[Arquivado] Pastas nao abrem

Scorpionok · Julho 14, 2008

Bom eu ja andei olhando alguns outros topicos semelhantes porem ainda nao achei 1 igual.

Quando tento abrir uma pasta simplesmente some tudo da tela fica so o plano de fundo e depois de alguns instantes retornam e a pasta nao abre.

Se alguem tiver a solução por favor eu agradeço.

Procurem exemplificar um pouco o que disserem eu sou meio leigo.

Aqui vai um log do h...bom sei lah o nome!

Logfile of HijackThis v1.99.1

Scan saved at 22:20:09, on 13/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VMSnap326.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\SVCHOST.EXE

C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Jaman Player\jamtray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

E:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Vilson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Arquivos de programas\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bigDogpath326] C:\WINDOWS\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKLM\..\Run: [Microsoft DNS Service] C:\WINDOWS\SVCHOST.EXE

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [jamtray] C:/Arquivos de programas/Jaman Player/jamtray.exe

O4 - Startup: No-IP DUC.lnk = E:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: Registration Assassin's Creed.LNK = E:\Arquivos de programas\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: BIGDOGPATH326.lnk = C:\WINDOWS\VMSnap326.exe

O4 - Global Startup: Domino.lnk = C:\WINDOWS\Domino.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Descupem-me se estiver no local errado mais eu num sei o que seria isso entao estou postando aqui.

Agradecido desde jah.

DigRam · Julho 14, 2008

Bom Dia! Scorpionok

<@> Faça o download do SDFix.

<@> Salve-o no Disco Local-C e,descompacte-o aì mesmo.

<@> Reinicie o computador em Modo de Segurança.

<@> Dê um duplo clique em: < runThis.bat >

Caso uma janela abra e feche de repente!
Vá em Iniciar >> Executar >> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q

Reinicie o computador e execute,novamente,o SDFix!

Caso não funcione,verifique a variável %comspec%.

Clique direito do mouse em Meu Computador >> Propriedades >> Avançadas.

Em: Variáveis do Ambiente >> Verifique se a variável ComSpec,tem o valor para o cmd.exe.

Valor:

%SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter.( ...ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

--------------------------------------

<@> Poste,na sua resposta,os relatórios: Report.txt + HJT,atualizado.

Abraços!

PedroN · Julho 14, 2008

Desculpe pelo poste, o DigRam postou primeiro.

Scorpionok · Julho 14, 2008

Sr. Perfect,

podia escrever mesmo assim caso nao resolva jah tinha uma segunda opção =p

DigRam,

muito obrigado irei tentar logo logo darei a resposta se possivel.

Scorpionok · Julho 14, 2008

O edit nao esta indo entao espero que nao se importem com Double Post.

SDFix: Version 1.205
Run by Buba on seg 14/07/2008 at 00:40

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\svchost.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 00:59:48

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:8f,2d,e4,6e,8a,f6,ce,9b,25,73,1c,be,48,f2,4b,af,1c,4c,d9,49,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,d8,4d,d2,6b,59,be,01,d7,90,5e,43,bc,5c,31,38,8e,fe,..

"khjeh"=hex:f3,c8,50,ee,3e,20,6c,8d,8a,2f,6d,69,5e,f6,7c,e9,05,4c,ba,1e,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:53,8f,5a,b3,30,b9,64,fd,02,71,82,2a,dd,17,09,aa,ee,2b,20,55,21,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:91,99,6a,a4,87,4f,41,a6,ea,b8,ed,24,ce,d2,b8,55,51,1b,72,de,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:8f,2d,e4,6e,8a,f6,ce,9b,25,73,1c,be,48,f2,4b,af,1c,4c,d9,49,73,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,d8,4d,d2,6b,59,be,01,d7,90,5e,43,bc,5c,31,38,8e,fe,..

"khjeh"=hex:f3,c8,50,ee,3e,20,6c,8d,8a,2f,6d,69,5e,f6,7c,e9,05,4c,ba,1e,a3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:53,8f,5a,b3,30,b9,64,fd,02,71,82,2a,dd,17,09,aa,ee,2b,20,55,21,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:91,99,6a,a4,87,4f,41,a6,ea,b8,ed,24,ce,d2,b8,55,51,1b,72,de,3b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\

authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"E:\\Arquivos de programas\\Valve\\hl.exe"="E:\\Arquivos de programas\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"

"E:\\Arquivos de programas\\Valve\\hltv.exe"="E:\\Arquivos de programas\\Valve\\hltv.exe:*:Enabled:HLTV Launcher"

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"="C:\\Arquivos de programas\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\\Downloads\\Magic Workstation\\MWSPlay.exe"="C:\\Downloads\\Magic Workstation\\MWSPlay.exe:*:Enabled:Magic Workstation Play Module"

"C:\\Arquivos de programas\\mIRC\\mirc.exe"="C:\\Arquivos de programas\\mIRC\\mirc.exe:*:Enabled:mIRC"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"="C:\\Arquivos de programas\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"

"C:\\Downloads\\CSBR\\jogos\\CSTRIKE\\hl.exe"="C:\\Downloads\\CSBR\\jogos\\CSTRIKE\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo"

"C:\\Arquivos de programas\\Microsoft Games\\Halo\\halo.exe"="C:\\Arquivos de programas\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\\Downloads\\Anime\\TibiCAM\\TibiCAM.exe"="E:\\Downloads\\Anime\\TibiCAM\\TibiCAM.exe:*:Enabled:TibiCAM"

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"="C:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"="C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"

"C:\\Arquivos de programas\\Jaman Player\\jamdownloader.exe"="C:\\Arquivos de programas\\Jaman Player\\jamdownloader.exe:*:Enabled:Jaman Downloader"

"C:\\Arquivos de programas\\Jaman Player\\jaman-updater.exe"="C:\\Arquivos de programas\\Jaman Player\\jaman-updater.exe:*:Enabled:Jaman Updater"

"C:\\Arquivos de programas\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Arquivos de programas\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\ZuOnline.exe"="C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\ZuOnline.exe:*:Enabled:ZuOnline"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\BT_Update.exe"="C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\BT_Update.exe:*:Enabled:BT_Update"

"C:\\Rohan\\rohanclient.exe"="C:\\Rohan\\rohanclient.exe:*:Enabled:Rohan Online Game"

"C:\\Arquivos de programas\\VertrigoServ\\Apache\\bin\\v_apache.exe"="C:\\Arquivos de programas\\VertrigoServ\\Apache\\bin\\v_apache.exe:*:Enabled:Apache HTTP Server"

"C:\\Arquivos de programas\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"="C:\\Arquivos de programas\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe:*:Enabled:v_mysqld"

"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"="C:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"

"C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe"="C:\\Arquivos de programas\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"="C:\\Arquivos de programas\\Megacubo\\megacubo.exe:*:Enabled:MegaCubo"

"C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"="C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe:*:Enabled:MiniFly"

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"="C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe:*:Enabled:ADPHONE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\

authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 13 Nov 2006 319,456 A..H. --- "C:\Arquivos de programas\Arquivos comuns\Motorola Shared\MotPCSDrivers\difxapi.dll"

Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4d6abb4abb73b8841817968bb9fef3b2\BIT4.tmp"

Thu 1 May 2008 8,879,656 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c34850f9a71cb05664750ccd909d99c\BIT63.tmp"

Wed 6 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\958f6198e7b74c8bd1180a14e6def2c1\BIT4.tmp"

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 01:02:14, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VMSnap326.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\PC-Checkup\PCCheckUp.exe

C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Jaman Player\jamtray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

E:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Pando Networks\Pando\pando.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Vilson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Arquivos de programas\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bigDogpath326] C:\WINDOWS\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKLM\..\Run: [Microsoft DNS Service] C:\WINDOWS\SVCHOST.EXE

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [jamtray] C:/Arquivos de programas/Jaman Player/jamtray.exe

O4 - Startup: No-IP DUC.lnk = E:\Arquivos de programas\No-IP\DUC20.exe

O4 - Startup: Registration Assassin's Creed.LNK = E:\Arquivos de programas\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe

O4 - Global Startup: BIGDOGPATH326.lnk = C:\WINDOWS\VMSnap326.exe

O4 - Global Startup: Domino.lnk = C:\WINDOWS\Domino.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Scorpionok · Julho 14, 2008

af... fazendo triple post jah ¬¬

o edite ta quebrado ou soh ta zuado aki? xD

O problema nao foi solucionado. =/

era so pra dizer isso mesmo.

DigRam · Julho 14, 2008

Bom Dia! Scorpionok

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------------------------

<@> Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

Abraços!

Scorpionok · Julho 14, 2008

Logfile of HijackThis v1.99.1
Scan saved at 01:37:18, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VMSnap326.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\PC-Checkup\PCCheckUp.exe

C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Jaman Player\jamtray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

E:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Pando Networks\Pando\pando.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Vilson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Arquivos de programas\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bigDogpath326] C:\WINDOWS\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKLM\..\Run: [Microsoft DNS Service] C:\WINDOWS\SVCHOST.EXE

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [jamtray] C:/Arquivos de programas/Jaman Player/jamtray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

ComboFix 08-07-13.6 - Buba 2008-07-14 1:30:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.481 [GMT -3:00]

Executando de: C:\Documents and Settings\Vilson\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Arquivos de programas\ADSTechnology

C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

C:\Arquivos de programas\ADSTechnology\ADSTechnology.exe

C:\Arquivos de programas\ADSTechnology\Uninstall.exe

C:\Arquivos de programas\ShoppingReport

C:\Arquivos de programas\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

C:\Arquivos de programas\ShoppingReport\Uninst.exe

C:\Arquivos de programas\Zumie

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

C:\Documents and Settings\Freddi\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\Vilson\Dados de aplicativos\inst.exe

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Vilson\Dados de aplicativos\ShoppingReport\cs\res1\WhiteList.dbs

C:\WINDOWS\Help\svhost.txt

C:\WINDOWS\sysedir.dat

----- BITS: Possible infected sites -----

hxxp://www.hhdsoftware.com

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

2008-07-14 00:35 . 2008-07-14 00:36 <DIR> d-------- C:\WINDOWS\ERUNT

2008-07-14 00:20 . 2008-07-14 01:01 <DIR> d-------- C:\SDFix

2008-07-14 00:20 . 2008-07-13 02:22 1,444,357 --a------ C:\SDFix.exe

2008-07-13 22:19 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-13 22:16 . 2008-07-13 22:16 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-07-13 15:50 . 2008-07-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winferno

2008-07-13 15:49 . 2008-07-13 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-07-13 15:46 . 2008-07-13 15:46 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-07-13 15:17 . 2008-07-13 15:17 <DIR> d-------- C:\Arquivos de programas\Discador Orolix

2008-07-11 16:00 . 2008-07-13 17:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-11 15:36 . 2008-07-11 15:36 <DIR> d-------- C:\Arquivos de programas\HHD Software

2008-07-09 09:39 . 2008-07-09 09:39 <DIR> d-------- C:\Documents and Settings\Cristina\Dados de aplicativos\ADPHONE

2008-07-08 22:44 . 2008-07-08 22:45 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\ADPHONE

2008-07-08 22:44 . 2008-07-09 09:39 <DIR> d-------- C:\Arquivos de programas\ADPHONE3

2008-07-08 22:42 . 2008-07-09 10:15 <DIR> d-------- C:\Arquivos de programas\Bíblia Sagrada 1.0

2008-07-08 22:39 . 2008-07-08 22:40 <DIR> d-------- C:\PC-Checkup

2008-07-08 22:39 . 2008-07-08 22:39 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-07-08 22:17 . 2008-07-09 11:56 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-07-08 22:17 . 2008-07-09 13:04 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-07-03 00:29 . 2008-07-03 00:30 <DIR> d-------- C:\Documents and Settings\Cristina\Dados de aplicativos\PlayFirst

2008-07-03 00:20 . 2008-07-03 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SpinTop Games

2008-07-02 23:10 . 2008-07-03 00:18 <DIR> d-------- C:\My Games

2008-07-02 22:42 . 2008-07-02 23:11 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\PlayFirst

2008-07-02 22:42 . 2008-07-02 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-07-02 17:56 . 2008-07-02 17:56 <DIR> d-------- C:\Arquivos de programas\UNO Freeware

2008-07-02 17:56 . 2008-07-02 17:56 796,672 --a------ C:\WINDOWS\GPInstall.exe

2008-07-02 17:56 . 2000-08-10 23:06 7,883 --a------ C:\WINDOWS\Eng_UK.gpl

2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 17:14 . 2008-06-29 17:15 <DIR> d--h-c--- C:\WINDOWS\ie8

2008-06-29 16:53 . 2008-06-29 16:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-06-29 15:29 . 2008-06-29 15:29 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-06-28 12:20 . 2008-06-30 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Arquivos de programas\Ladrao de Conteudo 6.0

2008-06-25 13:40 . 2008-06-25 13:40 0 --a------ C:\WINDOWS\Realorch.INI

2008-06-25 13:37 . 2008-06-25 13:37 <DIR> d-------- C:\Arquivos de programas\RealOrche

2008-06-22 13:07 . 2008-06-22 13:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-22 12:16 . 2008-06-22 22:45 <DIR> d-------- C:\Documents and Settings\Convidado\Dados de aplicativos\Orbit

2008-06-18 08:27 . 2008-06-18 12:22 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\GrabPro

2008-06-15 12:50 . 2008-06-15 12:55 65,536 --a------ C:\WINDOWS\IFinst27.exe

2008-06-15 00:25 . 2008-06-16 00:42 516,096 --a------ C:\WINDOWS\iwexec.exe

2008-06-15 00:14 . 2008-06-15 00:32 <DIR> d-------- C:\My Setups

2008-06-15 00:14 . 2008-06-15 00:14 <DIR> d-------- C:\Arquivos de programas\DigitalWeb

2008-06-15 00:12 . 2008-06-15 00:12 <DIR> d-------- C:\WINDOWS\GPPSOFT

2008-06-15 00:12 . 2008-06-15 00:12 <DIR> d-------- C:\Setup

2008-06-15 00:12 . 2008-06-15 00:12 760 --------- C:\WINDOWS\SBDATA2.DAT

2008-06-14 23:51 . 2008-06-14 23:51 <DIR> d--h----- C:\WINDOWS\system32\CyberInstallerUninstallerSystem

2008-06-14 23:51 . 2008-06-14 23:51 <DIR> d-------- C:\Arquivos de programas\CyberInstaller Suite 2008

2008-06-14 23:50 . 2008-06-14 23:54 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\CyberInstaller Studio 2008

2008-06-14 23:46 . 2008-06-14 23:46 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\HalogenWare

2008-06-14 23:45 . 2008-06-14 23:45 <DIR> d-------- C:\Documents and Settings\Vilson\HalogenWare

2008-06-14 23:33 . 2008-06-14 23:33 <DIR> d-------- C:\Arquivos de programas\FileStream

2008-06-14 23:33 . 2006-11-14 01:00 262,144 --a------ C:\WINDOWS\system32\adfactry.dll

2008-06-14 23:33 . 2006-11-14 01:00 78,336 --a------ C:\WINDOWS\system32\sfxbe324.dll

2008-06-14 23:33 . 2006-11-14 01:00 77,824 --a------ C:\WINDOWS\system32\sfxbe322.dll

2008-06-14 23:33 . 2006-11-14 01:00 63,856 --a------ C:\WINDOWS\system32\sfxbe164.dll

2008-06-14 23:33 . 2006-11-14 01:00 62,384 --a------ C:\WINDOWS\system32\sfxbe162.dll

2008-06-14 23:33 . 2006-11-14 01:00 58,368 --a------ C:\WINDOWS\system32\sfxfe321.exe

2008-06-14 23:33 . 2006-11-14 01:00 53,760 --a------ C:\WINDOWS\system32\sfxfe32.exe

2008-06-14 23:33 . 2006-11-14 01:00 31,008 --a------ C:\WINDOWS\system32\sfxfe161.exe

2008-06-14 23:33 . 2006-11-14 01:00 28,688 --a------ C:\WINDOWS\system32\sfxfe16.exe

2008-06-14 23:24 . 2008-06-14 23:31 <DIR> d-------- C:\Documents and Settings\Vilson\Bytessence Install Maker

2008-06-14 23:17 . 2008-06-14 23:18 <DIR> d-------- C:\Arquivos de programas\NSIS

2008-06-14 22:41 . 2008-06-14 22:41 <DIR> d-------- C:\Arquivos de programas\Russian New Logic

2008-06-14 22:26 . 2008-06-16 00:43 <DIR> d-------- C:\Arquivos de programas\RO

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 04:30 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Orbit

2008-07-13 20:13 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\Orbit

2008-07-13 04:34 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Tibia

2008-07-09 01:57 --------- d-----w C:\Documents and Settings\Freddi\Dados de aplicativos\Orbit

2008-07-09 01:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-07-09 01:42 258,048 ------w C:\WINDOWS\Setup1.exe

2008-07-09 00:15 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Hamachi

2008-06-29 20:24 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-06-29 20:23 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\MegauploadToolbar

2008-06-29 19:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-06-24 21:26 --------- d-----w C:\Arquivos de programas\Safari

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 21:21 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-06-16 01:50 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\CoreFTP

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 07:12 --------- d-----w C:\Arquivos de programas\Inno Setup 5

2008-06-14 06:25 --------- d-----w C:\Arquivos de programas\Diino

2008-06-13 15:40 --------- d-----w C:\Arquivos de programas\EasyPHP 2.0b1

2008-06-13 03:10 --------- d-----w C:\Arquivos de programas\VertrigoServ

2008-06-12 01:41 --------- d-----w C:\Arquivos de programas\Palavras-Cruzadas 6.0

2008-06-11 18:17 --------- d-----w C:\Arquivos de programas\Palavras-Cruzadas 7.0

2008-06-11 16:54 --------- d-----w C:\Arquivos de programas\Crossword Man

2008-06-02 21:18 --------- d-----w C:\Arquivos de programas\IObit

2008-06-02 18:46 --------- d-----w C:\Arquivos de programas\GameTribe

2008-06-01 20:28 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Vso

2008-06-01 16:58 --------- d-----w C:\Documents and Settings\Freddi\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-27 02:49 --------- d-----w C:\Arquivos de programas\ONWIND

2008-05-27 02:48 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-26 13:39 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-26 13:39 47,360 ----a-w C:\Documents and Settings\Vilson\Dados de aplicativos\pcouffin.sys

2008-05-26 13:39 --------- d-----w C:\Arquivos de programas\VSO

2008-05-25 20:25 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Cyberlink

2008-05-25 02:29 --------- d-----w C:\Arquivos de programas\Brad Smith

2008-05-25 00:18 --------- d-----w C:\Documents and Settings\Convidado\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-23 11:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-05-18 21:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\JollyBear

2008-05-18 20:40 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-18 16:35 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Ubisoft

2008-05-18 16:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft

2008-05-17 20:45 --------- d-----w C:\Arquivos de programas\Jaman Player

2008-05-17 19:29 --------- d-----w C:\Arquivos de programas\Veoh Networks

2008-05-17 18:16 --------- d-----w C:\Arquivos de programas\PandoBar

2008-05-17 18:16 --------- d-----w C:\Arquivos de programas\Pando Networks

2008-05-16 18:33 --------- d-----w C:\Arquivos de programas\LoucoServ

2008-05-14 02:50 --------- d-----w C:\Arquivos de programas\Nightmare

2008-05-14 02:06 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Apple Computer

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-26 20:33 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll

2008-04-03 19:53 14,298 ----a-w C:\Arquivos de programas\settings.dat

2008-04-01 22:27 380,928 ----a-w C:\Arquivos de programas\mdn.exe

2004-03-11 16:27 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-05-17 15:16 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-05-17 15:16 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mozilla Quick Launch"="C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" [2008-02-03 11:18 49766]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-01-17 13:51 486856]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"jamtray"="C:/Arquivos de programas/Jaman Player/jamtray.exe" [2008-05-01 22:52 453712 C:\Arquivos de programas\Jaman Player\jamtray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BigDogpath326"="C:\WINDOWS\VMSnap326.exe" [2006-09-18 18:04 86016]

"Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 17:54 49152]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-09-07 10:25 1400944]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-06-29 16:52 185896]

"PC-Checkup"="C:\PC-Checkup\PCCheckUp.exe" [2007-06-05 04:24 3949568]

"Microsoft DNS Service"="C:\WINDOWS\SVCHOST.EXE" [N/A]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

BIGDOGPATH326.lnk - C:\WINDOWS\VMSnap326.exe [2008-02-03 11:23:53 86016]

Domino.lnk - C:\WINDOWS\Domino.exe [2008-02-03 11:23:53 49152]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-06-02 08:46:21 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\Valve\\hl.exe"=

"E:\\Arquivos de programas\\Valve\\hltv.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Downloads\\Magic Workstation\\MWSPlay.exe"=

"C:\\Arquivos de programas\\mIRC\\mirc.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Downloads\\CSBR\\jogos\\CSTRIKE\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Halo\\halo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

"C:\\Arquivos de programas\\Jaman Player\\jamdownloader.exe"=

"C:\\Arquivos de programas\\Jaman Player\\jaman-updater.exe"=

"C:\\Arquivos de programas\\Veoh Networks\\Veoh\\VeohClient.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\ZuOnline.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\BT_Update.exe"=

"C:\\Rohan\\rohanclient.exe"=

"C:\\Arquivos de programas\\VertrigoServ\\Apache\\bin\\v_apache.exe"=

"C:\\Arquivos de programas\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=

"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19318:TCP"= 19318:TCP:BitComet 19318 TCP

"19318:UDP"= 19318:UDP:BitComet 19318 UDP

"6121:TCP"= 6121:TCP:char-server

"6900:TCP"= 6900:TCP:login-server

"5121:TCP"= 5121:TCP:map-server

"57348:TCP"= 57348:TCP:Pando P2P TCP Listening Port

"57348:UDP"= 57348:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

R3 usbvm328;A4 Tech USB2.0 PC Camera G;C:\WINDOWS\system32\Drivers\usbvm326.sys [2006-12-30 13:42]

R3 vmfilter326;326 MRD filter service;C:\WINDOWS\system32\drivers\vmfilter326.sys [2006-10-30 14:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-08 20:37:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-07-14 03:57:38 C:\WINDOWS\Tasks\PCConfidential.job"

- C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

"2008-07-13 18:47:27 C:\WINDOWS\Tasks\rpc.job"

- C:\Arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe

"2008-07-14 04:21:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 01:32:28

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

**************************************************************************

.

Tempo para conclusão: 2008-07-14 1:36:26

ComboFix-quarantined-files.txt 2008-07-14 04:35:24

Pre-Run: 36,569,075,712 bytes disponíveis

Post-Run: 37,074,366,464 bytes disponíveis

277 --- E O F --- 2008-07-08 22:52:48

problema persiste.

no modo de segurança as pastas abrem normalmente. so pra avisar qnd eu fiz o processo anterior eu reparei isso.

DigRam · Julho 14, 2008

Bom Dia! Scorpionok

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Antes de qualquer medida, faça a instalação do RC!

---------------------------------------

<!> Vá ao site da Microsoft: < Link >

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

<!> Terminando,poste os relatórios:

<!> C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Scorpionok · Julho 14, 2008

ComboFix 08-07-13.6 - Buba 2008-07-14 10:23:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.563 [GMT -3:00]

Executando de: C:\Documents and Settings\Vilson\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Vilson\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

2008-07-14 01:50 . 2008-07-14 01:50 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\Hide IP NG

2008-07-14 01:50 . 2008-07-14 01:50 <DIR> d-------- C:\Arquivos de programas\Hide IP NG

2008-07-14 00:35 . 2008-07-14 00:36 <DIR> d-------- C:\WINDOWS\ERUNT

2008-07-14 00:20 . 2008-07-14 01:01 <DIR> d-------- C:\SDFix

2008-07-14 00:20 . 2008-07-13 02:22 1,444,357 --a------ C:\SDFix.exe

2008-07-13 22:19 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-13 22:16 . 2008-07-13 22:16 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-07-13 15:50 . 2008-07-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winferno

2008-07-13 15:49 . 2008-07-13 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-07-13 15:46 . 2008-07-13 15:46 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-07-13 15:17 . 2008-07-13 15:17 <DIR> d-------- C:\Arquivos de programas\Discador Orolix

2008-07-11 16:00 . 2008-07-13 17:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-11 15:36 . 2008-07-11 15:36 <DIR> d-------- C:\Arquivos de programas\HHD Software

2008-07-09 09:39 . 2008-07-09 09:39 <DIR> d-------- C:\Documents and Settings\Cristina\Dados de aplicativos\ADPHONE

2008-07-08 22:44 . 2008-07-08 22:45 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\ADPHONE

2008-07-08 22:44 . 2008-07-09 09:39 <DIR> d-------- C:\Arquivos de programas\ADPHONE3

2008-07-08 22:42 . 2008-07-09 10:15 <DIR> d-------- C:\Arquivos de programas\Bíblia Sagrada 1.0

2008-07-08 22:39 . 2008-07-08 22:40 <DIR> d-------- C:\PC-Checkup

2008-07-08 22:39 . 2008-07-08 22:39 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-07-08 22:17 . 2008-07-09 11:56 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-07-08 22:17 . 2008-07-09 13:04 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-07-03 00:29 . 2008-07-03 00:30 <DIR> d-------- C:\Documents and Settings\Cristina\Dados de aplicativos\PlayFirst

2008-07-03 00:20 . 2008-07-03 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SpinTop Games

2008-07-02 23:10 . 2008-07-03 00:18 <DIR> d-------- C:\My Games

2008-07-02 22:42 . 2008-07-02 23:11 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\PlayFirst

2008-07-02 22:42 . 2008-07-02 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-07-02 17:56 . 2008-07-02 17:56 <DIR> d-------- C:\Arquivos de programas\UNO Freeware

2008-07-02 17:56 . 2008-07-02 17:56 796,672 --a------ C:\WINDOWS\GPInstall.exe

2008-07-02 17:56 . 2000-08-10 23:06 7,883 --a------ C:\WINDOWS\Eng_UK.gpl

2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 17:14 . 2008-06-29 17:15 <DIR> d--h-c--- C:\WINDOWS\ie8

2008-06-29 16:53 . 2008-06-29 16:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-06-29 15:29 . 2008-06-29 15:29 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-06-28 12:20 . 2008-06-30 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Arquivos de programas\Ladrao de Conteudo 6.0

2008-06-25 13:40 . 2008-06-25 13:40 0 --a------ C:\WINDOWS\Realorch.INI

2008-06-25 13:37 . 2008-06-25 13:37 <DIR> d-------- C:\Arquivos de programas\RealOrche

2008-06-22 13:07 . 2008-06-22 13:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-22 12:16 . 2008-06-22 22:45 <DIR> d-------- C:\Documents and Settings\Convidado\Dados de aplicativos\Orbit

2008-06-18 08:27 . 2008-06-18 12:22 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\GrabPro

2008-06-15 12:50 . 2008-06-15 12:55 65,536 --a------ C:\WINDOWS\IFinst27.exe

2008-06-15 00:25 . 2008-06-16 00:42 516,096 --a------ C:\WINDOWS\iwexec.exe

2008-06-15 00:14 . 2008-06-15 00:32 <DIR> d-------- C:\My Setups

2008-06-15 00:14 . 2008-06-15 00:14 <DIR> d-------- C:\Arquivos de programas\DigitalWeb

2008-06-15 00:12 . 2008-06-15 00:12 <DIR> d-------- C:\WINDOWS\GPPSOFT

2008-06-15 00:12 . 2008-06-15 00:12 <DIR> d-------- C:\Setup

2008-06-15 00:12 . 2008-06-15 00:12 760 --------- C:\WINDOWS\SBDATA2.DAT

2008-06-14 23:51 . 2008-06-14 23:51 <DIR> d--h----- C:\WINDOWS\system32\CyberInstallerUninstallerSystem

2008-06-14 23:51 . 2008-06-14 23:51 <DIR> d-------- C:\Arquivos de programas\CyberInstaller Suite 2008

2008-06-14 23:50 . 2008-06-14 23:54 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\CyberInstaller Studio 2008

2008-06-14 23:46 . 2008-06-14 23:46 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\HalogenWare

2008-06-14 23:45 . 2008-06-14 23:45 <DIR> d-------- C:\Documents and Settings\Vilson\HalogenWare

2008-06-14 23:33 . 2008-06-14 23:33 <DIR> d-------- C:\Arquivos de programas\FileStream

2008-06-14 23:33 . 2006-11-14 01:00 262,144 --a------ C:\WINDOWS\system32\adfactry.dll

2008-06-14 23:33 . 2006-11-14 01:00 78,336 --a------ C:\WINDOWS\system32\sfxbe324.dll

2008-06-14 23:33 . 2006-11-14 01:00 77,824 --a------ C:\WINDOWS\system32\sfxbe322.dll

2008-06-14 23:33 . 2006-11-14 01:00 63,856 --a------ C:\WINDOWS\system32\sfxbe164.dll

2008-06-14 23:33 . 2006-11-14 01:00 62,384 --a------ C:\WINDOWS\system32\sfxbe162.dll

2008-06-14 23:33 . 2006-11-14 01:00 58,368 --a------ C:\WINDOWS\system32\sfxfe321.exe

2008-06-14 23:33 . 2006-11-14 01:00 53,760 --a------ C:\WINDOWS\system32\sfxfe32.exe

2008-06-14 23:33 . 2006-11-14 01:00 31,008 --a------ C:\WINDOWS\system32\sfxfe161.exe

2008-06-14 23:33 . 2006-11-14 01:00 28,688 --a------ C:\WINDOWS\system32\sfxfe16.exe

2008-06-14 23:24 . 2008-06-14 23:31 <DIR> d-------- C:\Documents and Settings\Vilson\Bytessence Install Maker

2008-06-14 23:17 . 2008-06-14 23:18 <DIR> d-------- C:\Arquivos de programas\NSIS

2008-06-14 22:41 . 2008-06-14 22:41 <DIR> d-------- C:\Arquivos de programas\Russian New Logic

2008-06-14 22:26 . 2008-06-16 00:43 <DIR> d-------- C:\Arquivos de programas\RO

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 13:22 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Orbit

2008-07-13 20:13 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\Orbit

2008-07-13 04:34 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Tibia

2008-07-09 01:57 --------- d-----w C:\Documents and Settings\Freddi\Dados de aplicativos\Orbit

2008-07-09 01:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-07-09 01:42 258,048 ------w C:\WINDOWS\Setup1.exe

2008-07-09 00:15 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Hamachi

2008-06-29 20:24 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-06-29 20:23 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\MegauploadToolbar

2008-06-29 19:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-06-24 21:26 --------- d-----w C:\Arquivos de programas\Safari

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 21:21 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-06-16 01:50 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\CoreFTP

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 07:12 --------- d-----w C:\Arquivos de programas\Inno Setup 5

2008-06-14 06:25 --------- d-----w C:\Arquivos de programas\Diino

2008-06-13 15:40 --------- d-----w C:\Arquivos de programas\EasyPHP 2.0b1

2008-06-13 03:10 --------- d-----w C:\Arquivos de programas\VertrigoServ

2008-06-12 01:41 --------- d-----w C:\Arquivos de programas\Palavras-Cruzadas 6.0

2008-06-11 18:17 --------- d-----w C:\Arquivos de programas\Palavras-Cruzadas 7.0

2008-06-11 16:54 --------- d-----w C:\Arquivos de programas\Crossword Man

2008-06-02 21:18 --------- d-----w C:\Arquivos de programas\IObit

2008-06-02 18:46 --------- d-----w C:\Arquivos de programas\GameTribe

2008-06-01 20:28 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Vso

2008-06-01 16:58 --------- d-----w C:\Documents and Settings\Freddi\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-27 02:49 --------- d-----w C:\Arquivos de programas\ONWIND

2008-05-27 02:48 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-26 13:39 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-26 13:39 47,360 ----a-w C:\Documents and Settings\Vilson\Dados de aplicativos\pcouffin.sys

2008-05-26 13:39 --------- d-----w C:\Arquivos de programas\VSO

2008-05-25 20:25 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Cyberlink

2008-05-25 02:29 --------- d-----w C:\Arquivos de programas\Brad Smith

2008-05-25 00:18 --------- d-----w C:\Documents and Settings\Convidado\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-23 11:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-05-18 21:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\JollyBear

2008-05-18 20:40 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-18 16:35 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Ubisoft

2008-05-18 16:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft

2008-05-17 20:45 --------- d-----w C:\Arquivos de programas\Jaman Player

2008-05-17 19:29 --------- d-----w C:\Arquivos de programas\Veoh Networks

2008-05-17 18:16 --------- d-----w C:\Arquivos de programas\PandoBar

2008-05-17 18:16 --------- d-----w C:\Arquivos de programas\Pando Networks

2008-05-16 18:33 --------- d-----w C:\Arquivos de programas\LoucoServ

2008-05-14 02:50 --------- d-----w C:\Arquivos de programas\Nightmare

2008-05-14 02:06 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Apple Computer

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-26 20:33 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll

2008-04-03 19:53 14,298 ----a-w C:\Arquivos de programas\settings.dat

2008-04-01 22:27 380,928 ----a-w C:\Arquivos de programas\mdn.exe

2004-03-11 16:27 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-14_ 1.32.55.78 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-14 03:57:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-14 13:04:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-14 13:04:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_dc.dat

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-05-17 15:16 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-05-17 15:16 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mozilla Quick Launch"="C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" [2008-02-03 11:18 49766]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-01-17 13:51 486856]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"jamtray"="C:/Arquivos de programas/Jaman Player/jamtray.exe" [2008-05-01 22:52 453712 C:\Arquivos de programas\Jaman Player\jamtray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BigDogpath326"="C:\WINDOWS\VMSnap326.exe" [2006-09-18 18:04 86016]

"Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 17:54 49152]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-09-07 10:25 1400944]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-06-29 16:52 185896]

"PC-Checkup"="C:\PC-Checkup\PCCheckUp.exe" [2007-06-05 04:24 3949568]

"Microsoft DNS Service"="C:\WINDOWS\SVCHOST.EXE" [N/A]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

BIGDOGPATH326.lnk - C:\WINDOWS\VMSnap326.exe [2008-02-03 11:23:53 86016]

Domino.lnk - C:\WINDOWS\Domino.exe [2008-02-03 11:23:53 49152]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-06-02 08:46:21 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\Valve\\hl.exe"=

"E:\\Arquivos de programas\\Valve\\hltv.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Downloads\\Magic Workstation\\MWSPlay.exe"=

"C:\\Arquivos de programas\\mIRC\\mirc.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Downloads\\CSBR\\jogos\\CSTRIKE\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Halo\\halo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

"C:\\Arquivos de programas\\Jaman Player\\jamdownloader.exe"=

"C:\\Arquivos de programas\\Jaman Player\\jaman-updater.exe"=

"C:\\Arquivos de programas\\Veoh Networks\\Veoh\\VeohClient.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\ZuOnline.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\BT_Update.exe"=

"C:\\Rohan\\rohanclient.exe"=

"C:\\Arquivos de programas\\VertrigoServ\\Apache\\bin\\v_apache.exe"=

"C:\\Arquivos de programas\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=

"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19318:TCP"= 19318:TCP:BitComet 19318 TCP

"19318:UDP"= 19318:UDP:BitComet 19318 UDP

"6121:TCP"= 6121:TCP:char-server

"6900:TCP"= 6900:TCP:login-server

"5121:TCP"= 5121:TCP:map-server

"57348:TCP"= 57348:TCP:Pando P2P TCP Listening Port

"57348:UDP"= 57348:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

R3 usbvm328;A4 Tech USB2.0 PC Camera G;C:\WINDOWS\system32\Drivers\usbvm326.sys [2006-12-30 13:42]

R3 vmfilter326;326 MRD filter service;C:\WINDOWS\system32\drivers\vmfilter326.sys [2006-10-30 14:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-08 20:37:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-07-14 13:05:19 C:\WINDOWS\Tasks\PCConfidential.job"

- C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

"2008-07-13 18:47:27 C:\WINDOWS\Tasks\rpc.job"

- C:\Arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe

"2008-07-14 13:21:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 10:24:45

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

**************************************************************************

.

Tempo para conclusão: 2008-07-14 10:28:42

ComboFix-quarantined-files.txt 2008-07-14 13:27:40

ComboFix2.txt 2008-07-14 04:36:27

Pre-Run: 37,265,616,896 bytes disponíveis

Post-Run: 37,243,920,384 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

264 --- E O F --- 2008-07-08 22:52:48

Logfile of HijackThis v1.99.1
Scan saved at 10:29:38, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VMSnap326.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Jaman Player\jamtray.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Pando Networks\Pando\pando.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Vilson\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Arquivos de programas\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bigDogpath326] C:\WINDOWS\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKLM\..\Run: [Microsoft DNS Service] C:\WINDOWS\SVCHOST.EXE

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [jamtray] C:/Arquivos de programas/Jaman Player/jamtray.exe

O4 - Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Cara por favor me diz que você jah sabe qual eh o problema eu ja tou aguniado T_T

DigRam · Julho 14, 2008

Boa Tarde! Scorpionok

Cara por favor me diz que você jah sabe qual eh o problema eu ja tou aguniado T_T

<!> Voçê instalou um spyware ( ShopperReports ),que provavelmente,está lhe causando estes problemas. Vamos removê-lo e,para o próximo Post,efetuar uma limpeza do registro.

<!> Mas,cabe lhe esclarecer que,este não é o único malware que está rodando no PC.

-----------------------------------

<@> Vá a esta página: < Link >

<@> Localize: Registry Search Tool

<@> Clique no ícone < > e,baixe o arquivo RegSrch.zip <!>

<@> Extraia o conteúdo do zip para o Desktop!

<@> Execute o arquivo RegSrch.vbs e,na janela que abrir,digite: "ShopperReports"

<@> Dê o Ok.

<@> Aguarde!Na janela que surgir,clique em Ok.

<@> Surgirão informações de registro,que voçê passará ao Bloco de Notas e colará na sua resposta.

<@> Salve-o com o nome: Requisit_SR

<@> Poste,então: Requisit_SR.txt << Não esqueça de Postar!

------------------------------------

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Desabilite a proteção residente do Avast.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

File:
C:\WINDOWS\SVCHOST.EXE

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Microsoft DNS Service"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

<@> Arraste,com o Mouse,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

Abraços!

Scorpionok · Julho 14, 2008

eu fiz ate a parte da janelinha e de OK dps deu um erro e fecho =/

Scorpionok · Julho 14, 2008

<!> Mas,cabe lhe esclarecer que,este não é o único malware que está rodando no PC.

muito obrigado por me ajudar com os outros. como disse no começo eu sou leigo no assunto e pra mim o unico q estaria realmente dando prejuizo eh esse da pasta =/

segue acima uma foto do erro caso você nao tenha me entendido.

DigRam · Julho 14, 2008

<!> Mas,cabe lhe esclarecer que,este não é o único malware que está rodando no PC.

muito obrigado por me ajudar com os outros. como disse no começo eu sou leigo no assunto e pra mim o unico q estaria realmente dando prejuizo eh esse da pasta =/

segue acima uma foto do erro caso você nao tenha me entendido.

----------------------------

Opa! Scorpionok

<!> Vá a este Tutorial,e execute o script,que está retificado:

< Link >

<!> Salve-o no Bloco de Notas,como arquivo ( .vbs ) ponto vbs.

<!> Criado o arquivo,execute-o segundo as instruções que lhe foram passadas!

Abraços!

Scorpionok · Julho 14, 2008

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.
<@> Desabilite a proteção residente do Avast.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

esse negocio eu copio e colo no mesmo bloco de notas que veiu o relatorio ou num bloco de notas a parte?

---------------------------------

Resposta:

<!> Copie em um Bloco de Notas,à parte!

Abraços!

Scorpionok · Julho 14, 2008

ComboFix 08-07-13.6 - Buba 2008-07-14 16:01:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.247 [GMT -3:00]

Executando de: C:\Documents and Settings\Vilson\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Vilson\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))

.

2008-07-14 01:50 . 2008-07-14 01:50 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\Hide IP NG

2008-07-14 01:50 . 2008-07-14 01:50 <DIR> d-------- C:\Arquivos de programas\Hide IP NG

2008-07-14 00:35 . 2008-07-14 00:36 <DIR> d-------- C:\WINDOWS\ERUNT

2008-07-14 00:20 . 2008-07-14 01:01 <DIR> d-------- C:\SDFix

2008-07-14 00:20 . 2008-07-13 02:22 1,444,357 --a------ C:\SDFix.exe

2008-07-13 22:19 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-13 22:16 . 2008-07-13 22:16 <DIR> d-------- C:\Arquivos de programas\Panda Security

2008-07-13 15:50 . 2008-07-13 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winferno

2008-07-13 15:49 . 2008-07-13 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-07-13 15:46 . 2008-07-13 15:46 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-07-13 15:17 . 2008-07-13 15:17 <DIR> d-------- C:\Arquivos de programas\Discador Orolix

2008-07-11 16:00 . 2008-07-13 17:10 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-11 15:36 . 2008-07-11 15:36 <DIR> d-------- C:\Arquivos de programas\HHD Software

2008-07-09 09:39 . 2008-07-09 09:39 <DIR> d-------- C:\Documents and Settings\Cristina\Dados de aplicativos\ADPHONE

2008-07-08 22:44 . 2008-07-08 22:45 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\ADPHONE

2008-07-08 22:44 . 2008-07-09 09:39 <DIR> d-------- C:\Arquivos de programas\ADPHONE3

2008-07-08 22:42 . 2008-07-09 10:15 <DIR> d-------- C:\Arquivos de programas\Bíblia Sagrada 1.0

2008-07-08 22:39 . 2008-07-08 22:40 <DIR> d-------- C:\PC-Checkup

2008-07-08 22:39 . 2008-07-08 22:39 737,280 --a------ C:\WINDOWS\iun6002.exe

2008-07-08 22:17 . 2008-07-09 11:56 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-07-08 22:17 . 2008-07-09 13:04 <DIR> d-------- C:\Arquivos de programas\Megacubo

2008-07-03 00:29 . 2008-07-03 00:30 <DIR> d-------- C:\Documents and Settings\Cristina\Dados de aplicativos\PlayFirst

2008-07-03 00:20 . 2008-07-03 00:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SpinTop Games

2008-07-02 23:10 . 2008-07-03 00:18 <DIR> d-------- C:\My Games

2008-07-02 22:42 . 2008-07-02 23:11 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\PlayFirst

2008-07-02 22:42 . 2008-07-02 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-07-02 17:56 . 2008-07-02 17:56 <DIR> d-------- C:\Arquivos de programas\UNO Freeware

2008-07-02 17:56 . 2008-07-02 17:56 796,672 --a------ C:\WINDOWS\GPInstall.exe

2008-07-02 17:56 . 2000-08-10 23:06 7,883 --a------ C:\WINDOWS\Eng_UK.gpl

2008-06-29 17:25 . 2008-06-29 17:25 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 17:14 . 2008-06-29 17:15 <DIR> d--h-c--- C:\WINDOWS\ie8

2008-06-29 16:53 . 2008-06-29 16:53 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-06-29 15:29 . 2008-06-29 15:29 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-06-28 12:20 . 2008-06-30 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2008-06-28 12:19 . 2008-06-28 12:19 <DIR> d-------- C:\Arquivos de programas\Ladrao de Conteudo 6.0

2008-06-25 13:40 . 2008-06-25 13:40 0 --a------ C:\WINDOWS\Realorch.INI

2008-06-25 13:37 . 2008-06-25 13:37 <DIR> d-------- C:\Arquivos de programas\RealOrche

2008-06-22 13:07 . 2008-06-22 13:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-22 12:16 . 2008-06-22 22:45 <DIR> d-------- C:\Documents and Settings\Convidado\Dados de aplicativos\Orbit

2008-06-18 08:27 . 2008-06-18 12:22 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\GrabPro

2008-06-15 12:50 . 2008-06-15 12:55 65,536 --a------ C:\WINDOWS\IFinst27.exe

2008-06-15 00:25 . 2008-06-16 00:42 516,096 --a------ C:\WINDOWS\iwexec.exe

2008-06-15 00:14 . 2008-06-15 00:32 <DIR> d-------- C:\My Setups

2008-06-15 00:14 . 2008-06-15 00:14 <DIR> d-------- C:\Arquivos de programas\DigitalWeb

2008-06-15 00:12 . 2008-06-15 00:12 <DIR> d-------- C:\WINDOWS\GPPSOFT

2008-06-15 00:12 . 2008-06-15 00:12 <DIR> d-------- C:\Setup

2008-06-15 00:12 . 2008-06-15 00:12 760 --------- C:\WINDOWS\SBDATA2.DAT

2008-06-14 23:51 . 2008-06-14 23:51 <DIR> d--h----- C:\WINDOWS\system32\CyberInstallerUninstallerSystem

2008-06-14 23:51 . 2008-06-14 23:51 <DIR> d-------- C:\Arquivos de programas\CyberInstaller Suite 2008

2008-06-14 23:50 . 2008-06-14 23:54 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\CyberInstaller Studio 2008

2008-06-14 23:46 . 2008-06-14 23:46 <DIR> d-------- C:\Documents and Settings\Vilson\Dados de aplicativos\HalogenWare

2008-06-14 23:45 . 2008-06-14 23:45 <DIR> d-------- C:\Documents and Settings\Vilson\HalogenWare

2008-06-14 23:33 . 2008-06-14 23:33 <DIR> d-------- C:\Arquivos de programas\FileStream

2008-06-14 23:33 . 2006-11-14 01:00 262,144 --a------ C:\WINDOWS\system32\adfactry.dll

2008-06-14 23:33 . 2006-11-14 01:00 78,336 --a------ C:\WINDOWS\system32\sfxbe324.dll

2008-06-14 23:33 . 2006-11-14 01:00 77,824 --a------ C:\WINDOWS\system32\sfxbe322.dll

2008-06-14 23:33 . 2006-11-14 01:00 63,856 --a------ C:\WINDOWS\system32\sfxbe164.dll

2008-06-14 23:33 . 2006-11-14 01:00 62,384 --a------ C:\WINDOWS\system32\sfxbe162.dll

2008-06-14 23:33 . 2006-11-14 01:00 58,368 --a------ C:\WINDOWS\system32\sfxfe321.exe

2008-06-14 23:33 . 2006-11-14 01:00 53,760 --a------ C:\WINDOWS\system32\sfxfe32.exe

2008-06-14 23:33 . 2006-11-14 01:00 31,008 --a------ C:\WINDOWS\system32\sfxfe161.exe

2008-06-14 23:33 . 2006-11-14 01:00 28,688 --a------ C:\WINDOWS\system32\sfxfe16.exe

2008-06-14 23:24 . 2008-06-14 23:31 <DIR> d-------- C:\Documents and Settings\Vilson\Bytessence Install Maker

2008-06-14 23:17 . 2008-06-14 23:18 <DIR> d-------- C:\Arquivos de programas\NSIS

2008-06-14 22:41 . 2008-06-14 22:41 <DIR> d-------- C:\Arquivos de programas\Russian New Logic

2008-06-14 22:26 . 2008-06-16 00:43 <DIR> d-------- C:\Arquivos de programas\RO

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 13:22 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Orbit

2008-07-13 20:13 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\Orbit

2008-07-13 04:34 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Tibia

2008-07-09 01:57 --------- d-----w C:\Documents and Settings\Freddi\Dados de aplicativos\Orbit

2008-07-09 01:42 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-07-09 01:42 258,048 ------w C:\WINDOWS\Setup1.exe

2008-07-09 00:15 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Hamachi

2008-06-29 20:24 --------- d-----w C:\Arquivos de programas\Orbitdownloader

2008-06-29 20:23 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\MegauploadToolbar

2008-06-29 19:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-06-24 21:26 --------- d-----w C:\Arquivos de programas\Safari

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-18 21:21 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-06-16 01:50 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\CoreFTP

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 07:12 --------- d-----w C:\Arquivos de programas\Inno Setup 5

2008-06-14 06:25 --------- d-----w C:\Arquivos de programas\Diino

2008-06-13 15:40 --------- d-----w C:\Arquivos de programas\EasyPHP 2.0b1

2008-06-13 03:10 --------- d-----w C:\Arquivos de programas\VertrigoServ

2008-06-12 01:41 --------- d-----w C:\Arquivos de programas\Palavras-Cruzadas 6.0

2008-06-11 18:17 --------- d-----w C:\Arquivos de programas\Palavras-Cruzadas 7.0

2008-06-11 16:54 --------- d-----w C:\Arquivos de programas\Crossword Man

2008-06-02 21:18 --------- d-----w C:\Arquivos de programas\IObit

2008-06-02 18:46 --------- d-----w C:\Arquivos de programas\GameTribe

2008-06-01 20:28 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Vso

2008-06-01 16:58 --------- d-----w C:\Documents and Settings\Freddi\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-27 02:49 --------- d-----w C:\Arquivos de programas\ONWIND

2008-05-27 02:48 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-26 13:39 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-26 13:39 47,360 ----a-w C:\Documents and Settings\Vilson\Dados de aplicativos\pcouffin.sys

2008-05-26 13:39 --------- d-----w C:\Arquivos de programas\VSO

2008-05-25 20:25 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Cyberlink

2008-05-25 02:29 --------- d-----w C:\Arquivos de programas\Brad Smith

2008-05-25 00:18 --------- d-----w C:\Documents and Settings\Convidado\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-05-23 11:21 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-05-18 21:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\JollyBear

2008-05-18 20:40 --------- d-----w C:\Arquivos de programas\Windows Live

2008-05-18 16:35 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Ubisoft

2008-05-18 16:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft

2008-05-17 20:45 --------- d-----w C:\Arquivos de programas\Jaman Player

2008-05-17 19:29 --------- d-----w C:\Arquivos de programas\Veoh Networks

2008-05-17 18:16 --------- d-----w C:\Arquivos de programas\PandoBar

2008-05-17 18:16 --------- d-----w C:\Arquivos de programas\Pando Networks

2008-05-16 18:33 --------- d-----w C:\Arquivos de programas\LoucoServ

2008-05-14 02:50 --------- d-----w C:\Arquivos de programas\Nightmare

2008-05-14 02:06 --------- d-----w C:\Documents and Settings\Vilson\Dados de aplicativos\Apple Computer

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-26 20:33 774,144 ----a-w C:\Arquivos de programas\RngInterstitial.dll

2008-04-03 19:53 14,298 ----a-w C:\Arquivos de programas\settings.dat

2008-04-01 22:27 380,928 ----a-w C:\Arquivos de programas\mdn.exe

2004-03-11 16:27 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-14_ 1.32.55.78 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-14 03:57:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-14 13:04:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-14 13:04:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_dc.dat

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4}"= "C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-05-17 15:16 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}"= "C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL" [2008-05-17 15:16 266240]

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mozilla Quick Launch"="C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" [2008-02-03 11:18 49766]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-01-17 13:51 486856]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"jamtray"="C:/Arquivos de programas/Jaman Player/jamtray.exe" [2008-05-01 22:52 453712 C:\Arquivos de programas\Jaman Player\jamtray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"BigDogpath326"="C:\WINDOWS\VMSnap326.exe" [2006-09-18 18:04 86016]

"Domino"="C:\WINDOWS\Domino.exe" [2006-06-28 17:54 49152]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2004-09-07 10:25 1400944]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-06-29 16:52 185896]

"PC-Checkup"="C:\PC-Checkup\PCCheckUp.exe" [2007-06-05 04:24 3949568]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

BIGDOGPATH326.lnk - C:\WINDOWS\VMSnap326.exe [2008-02-03 11:23:53 86016]

Domino.lnk - C:\WINDOWS\Domino.exe [2008-02-03 11:23:53 49152]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-06-02 08:46:21 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Arquivos de programas\\Valve\\hl.exe"=

"E:\\Arquivos de programas\\Valve\\hltv.exe"=

"C:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"C:\\Downloads\\Magic Workstation\\MWSPlay.exe"=

"C:\\Arquivos de programas\\mIRC\\mirc.exe"=

"C:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"C:\\Downloads\\CSBR\\jogos\\CSTRIKE\\hl.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Halo\\halo.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=

"C:\\Arquivos de programas\\Jaman Player\\jamdownloader.exe"=

"C:\\Arquivos de programas\\Jaman Player\\jaman-updater.exe"=

"C:\\Arquivos de programas\\Veoh Networks\\Veoh\\VeohClient.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"E:\\Arquivos de programas\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\ZuOnline.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\ONWIND\\ZU-ONLINE\\BT_Update.exe"=

"C:\\Rohan\\rohanclient.exe"=

"C:\\Arquivos de programas\\VertrigoServ\\Apache\\bin\\v_apache.exe"=

"C:\\Arquivos de programas\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=

"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"C:\\Arquivos de programas\\ADPHONE3\\ADPHONE.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"19318:TCP"= 19318:TCP:BitComet 19318 TCP

"19318:UDP"= 19318:UDP:BitComet 19318 UDP

"6121:TCP"= 6121:TCP:char-server

"6900:TCP"= 6900:TCP:login-server

"5121:TCP"= 5121:TCP:map-server

"57348:TCP"= 57348:TCP:Pando P2P TCP Listening Port

"57348:UDP"= 57348:UDP:Pando P2P UDP Listening Port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

R3 usbvm328;A4 Tech USB2.0 PC Camera G;C:\WINDOWS\system32\Drivers\usbvm326.sys [2006-12-30 13:42]

R3 vmfilter326;326 MRD filter service;C:\WINDOWS\system32\drivers\vmfilter326.sys [2006-10-30 14:17]

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-08 20:37:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-07-14 13:05:19 C:\WINDOWS\Tasks\PCConfidential.job"

- C:\Arquivos de programas\Winferno\PC Confidential\PCConfidential.exe

"2008-07-13 18:47:27 C:\WINDOWS\Tasks\rpc.job"

- C:\Arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe

"2008-07-14 18:21:00 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"

- C:\Arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 16:03:20

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

**************************************************************************

.

Tempo para conclusão: 2008-07-14 16:07:57

ComboFix-quarantined-files.txt 2008-07-14 19:06:53

ComboFix2.txt 2008-07-14 13:28:43

ComboFix3.txt 2008-07-14 04:36:27

Pre-Run: 37,177,344,000 bytes disponíveis

Post-Run: 37,182,566,400 bytes disponíveis

255 --- E O F --- 2008-07-08 22:52:48

Logfile of HijackThis v1.99.1
Scan saved at 16:12:07, on 14/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.17184)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\VMSnap326.exe

C:\WINDOWS\Domino.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\PC-Checkup\PCCheckUp.exe

C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Jaman Player\jamtray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\Vilson\Desktop\HijackThis.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Arquivos de programas\Pando Networks\Pando\PandoIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\ARQUIV~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Arquivos de programas\PandoBar\bar\1.bin\PANDOBAR.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Arquivos de programas\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [startCCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bigDogpath326] C:\WINDOWS\VMSnap326.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe A4 TECH USB2.0 PC Camera G

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Arquivos de programas\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [jamtray] C:/Arquivos de programas/Jaman Player/jamtray.exe

O4 - Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

bom eh isso ai.. o problema persiste =/

Scorpionok · Julho 14, 2008

obs: reparei que de ontem (dia em q começou a da problema) pra hj.

apareceu o seguinte tray icon.

isso teria algo a ver?

esse cubo preto Oo

DigRam · Julho 14, 2008

obs: reparei que de ontem (dia em q começou a da problema) pra hj.

apareceu o seguinte tray icon.

isso teria algo a ver?

esse cubo preto Oo

-------------------------

Opa! Scorpionok

<!> A imagem não é conclusiva,e poderá estar relacionado à um programa legítimo!

<!> Clique com o direito do mouse,sobre o ícone,e anote a que programa se refere.

-------------------------

<@> Se voçê teve dificuldades,em criar o scripts,baixe-o com as devidas correções,deste servidor.

< http://www.badongo.com/file/8577754 >

<@> Execute-o e poste: Requisit_SR.txt

Abraços!

Scorpionok · Julho 14, 2008

nao tive dificuldades em criar nada que você mandou... o problema q persiste eh o da pasta q nao abre

qual ao icone eh justamente por isso q acho estranho passa o mouse em cima nao mostra nada clica com ambos os botoes tb nao da em nada =/

DigRam · Julho 14, 2008

nao tive dificuldades em criar nada que você mandou... o problema q persiste eh o da pasta q nao abre

qual ao icone eh justamente por isso q acho estranho passa o mouse em cima nao mostra nada clica com ambos os botoes tb nao da em nada =/

-------------------------

Opa! Scorpionok

<!> Baixe o arquivo do servidor e execute-o!

<!> Necessito das informações de registro,que será gerada,para remover tudo que se relaciona ao malware.

-------------------------

>@< Baixe: < SmitfraudFix >

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo!

>@< Reinicie o computador em Modo de Segurança! << Importante!

>@< Execute o SmitfraudFix.cmd <!>

>@< Aperte a opção 2 >> Enter.

>@< Quando aparecer a mensagem: Do you want to clean the registry,aperte a opção Y >> Enter.

>@< Reinicie,normalmente,o computador!

>@< Caso tenha ocorrido mudanças,no desktop,corrija nas propriedades de vídeo.( Tema )

>@< Copie o Log ( rapport.txt ) e poste,na sua resposta + HijackThis,atualizado.

Abraços!

Arquivado

[Arquivado] Pastas nao abrem

Recommended Posts

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Scorpionok 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144