30 11:04:38 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-04-30 11:04:38 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-04-30 10:53:44 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-30 10:53:44 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-30 10:53:44 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-30 10:47:37 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-30 10:47:22 132608 ----a-w- c:\windows\system32\cabview.dll

2010-04-29 13:32:42 0 d-----w- c:\users\fabiana\appdata\roaming\TeamViewer

2010-04-29 13:32:39 0 d-----w- c:\program files\TeamViewer

2010-04-29 13:32:15 0 d-----w- c:\users\fabiana\temp

2010-04-29 04:35:30 8192 ----a-w- C:\bootsect.lxe.bak

2010-04-29 04:35:29 383592 --sh--r- C:\gdrop

2010-04-29 04:35:29 171136 --sh--r- C:\xeldr

2010-04-28 14:13:47 0 d-----w- c:\program files\Lavalys

2010-04-27 20:47:52 9728 ----a-w- c:\windows\system32\epmntdrv.sys

2010-04-27 20:47:52 86408 ----a-w- c:\windows\system32\setupempdrv03.exe

2010-04-27 20:47:52 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys

2010-04-27 20:47:52 1663488 ----a-w- c:\windows\system32\BootMan.exe

2010-04-27 20:47:52 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll

2010-04-27 20:47:47 0 d-----w- c:\program files\EASEUS

==================== Find3M ====================

2010-05-27 00:51:36 654272 ----a-w- c:\windows\system32\prfh0416.dat

2010-05-27 00:51:36 124724 ----a-w- c:\windows\system32\prfc0416.dat

2010-05-12 14:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-22 12:01:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-07-14 08:30:56 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat

2009-07-14 08:30:56 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat

2009-07-14 08:30:56 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat

2009-07-14 08:30:56 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:02:51,54 ===============

---------x-----------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume6

Install Date: 18/04/2010 23:31:44

System Uptime: 26/05/2010 21:47:05 (2 hours ago)

Motherboard: Intel Corporation | | DG31PR

Processor: Intel® Celeron® CPU E3200 @ 2.40GHz | J3E1 | 2400/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 52 GiB total, 27,117 GiB free.

D: is FIXED (NTFS) - 34 GiB total, 19,792 GiB free.

E: is FIXED (NTFS) - 25 GiB total, 5,476 GiB free.

F: is FIXED (NTFS) - 1 GiB total, 0,547 GiB free.

G: is CDROM ()

J: is FIXED (NTFS) - 15 GiB total, 14,758 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP27: 23/05/2010 02:18:22 - Windows Update

RP29: 24/05/2010 19:19:02 - Sample Restore Point

==== Installed Programs ======================

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

Arquivo do WinRAR

Assistente de Conexão do Windows Live

aTube Catcher

aTube Catcher 1.0

Avira AntiVir Personal - Free Antivirus

Blingee Toolbar

CCleaner

CPUID CPU-Z 1.54

D-Link DFE520TX

D-Link PCI Fast Ethernet Adapter

DJ_SF_06_D1600_SW_Min

DVD Shrink 3.2

EASEUS Partition Master 4.0 Home Edition

EasyBCD 1.7.2

EVEREST Ultimate Edition v5.30

Ferramenta de Carregamento do Windows Live

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

HijackThis 2.0.2

HiYo

HP Deskjet D1600 Printer Driver 14.0 Rel. 6

IncrediMail

IncrediMail 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XML Parser

MjTunes.com Toolbar

Mozilla Firefox (3.5.9)

MP3 Player Utilities 4.05

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8

neroxml

Photo Story 3 for Windows

PhotoMail Maker

RealPlayer

RealUpgrade 1.0

RocketDock 1.3.5

Skype Toolbars

Skype™ 4.2

TeamViewer 4

TeamViewer 5

Toolbox

VCRedistSetup

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

==== End Of File ===========================

Discussão (13)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

DigRam· 30 de mai.

Boa Noite! Edvan

<@> Baixe: < Malwarebytes' Anti-Malware >

<@> Link - 2: < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.malwarebytes.org/images/marcinsig.gif&key=2c45e7fd674c4b18d376ffbe83bf82547806ac60e230409c7eb4c31999009760" alt="marcinsig.gif" /> >

<@> Ps: Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

Clique,à seguir,em Concluir.

Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

Ao final da atualização,com o programa aberto, marque: Verificação Rápida

Clique no botão Verificar.

Começará então o exame. -> Aguarde,pois pode demorar!

Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

Ps: O log será armazenado,automáticamente,pela ferramenta.

Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

<@> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

000000000000000000000000

oooooooooooooooooooooooo

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt ) <--

<@> Poste,também,HijackThis atualizado.

Abraços!

Edvan· 30 de mai.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4155

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/05/2010 03:37:35

mbam-log-2010-05-30 (03-37-35).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 120474

Tempo decorrido: 4 minuto(s), 0 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados: