[Resolvido!] log para analise

[Armando Leitão 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:57:50, on 8/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\system32\sbfc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 5883 bytes

 

 

ComboFix 08-12-07.04 - Windows XP 2008-12-08 20:50:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.521 [GMT -3:00]

Executando de: c:\documents and settings\Windows XP\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

/wow section - STAGE 32A

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-08 to 2008-12-08 ))))))))))))))))))))))))))))

.

 

2008-12-08 20:41 . 2008-12-08 20:41 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Malwarebytes

2008-12-08 20:41 . 2008-12-08 20:41 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-08 20:41 . 2008-12-08 20:41 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-12-08 20:41 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-08 20:41 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-27 23:47 . 2008-11-27 23:47 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Desktopicon

2008-11-27 23:46 . 2004-03-08 23:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX

2008-11-27 23:40 . 2008-11-27 23:40 <DIR> d-------- c:\arquivos de programas\Xvid

2008-11-27 23:40 . 2008-11-27 23:40 <DIR> d-------- c:\arquivos de programas\Ares

2008-11-27 23:40 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax

2008-11-27 23:39 . 2008-11-27 23:39 <DIR> d-------- c:\arquivos de programas\DsNET Corp

2008-11-21 01:13 . 2008-11-21 01:13 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA

2008-11-20 23:03 . 2008-11-20 23:03 <DIR> d-------- c:\arquivos de programas\Positivo

2008-11-19 22:06 . 2008-12-05 16:03 <DIR> d-------- c:\documents and settings\Windows XP\.jSMS

2008-11-19 21:23 . 2008-11-19 21:23 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-19 21:21 . 2008-11-19 21:21 <DIR> d-------- c:\arquivos de programas\Windows Live

2008-11-19 21:21 . 2008-11-19 22:29 <DIR> d-------- c:\arquivos de programas\Messenger Plus! Live

2008-11-19 20:51 . 2008-11-19 20:51 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Media Player Classic

2008-11-19 20:50 . 2008-11-19 20:50 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-11-19 20:37 . 2005-05-17 16:24 311,296 --a------ c:\windows\system32\AegisI5.exe

2008-11-19 20:37 . 2006-01-18 13:55 290,918 --a------ c:\windows\system32\Install7x.dll

2008-11-19 20:37 . 2005-10-17 19:50 245,376 --a------ c:\windows\system32\drivers\rt2500usb.SYS

2008-11-19 20:37 . 2005-11-30 11:33 2,048 --a------ c:\windows\system32\drivers\rt73.bin

2008-11-19 20:37 . 2005-08-19 15:51 138 --a------ c:\windows\filespec7x

2008-11-19 20:36 . 2008-11-19 20:36 20,747 --a------ c:\windows\system32\drivers\AegisP.sys

2008-11-19 20:23 . 2006-01-12 19:46 252,928 --a------ c:\windows\system32\drivers\rt73.sys

2008-11-18 19:08 . 2008-12-05 20:28 116 --a------ c:\windows\NeroDigital.ini

2008-11-15 11:53 . 2008-11-15 11:53 <DIR> d-------- c:\arquivos de programas\RealVNC

2008-11-15 11:02 . 2008-12-08 20:36 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Hamachi

2008-11-15 11:02 . 2008-11-15 11:02 <DIR> d-------- c:\arquivos de programas\Hamachi

2008-11-15 11:02 . 2008-11-15 11:02 25,280 --a------ c:\windows\system32\drivers\hamachi.sys

2008-11-14 13:47 . 2008-11-15 10:21 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-14 13:05 . 2008-11-14 13:05 <DIR> d-------- c:\windows\Sun

2008-11-14 12:17 . 2008-11-15 13:15 <DIR> d--h----- C:\$AVG8.VAULT$

2008-11-14 12:09 . 2008-06-14 14:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2008-11-14 12:09 . 2008-06-14 14:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2008-11-14 10:45 . 2008-10-24 08:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-13 23:23 . 2008-11-13 23:23 268 --ah----- C:\sqmdata10.sqm

2008-11-13 23:23 . 2008-11-13 23:23 244 --ah----- C:\sqmnoopt10.sqm

2008-11-13 23:04 . 2008-12-08 20:22 <DIR> d--h----- c:\documents and settings\Windows XP\YShield

2008-11-13 23:04 . 2008-12-08 20:22 <DIR> d--h----- c:\documents and settings\LocalService\YShield

2008-11-13 23:04 . 2008-11-26 07:30 <DIR> d--h----- c:\documents and settings\All Users\YShield

2008-11-13 23:04 . 2008-11-13 23:04 <DIR> d--h----- c:\arquivos de programas\Blok Free 3

2008-11-13 23:04 . 2008-08-22 10:56 1,101,312 --a------ c:\windows\system32\pdvmd.dat

2008-11-13 23:04 . 2008-08-22 10:46 428,544 --a------ c:\windows\system32\sdvmd.dat

2008-11-13 23:02 . 2008-11-13 23:05 <DIR> d--h----- c:\documents and settings\Windows XP\Help

2008-11-13 23:02 . 2008-11-13 23:05 <DIR> d--h----- c:\documents and settings\All Users\Help

2008-11-13 22:59 . 2008-11-13 22:59 1,204 --a------ c:\windows\mozver.dat

2008-11-13 22:42 . 2008-11-13 22:42 268 --ah----- C:\sqmdata09.sqm

2008-11-13 22:42 . 2008-11-13 22:42 244 --ah----- C:\sqmnoopt09.sqm

2008-11-13 20:48 . 2008-11-13 20:48 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\Talkback

2008-11-13 20:48 . 2008-11-13 20:48 0 --a------ c:\windows\nsreg.dat

2008-11-13 20:09 . 2008-11-18 10:52 <DIR> d-------- c:\documents and settings\Windows XP\Contacts

2008-11-13 18:46 . 2008-11-13 18:46 268 --ah----- C:\sqmdata08.sqm

2008-11-13 18:46 . 2008-11-13 18:46 244 --ah----- C:\sqmnoopt08.sqm

2008-11-13 16:20 . 2008-11-13 16:20 268 --ah----- C:\sqmdata07.sqm

2008-11-13 16:20 . 2008-11-13 16:20 244 --ah----- C:\sqmnoopt07.sqm

2008-11-13 13:53 . 2008-11-13 13:53 268 --ah----- C:\sqmdata06.sqm

2008-11-13 13:53 . 2008-11-13 13:53 244 --ah----- C:\sqmnoopt06.sqm

2008-11-13 13:45 . 2008-11-13 13:45 268 --ah----- C:\sqmdata05.sqm

2008-11-13 13:45 . 2008-11-13 13:45 244 --ah----- C:\sqmnoopt05.sqm

2008-11-13 13:11 . 2008-11-13 13:11 268 --ah----- C:\sqmdata04.sqm

2008-11-13 13:11 . 2008-11-13 13:11 244 --ah----- C:\sqmnoopt04.sqm

2008-11-13 13:09 . 2008-11-13 13:09 268 --ah----- C:\sqmdata03.sqm

2008-11-13 13:09 . 2008-11-13 13:09 244 --ah----- C:\sqmnoopt03.sqm

2008-11-13 11:45 . 2008-11-13 11:45 303 --a------ c:\windows\ST6UNST.000

2008-11-13 11:37 . 2008-11-13 11:37 <DIR> d-------- c:\documents and settings\Windows XP\WINDOWS

2008-11-13 11:12 . 2008-11-13 11:12 268 --ah----- C:\sqmdata02.sqm

2008-11-13 11:12 . 2008-11-13 11:12 244 --ah----- C:\sqmnoopt02.sqm

2008-11-13 11:10 . 2008-11-13 11:11 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-11-13 11:09 . 2008-05-15 10:51 10,294 --a------ c:\windows\system32\oemlogo.bmp

2008-11-13 11:09 . 2008-05-26 18:54 310 --a------ c:\windows\system32\oeminfo.ini

2008-11-13 11:03 . 2008-11-19 20:22 <DIR> d-------- c:\arquivos de programas\INTELBRAS

2008-11-13 10:55 . 2008-11-13 10:55 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\CyberLink

2008-11-13 10:53 . 2008-11-13 10:53 268 --ah----- C:\sqmdata01.sqm

2008-11-13 10:53 . 2008-11-13 10:53 244 --ah----- C:\sqmnoopt01.sqm

2008-11-13 09:20 . 2008-11-13 09:20 268 --ah----- C:\sqmdata00.sqm

2008-11-13 09:20 . 2008-11-13 09:20 244 --ah----- C:\sqmnoopt00.sqm

2008-11-13 09:15 . 2008-11-13 09:15 <DIR> d-------- c:\arquivos de programas\Windows Media Connect 2

2008-11-13 09:15 . 2004-08-04 00:45 221,184 --a------ c:\windows\system32\wmpns.dll

2008-11-13 09:14 . 2008-11-13 09:14 <DIR> d-------- c:\windows\system32\LogFiles

2008-11-13 09:14 . 2008-11-26 17:15 <DIR> d-------- c:\windows\system32\drivers\UMDF

2008-11-13 09:13 . 2008-11-13 09:13 <DIR> d-------- c:\arquivos de programas\Sun

2008-11-13 09:11 . 2008-11-13 09:11 <DIR> d-------- c:\arquivos de programas\Java

2008-11-13 09:11 . 2008-11-13 09:11 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Java

2008-11-13 09:11 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-13 09:04 . 2008-11-13 09:04 <DIR> d----c--- c:\windows\system32\DRVSTORE

2008-11-13 09:03 . 2008-11-19 21:21 <DIR> d-------- c:\arquivos de programas\MSN Messenger

2008-11-13 08:56 . 2004-03-22 14:17 24,816 --a------ c:\windows\system32\mdimon.dll

2008-11-13 08:56 . 2008-11-13 08:56 421 --a------ c:\windows\ODBC.INI

2008-11-13 08:55 . 2008-11-13 08:55 <DIR> d-------- c:\arquivos de programas\Microsoft.NET

2008-11-13 08:54 . 2008-11-13 08:55 <DIR> d-------- c:\windows\SHELLNEW

2008-11-13 08:53 . 2008-11-13 08:53 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-13 08:50 . 2008-11-13 08:50 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2008-11-13 08:50 . 2008-11-13 08:50 <DIR> d-------- c:\arquivos de programas\CyberLink

2008-11-13 08:50 . 2004-03-02 16:37 125,184 --------- c:\windows\system32\drivers\imagesrv.sys

2008-11-13 08:50 . 2004-03-02 16:37 5,504 --------- c:\windows\system32\drivers\imagedrv.sys

2008-11-13 08:49 . 2008-11-13 08:49 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Ahead

2008-11-13 08:49 . 2008-11-13 08:49 <DIR> d-------- c:\arquivos de programas\Ahead

2008-11-13 08:49 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2008-11-13 08:49 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2008-11-13 08:49 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2008-11-13 08:49 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2008-11-13 08:49 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2008-11-13 08:49 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2008-11-13 07:45 . 2008-12-08 20:24 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-11-13 07:45 . 2008-11-13 09:18 <DIR> d-------- c:\documents and settings\Windows XP\Dados de aplicativos\AVGTOOLBAR

2008-11-13 07:45 . 2008-12-08 20:51 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2008-11-13 07:45 . 2008-11-13 07:45 <DIR> d-------- c:\arquivos de programas\AVG

2008-11-13 07:45 . 2008-11-15 13:21 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-11-13 07:45 . 2008-11-13 07:45 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys

2008-11-13 07:45 . 2008-11-13 07:45 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-11-13 07:37 . 2004-08-03 22:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2008-11-13 07:34 . 2008-11-13 07:34 <DIR> d-------- c:\windows\system32\Lang

2008-11-13 07:34 . 2008-11-13 07:34 940,794 --a------ c:\windows\system32\LoopyMusic.wav

2008-11-13 07:34 . 2008-11-13 07:34 146,650 --a------ c:\windows\system32\BuzzingBee.wav

2008-11-13 07:31 . 2006-08-01 04:02 49,152 -r------- c:\windows\system32\ChCfg.exe

2008-11-13 07:31 . 2004-08-03 22:07 6,400 --a------ c:\windows\system32\drivers\splitter.sys

2008-11-13 07:31 . 2004-08-03 22:07 6,400 --a--c--- c:\windows\system32\dllcache\splitter.sys

2008-11-13 07:29 . 2008-11-13 07:29 <DIR> d-------- c:\arquivos de programas\Realtek

2008-11-13 07:29 . 2008-11-19 20:36 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2008-11-13 07:29 . 2008-11-20 23:03 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2008-11-13 07:29 . 2006-05-04 05:26 2,808,832 -r------- c:\windows\alcwzrd.exe

2008-11-13 07:29 . 2007-01-12 05:54 520,192 -r------- c:\windows\RtlExUpd.dll

2008-11-13 07:29 . 2008-11-13 07:29 315,392 --a------ c:\windows\HideWin.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-12 20:09 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-11-12 20:04 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-11-12 20:04 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-16 17:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 17:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 17:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 17:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 17:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 17:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 17:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 17:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"sbfc"="c:\windows\System32\sbfc.exe" [2008-08-22 428544]

"abfc"="c:\arquivos de programas\blok free 3\blkfc.exe" [2008-08-22 1101312]

"ares"="c:\arquivos de programas\Ares\Ares.exe" [2007-11-23 962560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-30 7634944]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-30 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Blok Free 3"="c:\arquivos de programas\Blok Free 3\blkfc.exe" [2008-08-22 1101312]

"sbfc"="c:\windows\system32\sbfc.exe" [2008-08-22 428544]

"nwiz"="nwiz.exe" [2006-10-30 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\Windows XP\Menu Iniciar\Programas\Inicializar\

hamachi.lnk - c:\arquivos de programas\Hamachi\hamachi.exe [2008-11-15 625952]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Assistente Wireless Intelbras WBG901.lnk - c:\arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe [2008-11-19 671744]

WinZip Quick Pick.lnk - c:\arquivos de programas\WinZip\WZQKPICK.EXE [2008-11-13 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-13 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\AVG\AVG8\avgemc.exe [2008-11-13 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2008-11-13 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-13 76040]

R2 ResDVMD;Recurso DVMD;c:\windows\system32\dvmd.exe [2008-08-22 479744]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{202f04c2-b0e3-11dd-9a62-806d6172696f}]

\Shell\AutoRun\command - d:\bin\assetup.exe

 

*Newly Created Service* - PROCEXP90

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FireFox -: Profile - c:\documents and settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.br

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 20:52:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(592)

c:\windows\system32\avgrsstx.dll

 

- - - - - - - > 'lsass.exe'(776)

c:\windows\system32\avgrsstx.dll

.

Tempo para conclusão: 2008-12-08 20:53:12

ComboFix-quarantined-files.txt 2008-12-08 23:53:01

 

Pré-execução: 8 pasta(s) 152.444.882.944 bytes disponíveis

Pós execução: 8 pasta(s) 152,514,224,128 bytes disponíveis

 

233 --- E O F --- 2008-11-24 23:41:01

[DigRam 144]

Bom Dia! Armando Leitão

 

<!> O que ocorre com o PC?

<!> O ComboFix foi baixado e executado,sem nenhuma supervisão,motivando à demora ao seu atendimento.

------------------------

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Armando Leitão 0]

> O que ocorre com o PC?

 

é o seguinte DigRam toda vez que a maquina liga aparece bem vindo ao Windows daí aparece a area de trabalho e os icones, mais percebo algo estranho pois um programa corre rapidamente para dentro no menu iniciar bem rapido, nao dar nem pra ver direto, daí passei o combofix para ver se pegava alguma coisa.. fiz certo passar o combofix?

 

O ComboFix foi baixado e executado,sem nenhuma supervisão,motivando à demora ao seu atendimento.

 

Você tem toda a razão desculpa aí cara.. :natal_happy:

 

 

Aqui estão os logs atualizados que você pediu:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Saturday, December 13, 2008

Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Friday, December 12, 2008 22:12:31

Records in database: 1456099

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

 

Scan statistics:

Files scanned: 32662

Threat name: 1

Infected objects: 4

Suspicious objects: 0

Duration of the scan: 00:45:44

 

 

File name / Threat name / Threats count

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe/C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Arquivos de programas\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Arquivos de programas\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

C:\Arquivos de programas\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

 

The selected area was scanned.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:50:58, on 13/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\system32\sbfc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 5962 bytes

[DigRam 144]

Bom Dia! Armando Leitão

 

<@> Baixe: < RSIT >

<@> Salve-o,diretamente,no Disco Local ( C )!

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

[Armando Leitão 0]

Logfile of random's system information tool 1.04 (written by random/random)

Run by Windows XP at 2008-12-13 13:18:48

Microsoft Windows XP Professional Service Pack 2

System drive C: has 145 GB (95%) free of 153 GB

Total RAM: 895 MB (19% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:19:11, on 13/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\system32\sbfc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\RSIT.exe

C:\Windows XP.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 6069 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2008-11-15 455960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-15 2055960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-15 2055960]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-30 7634944]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-30 86016]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"Blok Free 3"=C:\Arquivos de programas\Blok Free 3\blkfc.exe [2008-08-22 1101312]

"sbfc"=C:\WINDOWS\system32\sbfc.exe [2008-08-22 428544]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"MsnMsgr"=C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

"sbfc"=C:\WINDOWS\System32\sbfc.exe [2008-08-22 428544]

"abfc"=c:\arquivos de programas\blok free 3\blkfc.exe [2008-08-22 1101312]

"ares"=C:\Arquivos de programas\Ares\Ares.exe [2007-11-23 962560]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Assistente Wireless Intelbras WBG901.lnk - C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

WinZip Quick Pick.lnk - C:\Arquivos de programas\WinZip\WZQKPICK.EXE

 

C:\Documents and Settings\Windows XP\Menu Iniciar\Programas\Inicializar

hamachi.lnk - C:\Arquivos de programas\Hamachi\hamachi.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\Hamachi\hamachi.exe"="C:\Arquivos de programas\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Arquivos de programas\Ares\Ares.exe"="C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{202f04c2-b0e3-11dd-9a62-806d6172696f}]

shell\AutoRun\command - D:\Bin\assetup.exe

 

 

======List of files/folders created in the last 1 months======

 

2008-12-13 13:18:48 ----D---- C:\rsit

2008-12-13 13:18:48 ----A---- C:\Windows XP.exe

2008-12-13 13:17:35 ----A---- C:\RSIT.exe

2008-12-13 00:49:53 ----A---- C:\HiJackThis.exe

2008-12-11 03:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-11 03:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-11 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-11 03:00:22 ----A---- C:\WINDOWS\imsins.BAK

2008-12-11 03:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-08 20:53:47 ----SHD---- C:\RECYCLER

2008-12-08 20:49:05 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\zip.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\VFIND.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\SWSC.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\SWREG.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\sed.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\grep.exe

2008-12-08 20:49:04 ----A---- C:\WINDOWS\fdsv.exe

2008-12-08 20:48:56 ----D---- C:\WINDOWS\ERDNT

2008-12-08 20:41:05 ----D---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Malwarebytes

2008-12-08 20:41:01 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-08 20:20:28 ----D---- C:\WINDOWS\pss

2008-11-27 23:47:04 ----D---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Desktopicon

2008-11-27 23:40:35 ----D---- C:\Arquivos de programas\Ares

2008-11-27 23:40:01 ----D---- C:\Arquivos de programas\Xvid

2008-11-27 23:39:53 ----D---- C:\Arquivos de programas\DsNET Corp

2008-11-24 20:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2008-11-21 01:13:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2008-11-20 23:03:40 ----D---- C:\Arquivos de programas\Positivo

2008-11-19 21:23:57 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-19 21:21:55 ----D---- C:\Arquivos de programas\Windows Live

2008-11-19 21:21:55 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2008-11-19 20:51:03 ----D---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Media Player Classic

2008-11-19 20:50:45 ----A---- C:\WINDOWS\system32\unrar.dll

2008-11-19 20:50:45 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2008-11-19 20:50:45 ----A---- C:\WINDOWS\system32\pndx5032.dll

2008-11-19 20:50:45 ----A---- C:\WINDOWS\system32\pndx5016.dll

2008-11-19 20:50:45 ----A---- C:\WINDOWS\system32\pncrt.dll

2008-11-19 20:50:44 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2008-11-19 20:50:43 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2008-11-19 20:50:43 ----A---- C:\WINDOWS\system32\xvidcore.dll

2008-11-19 20:50:43 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2008-11-19 20:50:43 ----A---- C:\WINDOWS\system32\dpl100.dll

2008-11-19 20:50:43 ----A---- C:\WINDOWS\system32\divx.dll

2008-11-19 20:50:42 ----A---- C:\WINDOWS\system32\msvcr71.dll

2008-11-19 20:50:42 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-11-19 20:50:42 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2008-11-19 20:50:41 ----D---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Real

2008-11-19 20:50:41 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Real

2008-11-19 20:50:41 ----D---- C:\Arquivos de programas\K-Lite Codec Pack

2008-11-19 20:37:05 ----A---- C:\WINDOWS\system32\Install7x.dll

2008-11-19 20:37:05 ----A---- C:\WINDOWS\system32\AegisI5.exe

2008-11-18 19:08:49 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-15 11:53:34 ----D---- C:\Arquivos de programas\RealVNC

2008-11-15 11:02:36 ----D---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Hamachi

2008-11-15 11:02:17 ----D---- C:\Arquivos de programas\Hamachi

2008-11-14 21:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-11-14 21:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-11-14 21:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-11-14 21:44:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$

2008-11-14 21:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-11-14 21:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-11-14 21:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-11-14 21:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-11-14 21:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-11-14 21:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-11-14 21:43:54 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2008-11-14 21:43:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-11-14 21:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-14 21:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

2008-11-14 21:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-11-14 21:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2008-11-14 21:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-11-14 21:43:12 ----D---- C:\WINDOWS\ie7updates

2008-11-14 21:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-11-14 21:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-11-14 21:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-14 21:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2008-11-14 21:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$

2008-11-14 13:47:06 ----D---- C:\WINDOWS\system32\CatRoot_bak

2008-11-14 13:05:15 ----D---- C:\WINDOWS\Sun

2008-11-14 12:17:57 ----HD---- C:\$AVG8.VAULT$

2008-11-14 02:30:46 ----D---- C:\WINDOWS\system32\PreInstall

2008-11-14 02:30:45 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

 

======List of files/folders modified in the last 1 months======

 

2008-12-13 13:19:11 ----D---- C:\WINDOWS\Temp

2008-12-13 13:18:31 ----D---- C:\WINDOWS\Prefetch

2008-12-13 10:59:06 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-12-13 10:58:07 ----RD---- C:\Arquivos de programas

2008-12-13 02:08:11 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-13 01:27:13 ----D---- C:\WINDOWS

2008-12-13 00:48:01 ----D---- C:\WINDOWS\system32\drivers

2008-12-11 07:32:42 ----D---- C:\WINDOWS\system32

2008-12-11 03:30:26 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-11 03:30:26 ----HD---- C:\WINDOWS\inf

2008-12-11 03:30:17 ----D---- C:\Arquivos de programas\Internet Explorer

2008-12-11 03:30:07 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-11 02:28:18 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-08 21:27:16 ----D---- C:\WINDOWS\Debug

2008-12-08 20:52:37 ----A---- C:\WINDOWS\system.ini

2008-12-08 20:51:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-12-08 20:51:13 ----D---- C:\WINDOWS\AppPatch

2008-12-08 20:51:13 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-12-08 20:36:08 ----SH---- C:\boot.ini

2008-12-08 20:36:08 ----A---- C:\WINDOWS\win.ini

2008-12-02 23:17:42 ----SD---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Microsoft

2008-11-27 23:46:48 ----SHD---- C:\WINDOWS\Installer

2008-11-26 17:15:22 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-11-22 14:56:34 ----RSD---- C:\WINDOWS\Fonts

2008-11-22 14:20:57 ----D---- C:\WINDOWS\system32\config

2008-11-22 14:20:47 ----D---- C:\WINDOWS\system32\wbem

2008-11-22 14:20:46 ----D---- C:\WINDOWS\Registration

2008-11-22 14:19:46 ----D---- C:\WINDOWS\system32\Restore

2008-11-20 23:03:04 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-11-19 22:14:00 ----D---- C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla

2008-11-19 21:21:55 ----D---- C:\Arquivos de programas\MSN Messenger

2008-11-19 20:36:53 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-11-19 20:22:37 ----D---- C:\Arquivos de programas\INTELBRAS

2008-11-18 17:02:35 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-15 10:21:54 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-14 21:44:38 ----D---- C:\WINDOWS\system32\pt-br

2008-11-14 21:43:09 ----D---- C:\WINDOWS\WinSxS

2008-11-14 01:41:39 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-15 97928]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-13 26824]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-19 20747]

R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-13 76040]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-15 25280]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-09 4449280]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-11 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-30 3964256]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-20 19968]

R3 RT73;INTELBRAS WBG901 Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-20 46080]

S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536]

S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]

S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-11-15 875288]

R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-11-15 231704]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-30 155715]

R2 ResDVMD;Recurso DVMD; C:\WINDOWS\system32\dvmd.exe [2008-08-22 479744]

R2 WinVNC4;VNC Server Version 4; C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 AresChatServer;Ares Chatroom server; C:\Arquivos de programas\Ares\chatServer.exe [2007-03-19 263168]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.04 2008-12-13 13:19:13

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

Ares 2.0.9-->"C:\Arquivos de programas\Ares\uninstall.exe"

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Assistente Wireless Intelbras WBG901-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1B40A306-A683-4A9D-9EDC-FA2F5FECE263}\setup.exe" -l0x416 -removeonly

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

aTube Catcher 1.0-->"C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\unins000.exe"

AVG Free 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

Blok Free 3-->C:\Arquivos de programas\Blok Free 3\dblkfc.exe

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Hamachi 1.0.3.0-->C:\Arquivos de programas\Hamachi\uninstall.exe

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Mega Codec Pack 3.7.5-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.4)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

Nero 6 Ultra Edition-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Novo Dicionário Aurélio-->MsiExec.exe /X{498B4BF1-AD73-4AA8-99EB-18D400E42482}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI

OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x416 -removeonly

VNC Free Edition 4.1.2-->"C:\Arquivos de programas\RealVNC\VNC4\unins000.exe"

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

WinZip-->"C:\Arquivos de programas\WinZip\WINZIP32.EXE" /uninstall

Xvid 1.1.3 final uninstall-->"C:\Arquivos de programas\Xvid\unins000.exe"

 

======Security center information======

 

AV: AVG Anti-Virus Free

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 127 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=7f01

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[DigRam 144]

Boa Noite! Armando Leitão

 

<@> Baixe: < a-squared Free 3.5 >

 

Link Opcional: < >

 

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: Analisar agora

<@> Escolha a opção: A fundo

<@> Clique em Analisar!

<@> Terminando,envie os ítens encontrados para a quarentena.

<@> Aonde,daí,serão excluídos ou restaurados.

<@> Salve o relatório,desta verificação,e poste na sua resposta.

 

Abraços!

[Armando Leitão 0]

a-squared Free - Versão 3.5

Última atualização 15/12/2008 00:11:07

 

Configurações da análise:

 

Objetos: Memória, Rastros, Cookies, C:\

Análise de arquivos: Ligado

Heurística: Ligado

Análise de ADS: Ligado

 

Início da análise: 15/12/2008 00:19:13

 

[1692] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[664] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[848] C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[848] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[1776] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[2568] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[3196] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[3204] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[3264] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[3336] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[3580] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[3956] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[660] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[2624] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

[2164] C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

c:\arquivos de programas\ares detectado: Trace.Directory.Ares!A2

c:\arquivos de programas\ares\data detectado: Trace.Directory.Ares!A2

c:\arquivos de programas\ares\data\gui detectado: Trace.Directory.Ares!A2

c:\arquivos de programas\ares\data\gui\general detectado: Trace.Directory.Ares!A2

c:\arquivos de programas\ares\data\gui\osthemes detectado: Trace.Directory.Ares!A2

c:\arquivos de programas\ares\lang detectado: Trace.Directory.Ares!A2

c:\documents and settings\windows xp\menu iniciar\programas\ares detectado: Trace.Directory.Ares!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc detectado: Trace.Directory.VNC!A2

c:\arquivos de programas\realvnc detectado: Trace.Directory.VNC!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (service-mode) detectado: Trace.Directory.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (user-mode) detectado: Trace.Directory.VNCServer!A2

c:\arquivos de programas\realvnc\vnc4 detectado: Trace.Directory.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc viewer 4 detectado: Trace.Directory.VNCViewer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc viewer 4\run listening vnc viewer.lnk detectado: Trace.File.VNC!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc viewer 4\run vnc viewer.lnk detectado: Trace.File.VNC!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (service-mode)\configure vnc service.lnk detectado: Trace.File.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (service-mode)\register vnc service.lnk detectado: Trace.File.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (service-mode)\start vnc service.lnk detectado: Trace.File.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (service-mode)\stop vnc service.lnk detectado: Trace.File.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (service-mode)\unregister vnc service.lnk detectado: Trace.File.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (user-mode)\configure user-mode settings.lnk detectado: Trace.File.VNCServer!A2

c:\documents and settings\all users\menu iniciar\programas\realvnc\vnc server 4 (user-mode)\run vnc server.lnk detectado: Trace.File.VNCServer!A2

c:\arquivos de programas\realvnc\vnc4\logmessages.dll detectado: Trace.File.VNCServer!A2

c:\arquivos de programas\realvnc\vnc4\unins000.exe detectado: Trace.File.VNCServer!A2

c:\arquivos de programas\realvnc\vnc4\vncviewer.exe detectado: Trace.File.VNCServer!A2

c:\arquivos de programas\realvnc\vnc4\wm_hooks.dll detectado: Trace.File.VNCServer!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> DisplayIcon detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> DisplayName detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> DisplayVersion detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> HelpLink detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: App Path detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Deselected Components detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Deselected Tasks detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Icon Group detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Selected Components detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Selected Tasks detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Setup Type detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: Setup Version detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Inno Setup: User detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> InstallLocation detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> NoModify detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> NoRepair detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> Publisher detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> QuietUninstallString detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> UninstallString detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> URLInfoAbout detectado: Trace.Registry.RealVNC 4.1.2!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealVNC_is1 --> URLUpdateInfo detectado: Trace.Registry.RealVNC 4.1.2!A2

Key: HKEY_CLASSES_ROOT\.vnc detectado: Trace.Registry.VNC.CommonComponents

Key: HKEY_CLASSES_ROOT\vnc.connectioninfo detectado: Trace.Registry.VNC.CommonComponents

Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1 detectado: Trace.Registry.VNC

Key: HKEY_LOCAL_MACHINE\software\realvnc detectado: Trace.Registry.VNC

Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4 detectado: Trace.Registry.VNC

Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4 detectado: Trace.Registry.VNC

Key: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 detectado: Trace.Registry.VNCServer

Key: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\software\realvnc\vncviewer4 detectado: Trace.Registry.VNCViewer!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon --> Shell detectado: Trace.Registry.XLGuarder!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4 --> Password detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4 --> DisplayName detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4 --> ErrorControl detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4 --> ImagePath detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4 --> ObjectName detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4 --> Start detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4 --> Type detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4\Enum --> 0 detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4\Enum --> Count detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4\Enum --> NextInstance detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4\Security --> Security detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 --> DisplayName detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 --> ErrorControl detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 --> ImagePath detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 --> ObjectName detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 --> Start detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4 --> Type detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum --> 0 detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum --> Count detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Enum --> NextInstance detectado: Trace.Registry.RealVNC 4.4!A2

Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinVNC4\Security --> Security detectado: Trace.Registry.RealVNC 4.4!A2

c:\documents and settings\windows xp\desktop\ares.lnk detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\ares.exe detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\asyncex.ax detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\blocked.txt.sample detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\blocked_keywords.txt.sample detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\chanlistfilter.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\chatconf.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\chatlang.txt.sample detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\buttonsbitmap.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\chat.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\emotic.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\libbig.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\logo.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\mimesmall.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\mshareset.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\prefs.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\searchpnl.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\searchstars.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\tabssmall.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\gui\general\transfer.bmp detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\homepage.url detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\data\p2pfilter.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\arabic.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\czech.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\dutch.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\french.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\german.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\italian.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\japanese.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\polish.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\slovak.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\spanish.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\swedish.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\lang\turkish.txt detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\libfaad2.dll detectado: Trace.File.Ares!A2

c:\arquivos de programas\ares\mp3source.ax detectado: Trace.File.Ares!A2

c:\documents and settings\windows xp\menu iniciar\programas\ares\ares.lnk detectado: Trace.File.Ares!A2

c:\documents and settings\windows xp\menu iniciar\programas\ares\homepage.lnk detectado: Trace.File.Ares!A2

Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol detectado: Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol detectado: Trace.Registry.Ares Galaxy P2P Plus!A2

Value: HKEY_CLASSES_ROOT\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\bounds --> Main.Maximized detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Columns\Transfers --> Download detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Columns\Transfers --> Queue detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Columns\Transfers --> Upload detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Data --> AresNet1 detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Data --> JI.AresNet1 detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Positions\Transfers --> Download detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Positions\Transfers --> Queue detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares\Positions\Transfers --> Upload detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> General.Language detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> General.LastLibraryMode detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> General.MSNSongNotif detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> GUI.LastChatRoomBrowse detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> GUI.LastLibrary detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> GUI.LastPMBrowse detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> GUI.LastSearch detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Hashing.Priority detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Network.DHTID detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Personal.GUID detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Playlist.PreviousASXApp detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Playlist.PreviousM3UApp detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Playlist.PreviousWAXApp detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> PrivateMessage.AwayMessage detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.CAvgTime detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.CDnSpeed detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.CFRTime detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.CTtUptime detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.CUpSpeed detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.HasLQCa detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.LstCaQuery detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Stats.LstCaQueryInt detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\Software\Ares --> Transfer.ServerPort detectado: Trace.Registry.Ares!A2

Value: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\software\microsoft\windows\currentversion\run --> ares detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout detectado: Trace.Registry.Ares!A2

Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo detectado: Trace.Registry.Ares!A2

Key: HKEY_USERS\S-1-5-21-725345543-682003330-1860740044-1003\software\kazaa detectado: Trace.Registry.KaZaA!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@2o7[1].txt detectado: Trace.TrackingCookie.2o7!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@atdmt[3].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@bs.serving-sys[1].txt detectado: Trace.TrackingCookie.bs.serving-sys!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@doubleclick[2].txt detectado: Trace.TrackingCookie.doubleclick!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@google.com[1].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@google.com[3].txt detectado: Trace.TrackingCookie.google.com!A2

C:\Documents and Settings\Windows XP\Cookies\windows_xp@serving-sys[2].txt detectado: Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1227143643203548 detectado: Trace.TrackingCookie.searchco!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1227230413500000 detectado: Trace.TrackingCookie.count!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1227827314132310 detectado: Trace.TrackingCookie.com!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1228526464234385 detectado: Trace.TrackingCookie.searchco!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1228758512640625 detectado: Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1228783055078125 detectado: Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1229118106078125 detectado: Trace.TrackingCookie.webtrends!A2

C:\Documents and Settings\Windows XP\Dados de aplicativos\Mozilla\Firefox\Profiles\hapcrg01.default\cookies.sqlite:1229210560734378 detectado: Trace.TrackingCookie.pop!A2

C:\Arquivos de programas\RealVNC\VNC4\vncviewer.exe detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

C:\Arquivos de programas\RealVNC\VNC4\wm_hooks.dll detectado: Riskware.RemoteAdmin.Win32.WinVNC.4!A2

 

Analisado

 

Arquivos: 73225

Objetos: 549452

Cookies: 971

Processos: 39

 

Encontrado

 

Arquivos: 2

Objetos: 159

Cookies: 16

Processos: 15

Chaves do registro: 0

 

Fim da análise: 15/12/2008 01:07:30

Duração da análise: 0:48:17

[DigRam 144]

Bom Dia! Armando Leitão

 

<!> Boa parte dos arquivos detectados,são falsos positivos.

<!> Se estiverem quarantinados,poderão ser restaurados.

<!> Como está o computador? :natal_smile:

 

Abraços!

[Armando Leitão 0]

Bom Dia! Armando Leitão

 

<!> Boa parte dos arquivos detectados,são falsos positivos.

<!> Se estiverem quarantinados,poderão ser restaurados.

<!> Como está o computador? :natal_smile:

 

Abraços!

 

 

Está Otimo... :natal_wink:

 

 

Mais que tipo de infecção era?

[DigRam 144]

Bom Dia! Armando Leitão

 

<!> Boa parte dos arquivos detectados,são falsos positivos.

<!> Se estiverem quarantinados,poderão ser restaurados.

<!> Como está o computador? :natal_smile:

 

Abraços!

 

 

Está Otimo... :natal_wink:

 

 

Mais que tipo de infecção era?

----------------------------

Bom Dia! Armando Leitão

 

<!> Miscelâneas de objetos spywares e,outros ainda sem uma classificação mais específica.

----------------------------

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo de backup.

<@> Na janela que aparecer,clique em: Corrigir todos os erros selecionados

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

-----------------------------

<!> O log está limpo! :natal_wink:

<!> Bom trabalho!

 

Abraços!

[Armando Leitão 0]

Todos os procedimentos foram feios mais por vias das duvidas está aqui um log feio ontem a noite..

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:26:15, on 22/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\system32\sbfc.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Hamachi\hamachi.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jucheck.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

C:\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: hamachi.lnk = C:\Arquivos de programas\Hamachi\hamachi.exe

O4 - Global Startup: Assistente Wireless Intelbras WBG901.lnk = C:\Arquivos de programas\INTELBRAS\WBG901\Installer\WINXP\WBG901.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe

 

--

End of file - 6892 bytes

[DigRam 144]

Bom Dia! Armando Leitão

 

<@> Este relatório,também,está limpo! :natal_smile:

 

Abraços!

[Armando Leitão 0]

Bom Dia! Armando Leitão

 

<@> Este relatório,também,está limpo! :natal_smile:

 

Abraços!

 

 

Pode colocar como Resolvido..

 

 

Valeu DigRam.. :natal_wink:

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.