[Arquivado] internet explorer travando

[marcio campos 0]

Bom dia

 

 

 

Meu internet explorer a uns dias vem travando derrepente e aparece a seguinte mensagem : O aplicativo ou a dll:\windows\system23\digete.dll não é uma imagem válida para o windows

 

Ja usei o avg e o spybot search e distroy e o problema continua

 

abaixo o log do hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:51, on 4/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\My Lockbox\flockbox.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\yct.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\ffmpeg.dll

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: rosqxvmn - {148BDBE0-051C-4B70-84B3-889274D33E60} - C:\WINDOWS\rosqxvmn.dll (file missing)

O4 - HKLM\..\Run: [flockbox] C:\Arquivos de programas\My Lockbox\flockbox.exe /a

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B9FABB-9DAA-4F57-A5AD-BBD9F717530D}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: aaCEF - astim.dll (file missing)

O20 - Winlogon Notify: amber - cdromxis.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/usuario/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 5225 bytes

 

 

 

desde ja grato pela atençao

[DigRam 144]

Boa Tarde! marcio campos

 

<@> Baixe: < ComboFix.exe > ( ...by sUBs )

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

-----------------------------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[marcio campos 0]

abaixo log do hijackthis e do combofix

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:16:12, on 6/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\My Lockbox\flockbox.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [flockbox] C:\Arquivos de programas\My Lockbox\flockbox.exe /a

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B9FABB-9DAA-4F57-A5AD-BBD9F717530D}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/usuario/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 4052 bytes

 

 

ComboFix 09-02-05.02 - usuario 2009-02-06 12:05:33.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.503.292 [GMT -2:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$vault$.avg\_desktop.ini

C:\_desktop.ini

c:\ccvv\_desktop.ini

c:\ccvv\CVDADOS\_desktop.ini

c:\ccvv\CVP\_desktop.ini

c:\ccvv\CVPORTA\_desktop.ini

c:\ccvv\CVUTIL\_desktop.ini

c:\ccvv\QM\_desktop.ini

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Documentos\_desktop.ini

c:\documents and settings\All Users\Documentos\Meus vídeos\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas imagens\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas imagens\Amostras de imagens\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas músicas\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas músicas\Amostra de música\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas músicas\My Playlists\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas músicas\Sample Playlists\_desktop.ini

c:\documents and settings\All Users\Documentos\Minhas músicas\Sample Playlists\000F407A\_desktop.ini

c:\documents and settings\All Users\Documentos\Recorded Audio\_desktop.ini

c:\documents and settings\All Users\Documentos\Recorded TV\_desktop.ini

c:\documents and settings\usuario\Dados de aplicativos\Adobe\crc.dat

c:\documents and settings\usuario\Dados de aplicativos\Adobe\Player.exe.bak

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\'04_07_26_01\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\'04_07_26_01\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\'04_07_26_01\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\'04_07_26_01\DCIM\101MSDCF\meninas\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\AMIGOS\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\beach park\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\brava e rio barra\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\brava e rio barra\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\brava e rio barra\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\brava e rio barra\DCIM\102MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CACHORROS\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CEARA 2\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CEARA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CEARA\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CEARA\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CHURRAS E CAIQUE\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CHURRAS E CAIQUE\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CHURRAS E CAIQUE\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\churras em casa\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\churras em casa\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\churras em casa\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CHURRASCO EM CASA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CHURRASCO EM CASA\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\CHURRASCO EM CASA\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FAMILIA DO ALEMAO 2\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\familia do alemao\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FAMILIA SAMANTHA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FAMILIA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FAMILIA\FAMILIA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FAMILIA\FAMILIA\CASA DA MÃE\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FAMILIA\FAMILIA\FAMILIA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FANTASY COM A FAMILIA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FANTASY COM A FAMILIA\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FANTASY COM A FAMILIA\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FANTASY\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FANTASY\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FANTASY\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FORTALEZA RESORT E\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FORTALEZA RESORT E\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\FORTALEZA RESORT E\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\fortaleza\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\fortaleza\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\fortaleza\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\LOJA BRAVA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\m*****\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\nina\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\alemão e samantha\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\alemão\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\casa da familia da samantha\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\familia samantha\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\filmagens\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\meninas da brava\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\nina\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\organizado\DCIM\101MSDCF\samantha\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\passar email\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\RAFTING JUQUITIBA\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\rio ale sa jenni china\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\rio ale sa jenni china\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\rio ale sa jenni china\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\rio carnaval 2004\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\SALÃO DO AUTOMOVEL\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\SALAO DO AUTOMOVEL\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\SALAO DO AUTOMOVEL\DCIM\_desktop.ini

c:\documents and settings\usuario\Meus documentos\Fotos ALEMAO\SALAO DO AUTOMOVEL\DCIM\101MSDCF\_desktop.ini

c:\documents and settings\usuario\Meus documentos\llllllçççç\_desktop.ini

c:\dts\_desktop.ini

c:\dts\WDIC\_desktop.ini

c:\idapi\_desktop.ini

c:\idapi\LANGDRV\_desktop.ini

c:\intelbras\_desktop.ini

c:\intelbras\Digital\_desktop.ini

c:\intelbras\Digital\Intelbras\_desktop.ini

c:\intelbras\Digital\Intelbras\Digital\_desktop.ini

c:\intelbras\Intelbras\_desktop.ini

c:\intelbras\Intelbras\Digital\_desktop.ini

c:\msjvm\_desktop.ini

c:\netwin25\_desktop.ini

c:\netwin25\arqcdx\_desktop.ini

c:\netwin25\consul\_desktop.ini

c:\netwin25\dadcom\_desktop.ini

c:\netwin25\DADOS\_desktop.ini

c:\netwin25\fotenvia\_desktop.ini

c:\netwin25\FOTOS\_desktop.ini

c:\netwin25\FOTOS\p\_desktop.ini

c:\netwin25\fotpeq\_desktop.ini

c:\netwin25\FOTVEI\_desktop.ini

c:\netwin25\gerencia\_desktop.ini

c:\netwin25\gerencia\segura\_desktop.ini

c:\netwin25\Progra\_desktop.ini

c:\netwin25\propri\_desktop.ini

c:\netwin25\QM95\_desktop.ini

c:\netwin25\USERS1\_desktop.ini

c:\recycler\_desktop.ini

c:\remoraw\_desktop.ini

c:\remoraw\BILHETES\_desktop.ini

c:\remoraw\DADOS\_desktop.ini

c:\remoraw\INDICES\_desktop.ini

c:\remoraw\INTEGRA\_desktop.ini

c:\remoraw\LIXEIRA\_desktop.ini

c:\remoraw\REMORA\_desktop.ini

c:\remoraw\TEMP\_desktop.ini

c:\windows\esmf.exe

c:\windows\IE4 Error Log.txt

c:\windows\system32\AutoRun.inf

c:\windows\system32\digeste.dll

c:\windows\system32\ftpd.dll

c:\windows\wiaserviv.log

 

----- BITS: Sites possivelmente infetados -----

 

hxxp://78.157.143.198

hxxp://---otube30.net

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))

.

 

2009-02-04 11:51 . 2009-02-06 10:54 <DIR> d-------- C:\hijackthis

2009-02-03 12:32 . 2009-02-03 12:32 <DIR> d-------- c:\arquivos de programas\Panda Security

2009-02-03 12:32 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-01-25 12:57 . 2009-01-25 12:56 896,481 --a------ c:\windows\Michelle Costa.scr

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 13:58 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\avg7

2009-02-06 13:57 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\AVG7

2009-02-05 15:02 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-29 01:09 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\skypePM

2009-01-29 01:09 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\Skype

2009-01-02 16:21 --------- d-----w c:\arquivos de programas\eMule

2008-12-30 11:13 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\Media Player Classic

2008-12-24 18:34 --------- d-----w c:\arquivos de programas\XP Codec Pack

2008-12-14 05:01 --------- d-----w c:\arquivos de programas\My Lockbox

2008-11-29 20:26 991,232 ----a-w c:\windows\system32\VSFilter.dll

2007-12-14 11:44 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2008-10-22 20:43 945,664 --sh--w c:\windows\system32\dllhostc.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"flockbox"="c:\arquivos de programas\My Lockbox\flockbox.exe" [2007-12-14 1071472]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 159744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Tarefas do Rêmora.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Tarefas do Rêmora.lnk

backup=c:\windows\pss\Tarefas do Rêmora.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^win.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\win.exe

backup=c:\windows\pss\win.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winsys32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\winsys32.exe

backup=c:\windows\pss\winsys32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

--a------ 2009-01-04 14:41 2356088 c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBBIEP]

--a------ 2008-09-30 12:37 876544 c:\arquivos de programas\Apostilas Objetiva\Investigador e Escrivao PC SP - 2008\ccb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-09-20 10:36 114688 c:\windows\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-09-20 10:35 94208 c:\windows\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

--a------ 2007-10-09 12:02 208946 c:\arquivos de programas\IncrediMail\bin\IncMail.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2007-01-29 20:22 638976 c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 c:\arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 09:11 1388544 c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 c:\arquiv~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Twain"=c:\arquivos de programas\Twain\Twain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"runner1"=c:\windows\faceback.exe 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD3257

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-12-14 17264]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-03 28544]

S2 nrlzyr;nrlzyr;\??\c:\windows\system32\drivers\swojkzmjzemvfr.sys --> c:\windows\system32\drivers\swojkzmjzemvfr.sys [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81914eba-de36-11dc-84ea-001731638dd4}]

\Shell\Auto\command - boot.pif

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.pif

.

- - - - ORFÃOS REMOVIDOS - - - -

 

Notify- aaCEF - astim.dll

Notify- amber - cdromxis.dll

MSConfigStartUp-AVG7_CC - c:\arquiv~1\Grisoft\AVG7\avgcc.exe

MSConfigStartUp-Winexec32 - c:\windows\system\win.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {A9B9FABB-9DAA-4F57-A5AD-BBD9F717530D} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 12:07:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-299502267-1637723038-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Tempo para conclusão: 2009-02-06 12:08:46

ComboFix-quarantined-files.txt 2009-02-06 14:08:44

 

Pré-execução: 17 pasta(s) 24,553,492,480 bytes disponíveis

Pós execução: 17 pasta(s) 25,253,924,864 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

 

278

[DigRam 144]

Boa Tarde! marcio campos

 

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\win.exe

c:\windows\system32\dllhostc.exe

c:\arquivos de programas\Twain\Twain.exe

c:\windows\faceback.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81914eba-de36-11dc-84ea-001731638dd4}]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^win.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Twain"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"runner1"=-

Driver::

"nrlzyr"

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[marcio campos 0]

log hijackthis e combofix

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:12:00, on 6/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\My Lockbox\flockbox.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\AVG\AVG8\aAvgApi.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [flockbox] C:\Arquivos de programas\My Lockbox\flockbox.exe /a

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B9FABB-9DAA-4F57-A5AD-BBD9F717530D}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/usuario/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 4777 bytes

 

ComboFix 09-02-05.02 - usuario 2009-02-06 20:07:17.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.503.209 [GMT -2:00]

Executando de: c:\documents and settings\usuario\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\usuario\Desktop\CFScript.txt.txt

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-06 to 2009-02-06 ))))))))))))))))))))))))))))

.

 

2009-02-06 13:00 . 2009-02-06 13:02 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-06 13:00 . 2009-02-06 13:19 <DIR> d-------- c:\documents and settings\usuario\Dados de aplicativos\AVGTOOLBAR

2009-02-06 13:00 . 2009-02-06 13:00 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\avg8

2009-02-06 13:00 . 2009-02-06 13:00 <DIR> d-------- c:\arquivos de programas\AVG

2009-02-06 13:00 . 2009-02-06 13:00 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-06 13:00 . 2009-02-06 13:00 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-06 13:00 . 2009-02-06 13:00 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-02-06 13:00 . 2009-02-06 13:00 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-04 11:51 . 2009-02-06 12:16 <DIR> d-------- C:\hijackthis

2009-02-03 12:32 . 2009-02-03 12:32 <DIR> d-------- c:\arquivos de programas\Panda Security

2009-02-03 12:32 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-01-25 12:57 . 2009-01-25 12:56 896,481 --a------ c:\windows\Michelle Costa.scr

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-05 15:02 --------- d---a-w c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-01-29 01:09 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\skypePM

2009-01-29 01:09 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\Skype

2009-01-02 16:21 --------- d-----w c:\arquivos de programas\eMule

2008-12-30 11:13 --------- d-----w c:\documents and settings\usuario\Dados de aplicativos\Media Player Classic

2008-12-24 18:34 --------- d-----w c:\arquivos de programas\XP Codec Pack

2008-12-14 05:01 --------- d-----w c:\arquivos de programas\My Lockbox

2008-11-29 20:26 991,232 ----a-w c:\windows\system32\VSFilter.dll

2007-12-14 11:44 32 ----a-w c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2008-10-22 20:43 945,664 --sh--w c:\windows\system32\dllhostc.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-02-06_12.07.49.95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-06 15:00:27 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2006-12-02 00:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-02 00:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-02 00:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 00:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 02:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 02:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 02:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 02:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-02 02:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-02 02:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-02 02:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-02 02:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-02 02:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-02 02:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-02 02:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"flockbox"="c:\arquivos de programas\My Lockbox\flockbox.exe" [2007-12-14 1071472]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-06 13:00 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Tarefas do Rêmora.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Tarefas do Rêmora.lnk

backup=c:\windows\pss\Tarefas do Rêmora.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^win.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\win.exe

backup=c:\windows\pss\win.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winsys32.exe]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\winsys32.exe

backup=c:\windows\pss\winsys32.exeCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

--a------ 2009-01-04 14:41 2356088 c:\arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBBIEP]

--a------ 2008-09-30 12:37 876544 c:\arquivos de programas\Apostilas Objetiva\Investigador e Escrivao PC SP - 2008\ccb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2005-09-20 10:32 77824 c:\windows\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-09-20 10:36 114688 c:\windows\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-09-20 10:35 94208 c:\windows\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

--a------ 2007-10-09 12:02 208946 c:\arquivos de programas\IncrediMail\bin\IncMail.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2007-01-29 20:22 638976 c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--a------ 2004-09-23 12:41 860160 c:\arquivos de programas\Analog Devices\SoundMAX\SMax4.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 09:11 1388544 c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 17:43 4670704 c:\arquiv~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Twain"=c:\arquivos de programas\Twain\Twain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"runner1"=c:\windows\faceback.exe 61A847B5BBF72813349330466188719AB689201522886B092CBD44BD8689220221DD3257

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Arquivos de programas\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Arquivos de programas\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Megacubo\\bin\\minifly.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-06 12552]

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-12-14 17264]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-03 28544]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-06 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-06 107272]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264]

S2 nrlzyr;nrlzyr;\??\c:\windows\system32\drivers\swojkzmjzemvfr.sys --> c:\windows\system32\drivers\swojkzmjzemvfr.sys [?]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81914eba-de36-11dc-84ea-001731638dd4}]

\Shell\Auto\command - boot.pif

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.pif

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {A9B9FABB-9DAA-4F57-A5AD-BBD9F717530D} = 200.204.0.10 200.204.0.138

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 20:08:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-299502267-1637723038-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Tempo para conclusão: 2009-02-06 20:10:11

ComboFix-quarantined-files.txt 2009-02-06 22:10:09

ComboFix2.txt 2009-02-06 14:08:47

 

Pré-execução: 16 pasta(s) 24.878.125.056 bytes disponíveis

Pós execução: 16 pasta(s) 25,010,671,616 bytes disponíveis

 

172

[DigRam 144]

Boa Noite! marcio campos

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

-----------------------------------

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

nrlzyr

Twain Working Group

:Files

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\win.exe

c:\windows\system32\dllhostc.exe

c:\arquivos de programas\Twain\Twain.exe

c:\arquivos de programas\Twain

c:\windows\faceback.exe

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81914eba-de36-11dc-84ea-001731638dd4}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Twain]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\runner1]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

 

Abraços!

[marcio campos 0]

Ola Digam, bom dia

 

 

Abaixo relatório, espero que seja o que pediu para postar

 

 

Grato pela ajuda

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

Service nrlzyr stopped successfully.

Service nrlzyr deleted successfully.

Unable to stop service Twain Working Group .

========== FILES ==========

File/Folder c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\win.exe not found.

c:\windows\system32\dllhostc.exe moved successfully.

File/Folder c:\arquivos de programas\Twain\Twain.exe not found.

File/Folder c:\arquivos de programas\Twain not found.

File/Folder c:\windows\faceback.exe not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81914eba-de36-11dc-84ea-001731638dd4}\\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\Twain\\ not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\runner1\\ not found.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\40c8981d-210b-4e62-8ecf-f14c68421898.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\eec270d4-9114-4c8b-8330-9e640f8861fb.tmp scheduled to be deleted on reboot.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02072009_093311

 

Files moved on Reboot...

File C:\WINDOWS\temp\40c8981d-210b-4e62-8ecf-f14c68421898.tmp not found!

File C:\WINDOWS\temp\eec270d4-9114-4c8b-8330-9e640f8861fb.tmp not found!

[DigRam 144]

Bom Dia! marcio campos

 

<!> Como está o computador? Houve melhoras,quanto ao problema?

-------------------------------

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( C ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

[marcio campos 0]

Ola Digam

 

 

O computador já não esta apresentando o problema,obrigado.

 

 

 

Abaixo os logs

 

 

log.txt.txt

 

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by usuario at 2009-02-07 12:24:14

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 25 GB (32%) free of 76 GB

Total RAM: 503 MB (26% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:24:39, on 7/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\My Lockbox\flockbox.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\AVG\AVG8\aAvgApi.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\dwwin.exe

C:\RSIT.exe

C:\hijackthis\usuario.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [flockbox] C:\Arquivos de programas\My Lockbox\flockbox.exe /a

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B9FABB-9DAA-4F57-A5AD-BBD9F717530D}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/usuario/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 4848 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-02-06 1078552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-06 1968920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-06 1968920]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"flockbox"=C:\Arquivos de programas\My Lockbox\flockbox.exe [2007-12-14 1071472]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-02-06 1601304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe [2009-01-04 2356088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CBBIEP]

C:\Arquivos de programas\Apostilas Objetiva\Investigador e Escrivao PC SP - 2008\ccb.exe [2008-09-30 876544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]

C:\Arquivos de programas\IncrediMail\bin\IncMail.exe [2007-10-09 208946]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-29 638976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe [2004-09-23 860160]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\ARQUIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Tarefas do Rêmora.lnk]

C:\REMORAW\Wrecebe.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^win.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\win.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^winsys32.exe]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\winsys32.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

C:\ARQUIV~1\WinZip\WZQKPICK.EXE [2006-11-21 389120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-02-06 10520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programa de transferência de arquivos"

"C:\Arquivos de programas\IncrediMail\bin\ImApp.exe"="C:\Arquivos de programas\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Arquivos de programas\IncrediMail\bin\IncMail.exe"="C:\Arquivos de programas\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Arquivos de programas\IncrediMail\bin\ImpCnt.exe"="C:\Arquivos de programas\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe"="C:\Arquivos de programas\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Arquivos de programas\Yahoo!\Messenger\YServer.exe"="C:\Arquivos de programas\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de programas\Megacubo\bin\minifly.exe"="C:\Arquivos de programas\Megacubo\bin\minifly.exe:*:Enabled:MiniFly"

"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\AVG\AVG8\avgam.exe"="C:\Arquivos de programas\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-02-07 12:24:14 ----D---- C:\rsit

2009-02-07 12:23:08 ----A---- C:\RSIT.exe

2009-02-07 09:33:11 ----D---- C:\_OTMoveIt

2009-02-07 09:30:42 ----SHD---- C:\RECYCLER

2009-02-06 20:10:31 ----A---- C:\log 22.txt

2009-02-06 13:00:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-02-06 13:00:19 ----D---- C:\Documents and Settings\usuario\Dados de aplicativos\AVGTOOLBAR

2009-02-06 13:00:05 ----D---- C:\Arquivos de programas\AVG

2009-02-06 13:00:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2009-02-06 12:08:49 ----D---- C:\WINDOWS\temp

2009-02-06 11:48:53 ----D---- C:\WINDOWS\ERDNT

2009-02-04 11:51:16 ----D---- C:\hijackthis

2009-02-03 12:32:38 ----D---- C:\Arquivos de programas\Panda Security

 

======List of files/folders modified in the last 1 months======

 

2009-02-07 12:00:10 ----D---- C:\WINDOWS\Prefetch

2009-02-07 10:34:55 ----D---- C:\WINDOWS

2009-02-07 10:33:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-07 10:32:11 ----HD---- C:\WINDOWS\inf

2009-02-07 10:31:23 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-07 10:31:21 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-07 09:34:39 ----SHD---- C:\System Volume Information

2009-02-07 09:34:39 ----D---- C:\WINDOWS\system32\Restore

2009-02-07 09:33:11 ----D---- C:\WINDOWS\system32

2009-02-06 20:08:53 ----A---- C:\WINDOWS\system.ini

2009-02-06 20:08:13 ----D---- C:\WINDOWS\system32\drivers

2009-02-06 20:08:12 ----D---- C:\WINDOWS\AppPatch

2009-02-06 20:08:12 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-02-06 13:00:05 ----RD---- C:\Arquivos de programas

2009-02-06 13:00:00 ----SHD---- C:\WINDOWS\Installer

2009-02-06 12:59:59 ----D---- C:\WINDOWS\WinSxS

2009-02-06 12:59:59 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-02-06 12:07:09 ----D---- C:\REMORAW

2009-02-06 12:07:07 ----D---- C:\netwin25

2009-02-06 12:07:07 ----D---- C:\MSJVM

2009-02-06 12:07:06 ----D---- C:\Intelbras

2009-02-06 12:07:06 ----D---- C:\IDAPI

2009-02-06 12:07:06 ----D---- C:\DTS

2009-02-06 12:06:57 ----D---- C:\CCVV

2009-02-06 12:06:02 ----D---- C:\Documents and Settings\usuario\Dados de aplicativos\Adobe

2009-02-06 11:59:42 ----SH---- C:\boot.ini

2009-02-06 11:59:42 ----A---- C:\WINDOWS\win.ini

2009-02-06 11:58:21 ----D---- C:\WINDOWS\system

2009-02-05 13:02:01 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-02-05 12:45:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-05 12:44:01 ----A---- C:\WINDOWS\NeroDigital.ini

2009-02-03 13:57:29 ----D---- C:\WINDOWS\pss

2009-02-03 13:57:25 ----D---- C:\Documents and Settings

2009-02-03 12:30:13 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-02 04:07:23 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt

2009-01-28 23:09:07 ----D---- C:\Documents and Settings\usuario\Dados de aplicativos\skypePM

2009-01-28 23:09:00 ----D---- C:\Documents and Settings\usuario\Dados de aplicativos\Skype

2009-01-12 13:24:30 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-06 325128]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-06 27656]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-06 107272]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40192]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-05 127872]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]

R3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2005-03-01 392704]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-01-29 984832]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-04-01 230272]

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]

R2 avg8wd;AVG8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

 

-----------------EOF-----------------

 

 

 

 

 

 

 

info.txt

 

info.txt logfile of random's system information tool 1.05 2009-02-07 12:24:41

 

======Uninstall list======

 

-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.57-->"C:\Arquivos de programas\7-Zip\Uninstall.exe"

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

Apostila Investigador e Escrivão PC SP - 2008 Desinstalar-->"C:\Arquivos de programas\Apostilas Objetiva\Investigador e Escrivao PC SP - 2008\unins000.exe"

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização para Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

aTube Catcher 1.0-->"C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\unins000.exe"

AVG 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

eMule-->"C:\Arquivos de programas\eMule\Uninstall.exe"

HijackThis 2.0.2-->"C:\DOCUME~1\usuario\CONFIG~1\Temp\Diretório temporário 2 para HiJackThis.zip\HijackThis.exe" /uninstall

IncrediMail Xe-->C:\ARQUIV~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log

Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}

Megacubo 4.0.6-->"C:\Arquivos de programas\Megacubo\unins000.exe"

Michelle Costa-->C:\Documents and Settings\usuario\Desktop\Uninstall.exe

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

My Lockbox 1.2 for Windows 2000/XP-->"C:\Arquivos de programas\My Lockbox\unins000.exe"

Nero Suite-->C:\Arquivos de programas\Arquivos comuns\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""

Panda ActiveScan 2.0-->C:\Arquivos de programas\Panda Security\ActiveScan 2.0\as2uninst.exe

ProphecyMaster v1.0-->"C:\Arquivos de programas\Luxand\ProphecyMaster\unins000.exe"

Rêmora 4.22-->C:\REMORAW\unins000.exe

Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416 -removeonly

Spybot - Search & Destroy 1.4-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins001.exe"

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format Runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinZip-->"C:\Arquivos de programas\WinZip\WINZIP32.EXE" /uninstall

XP Codec Pack-->C:\Arquivos de programas\XP Codec Pack\Uninstall.exe

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\ARQUIV~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\ARQUIV~1\Yahoo!\Common\ymmapi.dll

Yahoo! Messenger-->C:\ARQUIV~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\ARQUIV~1\Yahoo!\MESSEN~1\INSTALL.LOG

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: AVG Anti-Virus

 

System event log

 

Computer Name: SAMANTHA

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 53256

Source Name: Service Control Manager

Time Written: 20090128220539.000000-120

Event Type: Informações

User:

 

Computer Name: SAMANTHA

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 53255

Source Name: Service Control Manager

Time Written: 20090128220539.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: SAMANTHA

Event Code: 7036

Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.

 

Record Number: 53254

Source Name: Service Control Manager

Time Written: 20090128220538.000000-120

Event Type: Informações

User:

 

Computer Name: SAMANTHA

Event Code: 7036

Message: O serviço Serviço 'Gateway de camada de aplicativo' entrou no estado executando.

 

Record Number: 53253

Source Name: Service Control Manager

Time Written: 20090128220538.000000-120

Event Type: Informações

User:

 

Computer Name: SAMANTHA

Event Code: 7035

Message: O serviço Serviço 'Gateway de camada de aplicativo' recebeu com êxito um controle Iniciar.

 

Record Number: 53252

Source Name: Service Control Manager

Time Written: 20090128220538.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Application event log

 

Computer Name: SAMANTHA

Event Code: 12001

Message: The Messenger Sharing USN Journal Reader service started successfully.

 

Record Number: 285

Source Name: usnjsvc

Time Written: 20090204092249.000000-120

Event Type:

User:

 

Computer Name: SAMANTHA

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 284

Source Name: SecurityCenter

Time Written: 20090204092212.000000-120

Event Type: Informações

User:

 

Computer Name: SAMANTHA

Event Code: 1

Message:

Record Number: 283

Source Name: AVGEMS

Time Written: 20090204092211.000000-120

Event Type: Informações

User:

 

Computer Name: SAMANTHA

Event Code: 1

Message:

Record Number: 282

Source Name: Avg7UpdSvc

Time Written: 20090204092207.000000-120

Event Type: Informações

User:

 

Computer Name: SAMANTHA

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

 

Record Number: 281

Source Name: SecurityCenter

Time Written: 20090204091814.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=0407

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[DigRam 144]

Boa Tarde! marcio campos

 

<@> Abra o OTMoveIt3.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Reg

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\win.exe]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole esta chave de registro,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Terminando,reinicie o computador!

<@> Abra,novamente,o OTMoveIt3 --> Clique em CleanUp --> Aguarde as remoções das ferramentas.

-------------------------------

<@> Vá em Iniciar --> Executar.

 

<!> Digite ou cole: sysdm.cpl --> Aperte Enter.

 

<@> Clique na aba "Restauração do Sistema" e marque a opção: "Desativar restauração do sistema em todas as unidades".

<@> Clique em Aplicar --> OK.

<@> Á seguir,desmarque a opção! --> Aplicar --> OK.

-------------------------------

<!> O log está limpo! :thumbsup:

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.