[Resolvido!] spyware

[survivorman 0]

ola pessoal é seguinte,rodei spyware no meu sistema ele detectou entrada de spyware no host,mas não consigo remover.

nome da praga : spyware.possible_website_hijack

ao termino do scam com spyware doctor,vou em remover e não remove aparecendo seguinte mensagem;

"algumas ameaças não foram removidas com sucesso"

 

agardo abraço a todos :thumbsup:

 

 

 

meu log:

Logfile of HijackThis v1.99.1

Scan saved at 17:25:15, on 12/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\IDT\262009123820\STacSV.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Spyware Doctor\pctsGui.exe

E:\NFS Carbon\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E96A60-9348-4EA8-AD6A-169EAF28B57F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\262009123820\STacSV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

[DigRam 144]

Bom Dia! survivorman

 

<@> Baixe: < RSIT > ( ...by random/random )

<@> Salve-o,diretamente,no Disco Local ( C ).

<@> Dê um duplo clique em RSIT.exe,para executar a ferramenta.

<@> Na janela que abrir,disclamer,clique em "Continue".

<@> Aguarde a conclusão de "Running HijackThis". <-- Pseudo!

<@> Terminando,abrir-se-à o Bloco de Notas com o relatório: log.txt <-- Relatório para postagem!

<@> Poste,também,na sua resposta: info.txt,que estará em C:\rsit\info.txt <--

 

Abraços!

[survivorman 0]

ola Dig Ram ! segue os logs :)

 

 

INfo :

nfo.txt logfile of random's system information tool 1.05 2009-02-13 12:51:39

 

======Uninstall list======

 

-->C:\ARQUIV~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop 7.0-->C:\WINDOWS\ISUN0416.EXE -f"C:\Arquivos de programas\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Arquivos de programas\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 8.1.3 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Advanced SystemCare 3-->"C:\Arquivos de programas\IObit\Advanced SystemCare 3\unins000.exe"

AnyDVD-->"C:\Arquivos de programas\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Arquivos de programas\SlySoft\AnyDVD"

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

AVG Free 8.0-->C:\Arquivos de programas\AVG\AVG8\setup.exe /UNINSTALL

Barra de Ferramentas do Yahoo!-->C:\ARQUIV~1\Yahoo!\Common\UNYT_W~1.EXE

Capturex-->"C:\Arquivos de programas\Capturex\uninstall.exe"

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

CloneDVD2-->"C:\Arquivos de programas\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Arquivos de programas\Elaborate Bytes\CloneDVD2"

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

IDT Audio-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x416 -remove -removeonly

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

K-Lite Codec Pack 4.5.3 (Full)-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MP3 Rocket-->C:\Arquivos de programas\MP3 Rocket\Uninstall.exe

MV RegClean 5.9-->"C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 5.9\unins000.exe"

Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31046}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

Shiretoko (3.1a1)-->C:\Arquivos de programas\Shiretoko\uninstall\helper.exe

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 6.0-->C:\Arquivos de programas\Spyware Doctor\unins000.exe /LOG

Spyware Terminator-->"C:\Arquivos de programas\Spyware Terminator\unins000.exe"

TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}

WinAVI Video Converter-->"C:\Arquivos de programas\WinAVI Video Converter\unins000.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{37FD253D-5064-4034-8CEC-CC3995F823A4}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Spyware Doctor with AntiVirus (disabled)

AV: AVG Anti-Virus Free (disabled)

 

System event log

 

Computer Name: MACHINENAME

Event Code: 11

Message: O driver detectou um erro de controlador em \Device\Harddisk0\D.

 

Record Number: 5

Source Name: Disk

Time Written: 20090206100334.000000-120

Event Type: Erro

User:

 

Computer Name: MACHINENAME

Event Code: 2

Message: Ao se verificar se \Device\Serial0 era uma porta serial, uma fila foi detectada e será usada.

 

Record Number: 4

Source Name: Serial

Time Written: 20090206100334.000000-120

Event Type: Informações

User:

 

Computer Name: MACHINENAME

Event Code: 11

Message: O driver detectou um erro de controlador em \Device\Harddisk0\D.

 

Record Number: 3

Source Name: Disk

Time Written: 20090206100334.000000-120

Event Type: Erro

User:

 

Computer Name: MACHINENAME

Event Code: 6005

Message: O serviço Log de eventos foi iniciado.

 

Record Number: 2

Source Name: EventLog

Time Written: 20090206100314.000000-120

Event Type: Informações

User:

 

Computer Name: MACHINENAME

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20090206100314.000000-120

Event Type: Informações

User:

 

Application event log

 

Computer Name: MICRO-486191315

Event Code: 1000

Message: Os contadores de desempenho para o serviço MSDTC (MSDTC) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20090206121735.000000-120

Event Type: Informações

User:

 

Computer Name: MICRO-486191315

Event Code: 1000

Message: Os contadores de desempenho para o serviço TermService (Serviços de terminal) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20090206121733.000000-120

Event Type: Informações

User:

 

Computer Name: MICRO-486191315

Event Code: 1000

Message: Os contadores de desempenho para o serviço RemoteAccess (Roteamento e acesso remoto) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20090206121644.000000-120

Event Type: Informações

User:

 

Computer Name: MICRO-486191315

Event Code: 1000

Message: Os contadores de desempenho para o serviço PSched (PSched) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20090206121623.000000-120

Event Type: Informações

User:

 

Computer Name: MICRO-486191315

Event Code: 1000

Message: Os contadores de desempenho para o serviço RSVP (QoS RSVP) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20090206121622.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=1706

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

 

LOg:

Logfile of random's system information tool 1.05 (written by random/random)

Run by Micro at 2009-02-13 12:46:13

Microsoft Windows XP Professional Service Pack 2

System drive C: has 106 GB (89%) free of 120 GB

Total RAM: 2047 MB (78% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:51:38, on 13/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\IDT\262009123820\STacSV.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\RSIT.exe

C:\Arquivos de programas\trend micro\Micro.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E96A60-9348-4EA8-AD6A-169EAF28B57F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\262009123820\STacSV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 7124 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\1-Click Maintenance.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG8\avgssie.dll [2009-02-08 1078552]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Barra de Ferramentas do Yahoo! - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"=C:\Arquivos de programas\IDT\WDM\sttray.exe [2007-11-09 409600]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]

"AVG8_TRAY"=C:\ARQUIV~1\AVG\AVG8\avgtray.exe [2009-02-08 1601304]

"NeroFilterCheck"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

"RemoteControl"=C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2009-02-13 2267136]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

 

C:\Documents and Settings\Micro\Menu Iniciar\Programas\Inicializar

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-02-08 10520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\AVG\AVG8\avgemc.exe"="C:\Arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe"="C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Arquivos de programas\Internet Explorer\iexplore.exe"="C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Arquivos de programas\Adobe\Photoshop 7.0\ImageReady.exe"="C:\Arquivos de programas\Adobe\Photoshop 7.0\ImageReady.exe:*:Enabled:Adobe ImageReady 7.0.1"

"C:\Arquivos de programas\Java\jre1.6.0_01\bin\javaw.exe"="C:\Arquivos de programas\Java\jre1.6.0_01\bin\javaw.exe:*:Disabled:Java Platform SE binary"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\MSN Messenger\msnmsgr.exe"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Arquivos de programas\MSN Messenger\livecall.exe"="C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-02-13 12:46:13 ----D---- C:\rsit

2009-02-13 12:46:13 ----D---- C:\Arquivos de programas\trend micro

2009-02-13 12:44:39 ----A---- C:\RSIT.exe

2009-02-13 00:09:52 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Spyware Terminator

2009-02-13 00:09:50 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2009-02-13 00:09:50 ----D---- C:\Arquivos de programas\Spyware Terminator

2009-02-12 13:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-02-12 13:11:06 ----A---- C:\WINDOWS\imsins.BAK

2009-02-11 23:18:19 ----D---- C:\Arquivos de programas\Shiretoko

2009-02-10 23:28:57 ----A---- C:\WINDOWS\msnfix.txt

2009-02-10 20:49:00 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-02-10 20:49:00 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2009-02-10 20:49:00 ----A---- C:\WINDOWS\system32\xvidcore.dll

2009-02-10 20:48:59 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2009-02-10 20:48:59 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2009-02-10 20:48:59 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2009-02-10 20:48:59 ----A---- C:\WINDOWS\system32\dpl100.dll

2009-02-10 20:48:59 ----A---- C:\WINDOWS\system32\divx.dll

2009-02-10 20:48:58 ----D---- C:\Arquivos de programas\K-Lite Codec Pack

2009-02-10 14:13:38 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Media Player Classic

2009-02-09 15:55:58 ----D---- C:\Arquivos de programas\Capturex

2009-02-09 13:49:55 ----A---- C:\WINDOWS\unvpeye.ini

2009-02-09 13:49:30 ----D---- C:\Arquivos de programas\WebEye

2009-02-09 11:32:47 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Franckey

2009-02-08 15:50:56 ----D---- C:\WINDOWS\ie7updates

2009-02-08 00:32:40 ----A---- C:\WINDOWS\PhotoSnapViewer.INI

2009-02-07 19:13:48 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\CyberLink

2009-02-07 11:14:02 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Mozilla

2009-02-07 10:58:38 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools

2009-02-07 10:55:57 ----D---- C:\Arquivos de programas\Arquivos comuns\PC Tools

2009-02-07 10:47:21 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2009-02-07 10:47:14 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\PC Tools

2009-02-07 10:47:14 ----D---- C:\Arquivos de programas\Spyware Doctor

2009-02-07 10:33:22 ----D---- C:\WINDOWS\system32\CatRoot_bak

2009-02-07 10:28:18 ----D---- C:\WINDOWS\system32\PreInstall

2009-02-07 01:10:24 ----D---- C:\Arquivos de programas\WinAVI Video Converter

2009-02-07 01:02:58 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-02-07 01:02:58 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2009-02-07 00:36:38 ----D---- C:\Arquivos de programas\Marcos Velasco Security

2009-02-07 00:29:20 ----A---- C:\WINDOWS\system32\javaws.exe

2009-02-07 00:29:20 ----A---- C:\WINDOWS\system32\javaw.exe

2009-02-07 00:29:20 ----A---- C:\WINDOWS\system32\java.exe

2009-02-07 00:29:08 ----D---- C:\Arquivos de programas\Java

2009-02-07 00:29:07 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2009-02-07 00:28:58 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Sun

2009-02-07 00:27:28 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\mp3rocket

2009-02-07 00:27:27 ----D---- C:\Arquivos de programas\MP3 Rocket

2009-02-07 00:22:10 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\IObit

2009-02-07 00:22:10 ----D---- C:\Arquivos de programas\IObit

2009-02-07 00:19:26 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Yahoo!

2009-02-07 00:19:26 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2009-02-07 00:19:25 ----D---- C:\Arquivos de programas\Yahoo!

2009-02-07 00:19:24 ----D---- C:\Arquivos de programas\CCleaner

2009-02-07 00:15:33 ----A---- C:\WINDOWS\system32\TUProgSt.exe

2009-02-07 00:15:31 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-02-07 00:15:30 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\TuneUp Software

2009-02-07 00:15:30 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-02-07 00:15:21 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2009-02-07 00:15:20 ----D---- C:\Arquivos de programas\TuneUp Utilities 2009

2009-02-07 00:15:11 ----SHD---- C:\Documents and Settings\All Users\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

2009-02-07 00:02:37 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-02-06 17:25:37 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2009-02-06 17:24:19 ----D---- C:\Arquivos de programas\CyberLink DVD Solution

2009-02-06 17:24:19 ----A---- C:\Arquivos de programas\Uninstall_CDS.exe

2009-02-06 17:23:15 ----A---- C:\WINDOWS\IsUn0416.exe

2009-02-06 17:18:32 ----D---- C:\WINDOWS\pss

2009-02-06 16:35:09 ----A---- C:\WINDOWS\NeroDigital.ini

2009-02-06 15:57:09 ----SHD---- C:\RECYCLER

2009-02-06 15:05:32 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Macromedia

2009-02-06 14:42:47 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Adobe

2009-02-06 14:41:14 ----D---- C:\WINDOWS\WBEM

2009-02-06 14:41:14 ----D---- C:\WINDOWS\system32\pt-br

2009-02-06 14:40:20 ----HDC---- C:\WINDOWS\ie7

2009-02-06 14:39:54 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-02-06 14:39:51 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-06 14:39:50 ----N---- C:\WINDOWS\system32\xmllite.dll

2009-02-06 14:36:40 ----D---- C:\WINDOWS\system32\LogFiles

2009-02-06 14:35:53 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

2009-02-06 14:34:33 ----A---- C:\WINDOWS\system32\msonpmon.dll

2009-02-06 14:34:05 ----D---- C:\Arquivos de programas\Microsoft Works

2009-02-06 14:34:02 ----D---- C:\Arquivos de programas\MSBuild

2009-02-06 14:33:55 ----D---- C:\Arquivos de programas\Microsoft Visual Studio

2009-02-06 14:33:55 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER

2009-02-06 14:32:09 ----D---- C:\WINDOWS\SHELLNEW

2009-02-06 14:32:00 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2009-02-06 14:32:00 ----D---- C:\Arquivos de programas\Microsoft Office

2009-02-06 14:31:44 ----RHD---- C:\MSOCache

2009-02-06 14:29:16 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Ahead

2009-02-06 14:28:43 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2009-02-06 14:28:42 ----D---- C:\Arquivos de programas\Nero

2009-02-06 14:28:42 ----D---- C:\Arquivos de programas\Arquivos comuns\Ahead

2009-02-06 14:27:34 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2009-02-06 14:27:33 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2009-02-06 14:17:58 ----D---- C:\Arquivos de programas\MSN Messenger

2009-02-06 14:15:50 ----D---- C:\Arquivos de programas\WinRAR

2009-02-06 14:15:08 ----A---- C:\WINDOWS\system32\unrar.dll

2009-02-06 14:15:04 ----A---- C:\WINDOWS\system32\msvcr71.dll

2009-02-06 14:15:04 ----A---- C:\WINDOWS\system32\msvcp71.dll

2009-02-06 14:14:50 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-02-06 14:14:34 ----D---- C:\Arquivos de programas\Elaborate Bytes

2009-02-06 14:13:46 ----D---- C:\Arquivos de programas\SlySoft

2009-02-06 14:11:39 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2009-02-06 14:11:32 ----D---- C:\Arquivos de programas\AVG

2009-02-06 14:11:31 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2009-02-06 14:07:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2009-02-06 14:07:09 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2009-02-06 14:07:09 ----D---- C:\Arquivos de programas\Adobe

2009-02-06 12:44:04 ----D---- C:\WINDOWS\nview

2009-02-06 12:44:04 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-02-06 12:43:06 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

2009-02-06 12:38:40 ----A---- C:\WINDOWS\system32\stlang.dll

2009-02-06 12:38:40 ----A---- C:\WINDOWS\system32\stacsv.exe

2009-02-06 12:38:40 ----A---- C:\WINDOWS\system32\ksuser.dll

2009-02-06 12:38:40 ----A---- C:\WINDOWS\sttray.exe

2009-02-06 12:38:34 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-02-06 12:38:20 ----A---- C:\WINDOWS\system32\staco.dll

2009-02-06 12:38:20 ----A---- C:\WINDOWS\system32\stacapi.dll

2009-02-06 12:37:41 ----D---- C:\Arquivos de programas\IDT

2009-02-06 12:37:40 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2009-02-06 12:32:01 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-02-06 12:32:00 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-06 12:32:00 ----D---- C:\Arquivos de programas\Intel

2009-02-06 12:31:58 ----D---- C:\Intel

2009-02-06 12:31:33 ----D---- C:\WINDOWS\system32\Tools

2009-02-06 12:31:25 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2009-02-06 12:27:41 ----D---- C:\Documents and Settings\Micro\Dados de aplicativos\Identities

2009-02-06 12:27:40 ----HD---- C:\Arquivos de programas\Uninstall Information

2009-02-06 12:27:36 ----ASH---- C:\Documents and Settings\Micro\Dados de aplicativos\desktop.ini

2009-02-06 12:27:35 ----SD---- C:\Documents and Settings\Micro\Dados de aplicativos\Microsoft

2009-02-06 12:26:22 ----D---- C:\WINDOWS\SoftwareDistribution

2009-02-06 12:26:22 ----D---- C:\WINDOWS\Prefetch

2009-02-06 12:26:21 ----SD---- C:\WINDOWS\system32\Microsoft

2009-02-06 12:26:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-06 12:20:23 ----D---- C:\WINDOWS\system32\xircom

2009-02-06 12:20:23 ----D---- C:\Arquivos de programas\xerox

2009-02-06 12:20:23 ----D---- C:\Arquivos de programas\microsoft frontpage

2009-02-06 12:20:07 ----A---- C:\WINDOWS\control.ini

2009-02-06 12:20:07 ----A---- C:\AUTOEXEC.BAT

2009-02-06 12:19:58 ----A---- C:\WINDOWS\system32\mapi32.dll

2009-02-06 12:19:26 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-06 12:19:26 ----RD---- C:\WINDOWS\Offline Web Pages

2009-02-06 12:19:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-02-06 12:19:22 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-02-06 12:19:19 ----HD---- C:\Arquivos de programas\WindowsUpdate

2009-02-06 12:19:17 ----D---- C:\Arquivos de programas\Serviços on-line

2009-02-06 12:19:06 ----D---- C:\WINDOWS\system32\DirectX

2009-02-06 12:18:49 ----A---- C:\WINDOWS\system32\atrace.dll

2009-02-06 12:18:47 ----A---- C:\WINDOWS\system32\desktop.ini

2009-02-06 12:18:47 ----A---- C:\WINDOWS\desktop.ini

2009-02-06 12:18:41 ----A---- C:\WINDOWS\system32\nmevtmsg.dll

2009-02-06 12:18:40 ----A---- C:\WINDOWS\system32\acctres.dll

2009-02-06 12:18:39 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços

2009-02-06 12:18:37 ----SD---- C:\WINDOWS\Tasks

2009-02-06 12:18:37 ----A---- C:\WINDOWS\system32\icfgnt5.dll

2009-02-06 12:18:36 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap

2009-02-06 12:18:33 ----D---- C:\WINDOWS\srchasst

2009-02-06 12:18:32 ----D---- C:\WINDOWS\system32\Macromed

2009-02-06 12:18:30 ----A---- C:\WINDOWS\system32\wuweb.dll

2009-02-06 12:18:30 ----A---- C:\WINDOWS\system32\wucltui.dll

2009-02-06 12:18:30 ----A---- C:\WINDOWS\system32\wuauserv.dll

2009-02-06 12:18:30 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\wups.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\wuaueng.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\wuauclt.exe

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\wuapi.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\qmgr.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2009-02-06 12:18:29 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2009-02-06 12:18:25 ----D---- C:\Arquivos de programas\Movie Maker

2009-02-06 12:18:22 ----A---- C:\WINDOWS\system32\safrslv.dll

2009-02-06 12:18:22 ----A---- C:\WINDOWS\system32\safrdm.dll

2009-02-06 12:18:22 ----A---- C:\WINDOWS\system32\safrcdlg.dll

2009-02-06 12:18:22 ----A---- C:\WINDOWS\system32\racpldlg.dll

2009-02-06 12:18:19 ----D---- C:\WINDOWS\system32\Restore

2009-02-06 12:18:19 ----A---- C:\WINDOWS\system32\srrstr.dll

2009-02-06 12:18:19 ----A---- C:\WINDOWS\system32\fltMc.exe

2009-02-06 12:18:19 ----A---- C:\WINDOWS\system32\fltlib.dll

2009-02-06 12:18:18 ----A---- C:\WINDOWS\system32\srsvc.dll

2009-02-06 12:18:18 ----A---- C:\WINDOWS\system32\srclient.dll

2009-02-06 12:18:18 ----A---- C:\WINDOWS\system32\mnmdd.dll

2009-02-06 12:18:18 ----A---- C:\WINDOWS\system32\isrdbg32.dll

2009-02-06 12:18:18 ----A---- C:\WINDOWS\system32\ils.dll

2009-02-06 12:18:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll

2009-02-06 12:18:17 ----A---- C:\WINDOWS\system32\msconf.dll

2009-02-06 12:18:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe

2009-02-06 12:18:15 ----D---- C:\Arquivos de programas\NetMeeting

2009-02-06 12:18:15 ----A---- C:\WINDOWS\system32\msoert2.dll

2009-02-06 12:18:15 ----A---- C:\WINDOWS\system32\msoeacct.dll

2009-02-06 12:18:14 ----A---- C:\WINDOWS\system32\inetres.dll

2009-02-06 12:18:14 ----A---- C:\WINDOWS\system32\inetcomm.dll

2009-02-06 12:18:12 ----D---- C:\Arquivos de programas\Outlook Express

2009-02-06 12:18:12 ----A---- C:\WINDOWS\system32\schedsvc.dll

2009-02-06 12:18:12 ----A---- C:\WINDOWS\system32\mstinit.exe

2009-02-06 12:18:12 ----A---- C:\WINDOWS\system32\mstask.dll

2009-02-06 12:18:12 ----A---- C:\WINDOWS\system32\icwphbk.dll

2009-02-06 12:18:11 ----A---- C:\WINDOWS\system32\isign32.dll

2009-02-06 12:18:11 ----A---- C:\WINDOWS\system32\inetcfg.dll

2009-02-06 12:18:11 ----A---- C:\WINDOWS\system32\icwdial.dll

2009-02-06 12:18:07 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2009-02-06 12:18:06 ----D---- C:\Arquivos de programas\Internet Explorer

2009-02-06 12:17:43 ----D---- C:\Arquivos de programas\ComPlus Applications

2009-02-06 12:17:42 ----A---- C:\WINDOWS\vbaddin.ini

2009-02-06 12:17:42 ----A---- C:\WINDOWS\vb.ini

2009-02-06 12:17:38 ----D---- C:\WINDOWS\Registration

2009-02-06 12:17:33 ----D---- C:\Arquivos de programas\Windows Media Player

2009-02-06 12:17:29 ----D---- C:\Arquivos de programas\Messenger

2009-02-06 12:17:26 ----D---- C:\Arquivos de programas\MSN Gaming Zone

2009-02-06 12:17:26 ----A---- C:\WINDOWS\system32\write.exe

2009-02-06 12:17:19 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-02-06 12:17:19 ----A---- C:\WINDOWS\system32\hticons.dll

2009-02-06 12:17:19 ----A---- C:\WINDOWS\system32\avwav.dll

2009-02-06 12:17:19 ----A---- C:\WINDOWS\system32\avmeter.dll

2009-02-06 12:17:18 ----A---- C:\WINDOWS\system32\winchat.exe

2009-02-06 12:17:18 ----A---- C:\WINDOWS\system32\avtapi.dll

2009-02-06 12:17:12 ----A---- C:\WINDOWS\system32\sol.exe

2009-02-06 12:17:12 ----A---- C:\WINDOWS\system32\getuname.dll

2009-02-06 12:17:12 ----A---- C:\WINDOWS\system32\charmap.exe

2009-02-06 12:17:12 ----A---- C:\WINDOWS\system32\calc.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\winmine.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\tslabels.ini

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\tskill.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\tscon.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\reset.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\mshearts.exe

2009-02-06 12:17:11 ----A---- C:\WINDOWS\system32\freecell.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\shadow.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\rwinsta.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\regini.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\qwinsta.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\qappsrv.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\msg.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\logoff.exe

2009-02-06 12:17:10 ----A---- C:\WINDOWS\system32\cdmodem.dll

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\stclient.dll

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\mtxex.dll

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\mtxdm.dll

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\comrepl.dll

2009-02-06 12:17:09 ----A---- C:\WINDOWS\system32\comaddin.dll

2009-02-06 12:17:08 ----A---- C:\WINDOWS\system32\comsnap.dll

2009-02-06 12:17:04 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2009-02-06 12:17:03 ----D---- C:\Arquivos de programas\Windows NT

2009-02-06 12:17:03 ----A---- C:\WINDOWS\system32\sndrec32.exe

2009-02-06 12:17:03 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-02-06 12:17:03 ----A---- C:\WINDOWS\system32\hypertrm.dll

2009-02-06 12:17:03 ----A---- C:\WINDOWS\system32\accwiz.exe

2009-02-06 12:17:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2009-02-06 12:17:02 ----A---- C:\WINDOWS\system32\spider.exe

2009-02-06 12:17:02 ----A---- C:\WINDOWS\system32\mspaint.exe

2009-02-06 12:17:02 ----A---- C:\WINDOWS\system32\clipbrd.exe

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\termsrv.dll

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\sessmgr.exe

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\remotepg.dll

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\rdshost.exe

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\rdchost.dll

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\mstscax.dll

2009-02-06 12:17:01 ----A---- C:\WINDOWS\system32\mstsc.exe

2009-02-06 12:17:00 ----D---- C:\WINDOWS\system32\MsDtc

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\rdpclip.exe

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\qprocess.exe

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\mtxoci.dll

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\icaapi.dll

2009-02-06 12:17:00 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2009-02-06 12:16:59 ----A---- C:\WINDOWS\system32\xolehlp.dll

2009-02-06 12:16:59 ----A---- C:\WINDOWS\system32\msdtctm.dll

2009-02-06 12:16:59 ----A---- C:\WINDOWS\system32\msdtclog.dll

2009-02-06 12:16:59 ----A---- C:\WINDOWS\system32\msdtc.exe

2009-02-06 12:16:58 ----D---- C:\WINDOWS\system32\Com

2009-02-06 12:16:58 ----A---- C:\WINDOWS\system32\colbact.dll

2009-02-06 12:16:58 ----A---- C:\WINDOWS\system32\clbcatex.dll

2009-02-06 12:16:58 ----A---- C:\WINDOWS\system32\catsrvut.dll

2009-02-06 12:16:58 ----A---- C:\WINDOWS\system32\catsrvps.dll

2009-02-06 12:16:58 ----A---- C:\WINDOWS\system32\catsrv.dll

2009-02-06 12:16:57 ----A---- C:\WINDOWS\system32\comuid.dll

2009-02-06 12:16:57 ----A---- C:\WINDOWS\system32\comsvcs.dll

2009-02-06 12:16:57 ----A---- C:\WINDOWS\system32\clbcatq.dll

2009-02-06 12:16:52 ----A---- C:\WINDOWS\system32\servdeps.dll

2009-02-06 12:16:52 ----A---- C:\WINDOWS\system32\mmfutil.dll

2009-02-06 12:16:52 ----A---- C:\WINDOWS\system32\licwmi.dll

2009-02-06 12:16:51 ----A---- C:\WINDOWS\system32\cmprops.dll

2009-02-06 10:16:12 ----A---- C:\WINDOWS\system32\h323log.txt

2009-02-06 10:04:52 ----A---- C:\WINDOWS\system32\usbui.dll

2009-02-06 10:04:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-06 10:04:09 ----SHD---- C:\WINDOWS\Installer

2009-02-06 10:04:09 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC

2009-02-06 10:04:09 ----A---- C:\WINDOWS\ODBCINST.INI

2009-02-06 10:04:06 ----RD---- C:\Arquivos de programas

2009-02-06 10:04:06 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2009-02-06 10:04:06 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-02-06 10:04:06 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-02-06 10:04:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll

2009-02-06 10:04:03 ----RA---- C:\WINDOWS\system32\kbdtuq.dll

2009-02-06 10:04:03 ----RA---- C:\WINDOWS\system32\kbdtuf.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdycc.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbduzb.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdur.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdtat.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdru1.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdru.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdmon.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdkyr.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdkaz.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdbu.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdblr.dll

2009-02-06 10:04:02 ----RA---- C:\WINDOWS\system32\kbdaze.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdhept.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdhela3.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdhela2.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdhe319.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdhe220.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdhe.dll

2009-02-06 10:04:00 ----RA---- C:\WINDOWS\system32\kbdgkl.dll

2009-02-06 10:03:59 ----RA---- C:\WINDOWS\system32\kbdlv1.dll

2009-02-06 10:03:59 ----RA---- C:\WINDOWS\system32\kbdlv.dll

2009-02-06 10:03:59 ----RA---- C:\WINDOWS\system32\kbdlt1.dll

2009-02-06 10:03:59 ----RA---- C:\WINDOWS\system32\kbdlt.dll

2009-02-06 10:03:59 ----RA---- C:\WINDOWS\system32\kbdest.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdycl.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdsl1.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdsl.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdro.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdpl1.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdpl.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdhu1.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdhu.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdcz2.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdcz1.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdcz.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\kbdcr.dll

2009-02-06 10:03:57 ----RA---- C:\WINDOWS\system32\KBDAL.DLL

2009-02-06 10:03:55 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-02-06 10:03:55 ----A---- C:\WINDOWS\system32\irclass.dll

2009-02-06 10:03:55 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2009-02-06 10:03:55 ----A---- C:\WINDOWS\system32\dgsetup.dll

2009-02-06 10:03:55 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2009-02-06 10:03:53 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-02-06 10:03:52 ----A---- C:\WINDOWS\system32\batt.dll

2009-02-06 10:03:52 ----A---- C:\WINDOWS\NOTEPAD.EXE

2009-02-06 10:03:51 ----A---- C:\WINDOWS\system32\storprop.dll

2009-02-06 10:03:46 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

2009-02-06 10:03:36 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-06 10:03:36 ----D---- C:\WINDOWS\system32\CatRoot

2009-02-06 10:03:30 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-02-06 10:03:09 ----D---- C:\Documents and Settings

2009-02-06 10:03:08 ----SHD---- C:\System Volume Information

2009-02-06 10:02:33 ----SH---- C:\boot.ini

2009-02-06 09:58:45 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-02-06 09:58:45 ----RSD---- C:\WINDOWS\Fonts

2009-02-06 09:58:45 ----RD---- C:\WINDOWS\Web

2009-02-06 09:58:45 ----HD---- C:\WINDOWS\inf

2009-02-06 09:58:45 ----D---- C:\WINDOWS\WinSxS

2009-02-06 09:58:45 ----D---- C:\WINDOWS\twain_32

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Temp

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\wins

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\wbem

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\usmt

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\spool

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\ShellExt

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\Setup

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\ras

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\oobe

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\npp

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\mui

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\inetsrv

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\IME

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\icsxml

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\ias

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\export

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\drivers

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\dhcp

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\config

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\3com_dmi

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\3076

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\2052

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1054

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1046

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1042

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1041

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1037

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1033

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1031

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1028

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32\1025

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system32

2009-02-06 09:58:45 ----D---- C:\WINDOWS\system

2009-02-06 09:58:45 ----D---- C:\WINDOWS\security

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Resources

2009-02-06 09:58:45 ----D---- C:\WINDOWS\repair

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Provisioning

2009-02-06 09:58:45 ----D---- C:\WINDOWS\PeerNet

2009-02-06 09:58:45 ----D---- C:\WINDOWS\pchealth

2009-02-06 09:58:45 ----D---- C:\WINDOWS\mui

2009-02-06 09:58:45 ----D---- C:\WINDOWS\msapps

2009-02-06 09:58:45 ----D---- C:\WINDOWS\msagent

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Media

2009-02-06 09:58:45 ----D---- C:\WINDOWS\java

2009-02-06 09:58:45 ----D---- C:\WINDOWS\ime

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Help

2009-02-06 09:58:45 ----D---- C:\WINDOWS\ehome

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Driver Cache

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Debug

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Cursors

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Connection Wizard

2009-02-06 09:58:45 ----D---- C:\WINDOWS\Config

2009-02-06 09:58:45 ----D---- C:\WINDOWS\AppPatch

2009-02-06 09:58:45 ----D---- C:\WINDOWS\addins

2009-02-06 09:58:45 ----D---- C:\WINDOWS

 

======List of files/folders modified in the last 1 months======

 

2009-02-09 14:01:49 ----A---- C:\WINDOWS\win.ini

2009-02-06 17:18:48 ----A---- C:\WINDOWS\system.ini

2009-01-16 21:16:40 ----A---- C:\WINDOWS\system32\mshtml.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-08 325128]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-08 27656]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-08 107272]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-08-02 19200]

R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]

R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-11-09 1260744]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]

S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]

S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]

S3 PciCon;PciCon; \??\D:\PciCon.sys []

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avg8emc;AVG Free8 E-mail Scanner; C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2009-02-08 903960]

R2 avg8wd;AVG Free8 WatchDog; C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2009-02-08 298264]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2009-02-13 540672]

R2 STacSV;Audio Service; C:\Arquivos de programas\IDT\262009123820\STacSV.exe [2007-11-09 212992]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-02-07 603904]

R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 sdAuxService;PC Tools Auxiliary Service; C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]

S3 sdCoreService;PC Tools Security Service; C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-02-07 360192]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-05-17 825344]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

[DigRam 144]

Bom Dia! survivorman

 

<@> Baixe: < EliStarA >

<@> Na página,clique no botão: Descargar EliStarA v xx.xx,que fica situado ao pé da página.

<@> Salve-a no Desktop!

<@> Desabilite a(s) proteções residente,de antiVírus ou antiSpywares.

<@> Reinicie o computador em Modo de Segurança. <-- Importante!

<@> Vá ao ícone de EliStarA e execute-a!

<@> Aguarde o término do scan,e dê prosseguimento ao escaneamento exploratório.

<@> Terminando,será gerado um relatório ( infoSat.txt ),no Disco Local-C.

<@> A ferramenta,por opção,deletará a sua página inicial!

<@> Posteriormente,voçê à estabelecerá novamente!

<@> Reinicie,normalmente,o computador!

<@> Faça e poste,na sua resposta: infoSat.txt + HijackThis,atualizado.

 

Abraços!

[survivorman 0]

Ola DIg Segue Os lOgs PAra Analise ^^

 

 

hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 14:50:37, on 15/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\IDT\262009123820\STacSV.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

E:\NFS Carbon\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E96A60-9348-4EA8-AD6A-169EAF28B57F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\262009123820\STacSV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

 

INfosat :

 

Sun Feb 15 14:52:50 2009

EliStartPage v18.01 ©2009 S.G.H. / Satinfo S.L. (Actualizado el 13 de Febrero del 2009)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando "C:\"

 

Nº Total de Directorios: 2446

Nº Total de Ficheros: 36863

Nº de Ficheros Analizados: 13602

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

[DigRam 144]

Bom Dia! survivorman

 

<!> EliStarA,não detectou o problema aludido!

<!> Procure colocar o hosts de forma padronizada,caso não o utilize para alguns bloqueios de sites.

<><><><><><><><><><>

<@> Faça uma verificação,ao arquivo Hosts,e veja se está no padrão.

<@> No Windows XP,verifique: => C:\WINDOWS\System32\Drivers\etc <--

<@> Abra esta pasta,e localize o arquivo Hosts.

<@> Abra-o com o Bloco de Notas!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

<@> No Hosts,padronizado,não poderemos ter informações,abaixo de 127.0.0.1 localhost,que indiquem sites de antivírus.

 

<!> Tendo dúvidas,baixe e execute esta ferramenta: < HostsXpert >

 

<@> Ela colocará o Hosts,no padrão!

<@> Ocorrendo algum erro,em sua execução,clique em Make Writable e repita o procedimento.

<><><><><><><><><><>

<@> Salve-a no Desktop!

<@> Descompacte-a e execute: HostsXpert.exe

<@> Feche todas as janelas e o navegador!

<@> Clique em Restore Microsoft's Hosts file --> Ok.

<@> Finalize o programa e reinicie o computador!

<><><><><><><><><><>

<@> Vá a este link,e baixe: < alwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Rápido!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[survivorman 0]

Bom dia Dig ! BEm fiz procedimentos Como voce me DIsse,agardo Resposta ABraços !

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:59:23, on 16/2/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\IDT\262009123820\STacSV.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

E:\NFS Carbon\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{C0E96A60-9348-4EA8-AD6A-169EAF28B57F}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Arquivos de programas\IDT\262009123820\STacSV.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

 

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1765

Windows 5.1.2600 Service Pack 2

 

16/2/2009 11:55:39

mbam-log-2009-02-16 (11-55-39).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 59539

Tempo decorrido: 59 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[DigRam 144]

Boa Tarde! survivorman

 

<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<!> Depois,desmarque novamente! --> Aplicar --> Ok.

<!> Para maiores detalhes,vá em: < Docs >

-----------------------------

<!> Os logs estão limpos! :thumbsup:

<!> Tudo Ok?

 

Abraços!

[Mário Monteiro 179]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.