[Arquivado] Erros no pc

[Drumer 0]

Ola pessoal estou aqui pedindo um help p meu pc, eu acabei de formata-lo dai por um pen drive entrou um virus e agora tds programas q vou instalar nao rodam, ou ficam com erros e acabam nao funcionando direito, passei o avast e nao detectou nada!! Aqui vai meu log espero q possam me ajudar a resolver isso, pois estou cheio d formata-lo! please help me!!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:37:56, on 2/26/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\OBjectDock\ObjectDock.exe

C:\Arquivos de programas\UberIcon\UberIcon Manager.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8513 bytes

[DigRam 144]

Bom Dia! Drumer

 

<@> Baixe: < > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Drumer 0]

Pronto consegui passar o Combofix aki vai o log

 

 

ComboFix 09-02-28.01 - UserName 2009-02-28 18:00:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.959.653 [GMT -3:00]

Executando de: c:\documents and settings\UserName\Desktop\KomboFix.exe

AV: avast! antivirus 4.7.1043 [VPS 090227-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador\Dados de aplicativos\drivers\downld

C:\InfoSat.txt

C:\Muestras

c:\windows\system32\AVSredirect.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))

.

 

2009-02-27 12:36 . 2009-02-27 14:20 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Media Player Classic

2009-02-27 12:36 . 2009-02-27 14:20 <DIR> d-------- c:\arquivos de programas\Real Alternative

2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d-------- c:\arquivos de programas\Real

2009-02-26 18:36 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

2009-02-26 18:36 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

2009-02-26 18:36 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

2009-02-26 18:36 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

2009-02-26 18:36 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

2009-02-26 18:36 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

2009-02-26 18:36 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

2009-02-25 21:54 . 2009-02-26 20:32 1,374 --a------ c:\windows\imsins.BAK

2009-02-25 18:22 . 2009-02-25 18:22 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Motive

2009-02-25 18:20 . 2009-02-25 18:20 <DIR> d-------- c:\arquivos de programas\Motive

2009-02-25 18:13 . 2009-02-25 18:13 64 --a------ c:\windows\Wininit.ini

2009-02-25 14:23 . 2009-02-25 21:57 <DIR> d-------- c:\arquivos de programas\DreaMule

2009-02-25 14:20 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll

2009-02-25 14:20 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll

2009-02-25 14:20 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll

2009-02-25 14:20 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll

2009-02-24 19:53 . 2009-02-24 19:53 <DIR> d-------- c:\documents and settings\UserName\Configuraes locais

2009-02-24 18:08 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-02-24 18:08 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-02-24 18:08 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-24 18:08 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-02-24 18:08 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-02-24 18:08 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-02-24 18:08 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-02-24 18:08 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-24 18:08 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-02-24 17:54 . 2009-02-24 17:54 <DIR> d-------- c:\arquivos de programas\SUPER

2009-02-23 23:11 . 2009-02-23 23:11 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Any Video Converter

2009-02-23 23:06 . 2009-02-23 23:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Adobe Systems

2009-02-23 21:48 . 2009-02-27 22:55 69 --a------ c:\windows\NeroDigital.ini

2009-02-22 13:11 . 2004-08-04 00:36 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys

2009-02-22 12:44 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-02-22 12:44 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-22 12:44 . 2008-08-14 07:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2009-02-22 12:43 . 2008-12-20 19:47 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll

2009-02-22 12:43 . 2008-12-20 19:47 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll

2009-02-22 12:42 . 2009-01-16 21:16 3,594,752 -----c--- c:\windows\system32\dllcache\mshtml.dll

2009-02-22 12:41 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-22 12:41 . 2008-09-15 12:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-22 12:36 . 2008-04-11 16:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-22 12:36 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-22 12:36 . 2008-12-11 07:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-22 12:36 . 2008-05-08 11:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-22 12:34 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-22 12:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-02-22 12:06 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-02-22 12:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-02-22 11:33 . 2009-02-22 11:33 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Sony Corporation

2009-02-22 11:24 . 2006-11-02 16:57 118,520 --a------ c:\windows\system32\PxInsI64.exe

2009-02-22 11:24 . 2006-10-18 19:43 115,960 --a------ c:\windows\system32\PxCpyI64.exe

2009-02-22 11:24 . 2006-11-02 16:57 36,624 --a------ c:\windows\system32\drivers\pxhelp20.sys

2009-02-22 11:24 . 2006-08-28 21:48 2,560 --a------ c:\windows\system32\drivers\cdralw2k.sys

2009-02-22 11:24 . 2006-08-28 21:48 2,432 --a------ c:\windows\system32\drivers\cdr4_xp.sys

2009-02-22 11:22 . 2009-02-22 11:22 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\InstallShield

2009-02-21 20:15 . 2009-02-25 14:10 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-21 19:24 . 2009-02-21 19:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Zylom

2009-02-21 19:23 . 2005-02-12 20:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax

2009-02-21 19:23 . 2005-02-05 20:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax

2009-02-21 19:23 . 2005-02-12 20:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax

2009-02-21 19:23 . 2005-02-12 20:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax

2009-02-21 19:22 . 2005-01-17 20:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax

2009-02-21 19:22 . 2006-08-16 11:53 175,104 -r-hs---- c:\windows\system32\CoreAAC.ax

2009-02-21 19:22 . 2005-02-22 13:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax

2009-02-21 19:20 . 2009-02-21 19:20 <DIR> d-------- c:\arquivos de programas\eRightSoft

2009-02-21 18:48 . 2009-02-28 17:49 <DIR> d-------- c:\documents and settings\UserName\Tracing

2009-02-21 18:26 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-02-21 18:26 . 2007-08-10 08:12 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-02-21 17:50 . 2009-02-21 17:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2009-02-21 15:17 . 2009-02-21 15:17 <DIR> d---s---- c:\documents and settings\UserName\UserData

2009-02-21 15:14 . 2008-04-13 15:45 52,864 --a------ c:\windows\system32\drivers\dmusic.sys

2009-02-21 15:14 . 2008-04-13 15:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys

2009-02-21 15:13 . 2008-04-13 23:21 129,536 --a------ c:\windows\system32\ksproxy.ax

2009-02-21 15:13 . 2008-04-13 15:39 7,552 --a------ c:\windows\system32\drivers\mskssrv.sys

2009-02-21 15:13 . 2008-04-13 15:39 5,376 --a------ c:\windows\system32\drivers\mspclock.sys

2009-02-21 15:13 . 2008-04-13 15:39 4,992 --a------ c:\windows\system32\drivers\mspqm.sys

2009-02-21 15:13 . 2008-04-13 23:20 4,096 --a------ c:\windows\system32\ksuser.dll

2009-02-21 15:13 . 2001-07-05 21:19 164 -r------- c:\windows\avrack.ini

2009-02-21 15:12 . 2005-07-22 11:56 18,763,776 -ra------ c:\windows\system32\ALSNDMGR.CPL

2009-02-21 15:12 . 2005-07-22 11:59 10,458,112 -ra------ c:\windows\system32\RTLCPL.EXE

2009-02-21 15:12 . 2005-07-26 14:03 3,644,032 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS

2009-02-21 15:12 . 2005-06-02 13:31 294,912 -r------- c:\windows\alcupd.exe

2009-02-21 15:12 . 2005-06-02 13:43 200,704 -r------- c:\windows\alcrmv.exe

2009-02-21 15:12 . 2004-09-07 11:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll

2009-02-21 15:12 . 2002-02-05 10:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV

2009-02-21 15:12 . 2005-07-22 12:00 81,920 -ra------ c:\windows\SOUNDMAN.EXE

2009-02-21 15:12 . 2005-07-15 13:48 40,960 -r------- c:\windows\system32\ChCfg.exe

2009-02-21 15:08 . 2009-02-21 15:18 14,098 --a------ c:\windows\Ascd_tmp.ini

2009-02-21 15:08 . 2004-04-27 12:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS

2009-02-21 15:08 . 2004-08-13 07:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys

2009-02-21 15:01 . 2009-02-21 15:17 <DIR> d-------- c:\documents and settings\UserName\Contacts

2009-02-21 14:58 . 2009-02-21 14:35 <DIR> d--h----- c:\documents and settings\UserName\Modelos

2009-02-21 14:58 . 2009-02-24 20:34 <DIR> dr------- c:\documents and settings\UserName\Meus documentos

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> dr------- c:\documents and settings\UserName\Menu Iniciar

2009-02-21 14:58 . 2009-02-24 19:08 <DIR> dr------- c:\documents and settings\UserName\Favoritos

2009-02-21 14:58 . 2009-02-27 12:36 <DIR> dr-h----- c:\documents and settings\UserName\Dados de aplicativos

2009-02-21 14:58 . 2009-02-28 18:01 <DIR> d--h----- c:\documents and settings\UserName\Configurações locais

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> d--h----- c:\documents and settings\UserName\Ambiente de rede

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> d--h----- c:\documents and settings\UserName\Ambiente de impressão

2009-02-21 14:58 . 2009-02-28 14:42 <DIR> d-------- c:\documents and settings\UserName

2009-02-21 14:58 . 2004-08-03 22:45 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-21 14:58 . 2009-02-21 15:09 1,100 --a------ c:\windows\system32\d3d8caps.dat

2009-02-21 14:52 . 2001-09-06 07:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex

2009-02-21 14:51 . 2008-04-13 23:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2009-02-21 14:50 . 2003-04-14 20:54 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll

2009-02-21 14:50 . 2001-09-06 07:00 171,520 --a--c--- c:\windows\system32\dllcache\iisui.dll

2009-02-21 14:50 . 2001-09-06 07:00 96,256 --a--c--- c:\windows\system32\dllcache\certmap.ocx

2009-02-21 14:50 . 2001-09-06 07:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll

2009-02-21 14:50 . 2001-09-06 07:00 14,848 --a--c--- c:\windows\system32\dllcache\iisreset.exe

2009-02-21 14:50 . 2001-09-06 07:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe

2009-02-21 14:50 . 2001-09-06 07:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll

2009-02-21 14:50 . 2001-09-06 07:00 5,632 --a--c--- c:\windows\system32\dllcache\iisrstap.dll

2009-02-21 14:50 . 2009-02-21 14:50 421 --a------ c:\windows\ODBC.INI

2009-02-21 14:46 . 2004-09-19 15:27 172,032 --a------ c:\windows\system32\LClock.cpl

2009-02-21 14:46 . 2004-04-18 14:31 661 --a------ c:\windows\system32\LClock.cpl.manifest

2009-02-21 14:44 . 2009-02-21 18:25 <DIR> d-------- c:\arquivos de programas\MSN Messenger

2009-02-21 14:44 . 2004-07-26 12:16 1,568,768 --a------ c:\windows\system32\imagX7.dll

2009-02-21 14:44 . 2003-03-18 20:12 1,047,552 --a------ c:\windows\system32\mfc71u.dll

2009-02-21 14:44 . 2004-07-26 12:16 476,320 --a------ c:\windows\system32\imagXpr7.dll

2009-02-21 14:44 . 2004-07-26 12:16 471,040 --a------ c:\windows\system32\imagXRA7.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-28 21:01 --------- d--h--w c:\documents and settings\Administrador\Dados de aplicativos\drivers

2009-02-25 21:30 --------- d-----w c:\arquivos de programas\ESET

2009-02-25 21:21 --------- d-----w c:\arquivos de programas\Common Files

2009-02-25 21:21 --------- d-----w c:\arquivos de programas\Assistente Tecnico Speedy

2009-02-24 23:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-24 20:54 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2009-02-24 02:08 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-02-22 14:29 --------- d-----w c:\arquivos de programas\TopDesk

2009-02-21 23:21 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-02-21 18:47 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-21 18:13 --------- d-----w c:\arquivos de programas\Realtek AC97

2009-02-21 18:13 --------- d-----w c:\arquivos de programas\AvRack

2009-02-21 17:46 --------- d-----w c:\arquivos de programas\LClock

2009-02-21 17:44 --------- d-----w c:\arquivos de programas\Nero

2009-02-21 17:37 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-21 17:36 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-02-21 15:58 --------- d-----w c:\arquivos de programas\Google

2009-02-21 15:39 155,995 ----a-w c:\windows\java\Packages\DRTBXV9Z.ZIP

2009-02-21 14:30 --------- d-----w c:\arquivos de programas\lg_fwupdate

2009-02-20 20:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Any Video Converter

2009-02-20 12:43 --------- d-----w c:\arquivos de programas\Ahead

2009-02-18 19:02 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\vghd

2009-02-18 19:02 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-18 19:02 --------- d-----w c:\arquivos de programas\CCleaner

2009-02-04 16:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Playrix Entertainment

2009-01-24 17:53 --------- d-----w c:\arquivos de programas\Adverts

2009-01-24 17:42 --------- d-----w c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-24 17:42 --------- d-----w c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-24 16:17 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-01-24 16:14 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Oneface

2009-01-24 16:13 --------- d-----w c:\arquivos de programas\Oneface

2009-01-24 16:13 --------- d-----w c:\arquivos de programas\MessengerPlus! 3

2009-01-24 15:22 401,720 ----a-w C:\HiJackThis.exe

2009-01-24 14:09 1,044,168 ----a-w C:\vbrun60sp5.exe

2009-01-23 13:48 --------- d-----w c:\arquivos de programas\Alwil Software

2009-01-23 12:57 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2009-01-21 13:54 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Zylom

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-21 171448]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]

"Vistadrv"="c:\windows\HDbar\vsdrv.exe" [2006-07-30 121089]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-01-24 15872]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Default User.WINDOWS\Menu Iniciar\Programas\Inicializar\

ObjectDock.lnk - c:\arquivos de programas\OBjectDock\ObjectDock.exe [2008-08-30 1826885]

UberIcon.lnk - c:\arquivos de programas\UberIcon\UberIcon Manager.exe [2008-08-30 188416]

VisualTaskTips.lnk - c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-08-30 36864]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-07 385024]

ObjectDock.lnk - c:\arquivos de programas\OBjectDock\ObjectDock.exe [2008-08-30 1826885]

UberIcon.lnk - c:\arquivos de programas\UberIcon\UberIcon Manager.exe [2008-08-30 188416]

VisualTaskTips.lnk - c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-08-30 36864]

 

c:\documents and settings\UserName\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-07 385024]

ObjectDock.lnk - c:\arquivos de programas\OBjectDock\ObjectDock.exe [2008-08-30 1826885]

UberIcon.lnk - c:\arquivos de programas\UberIcon\UberIcon Manager.exe [2008-08-30 188416]

VisualTaskTips.lnk - c:\arquivos de programas\VisualTaskTips\VisualTaskTips.exe [2008-08-30 36864]

 

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-08-30 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\Resources\Logon\Newlogo.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56899:TCP"= 56899:TCP:Pando P2P TCP Listening Port

"56899:UDP"= 56899:UDP:Pando P2P UDP Listening Port

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-24 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {17F4F1FF-78EC-420C-823C-FCC75D81DB43} = 200.204.0.138 200.204.0.10

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\UserName\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-28 18:01:19

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-02-28 18:02:28

ComboFix-quarantined-files.txt 2009-02-28 21:02:26

 

Pré-execução: 14 pasta(s) 82.969.591.808 bytes disponíveis

Pós execução: 13 pasta(s) 83,104,792,576 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

285 --- E O F --- 2009-02-28 17:42:31

 

 

E agora o log d Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:35, on 2/28/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\OBjectDock\ObjectDock.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\UberIcon\UberIcon Manager.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8500 bytes

[DigRam 144]

Boa Noite! Drumer

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

<><><><><><><><><><><>

<@> Vá a este link,e baixe: < alwarebytes >

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

[Drumer 0]

Vai aqui relatório do malwarebytes

 

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1813

Windows 5.1.2600 Service Pack 3

 

2/28/aaaa 22:42:50

mbam-log-2009-02-28 (22-42-50).txt

 

Tipo de Verificação: Completa (C:\|E:\|)

Objetos verificados: 170956

Tempo decorrido: 29 minute(s), 47 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Agora Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:44:56, on 2/28/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\OBjectDock\ObjectDock.exe

C:\Arquivos de programas\UberIcon\UberIcon Manager.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\wscntfy.exe

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8162 bytes

[DigRam 144]

Bom Dia! Drumer

 

<!> Desinstale:

 

C:\Arquivos de programas\UberIcon <--

 

C:\Arquivos de programas\VisualTaskTips <--

 

C:\Arquivos de programas\OBjectDock <--

 

<!> Reinicie,após cada desinstalação!

<!> Apague,também,suas pastas.

<><><><><><><><><><><><><>

<!> Desabilite seus programas de proteção: Avast / Spybot ( TeaTimer )

<><><><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

c:\arquivos de programas\Adverts\uninst.exe

c:\windows\Resources\Logon\Newlogo.exe

c:\windows\HDbar\vsdrv.exe

Reglock::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

Registry::

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vistadrv"=-

Folder::

c:\arquivos de programas\Adverts

Dirlook::

c:\windows\HDbar

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[Drumer 0]

Bom Dia DigRam

 

Aqui vai relatórios Com Fix

 

ComboFix 09-02-28.01 - UserName 2009-03-01 10:34:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.959.667 [GMT -3:00]

Executando de: c:\documents and settings\UserName\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\UserName\Desktop\CFScript.txt

AV: avast! antivirus 4.7.1043 [VPS 090228-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\arquivos de programas\Adverts\uninst.exe

c:\windows\HDbar\vsdrv.exe

c:\windows\Resources\Logon\Newlogo.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\Adverts

c:\windows\HDbar\vsdrv.exe

c:\windows\Resources\Logon\Newlogo.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-01 to 2009-03-01 ))))))))))))))))))))))))))))

.

 

2009-02-28 22:09 . 2009-02-28 22:09 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Malwarebytes

2009-02-28 22:09 . 2009-02-28 22:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-02-28 22:09 . 2009-02-28 22:09 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-28 22:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-28 22:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-28 17:57 . 2009-02-28 18:02 <DIR> d-------- C:\KomboFix

2009-02-27 12:36 . 2009-02-27 14:20 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Media Player Classic

2009-02-27 12:36 . 2009-02-27 14:20 <DIR> d-------- c:\arquivos de programas\Real Alternative

2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d-------- c:\arquivos de programas\Real

2009-02-26 18:36 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

2009-02-26 18:36 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

2009-02-26 18:36 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

2009-02-26 18:36 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

2009-02-26 18:36 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

2009-02-26 18:36 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

2009-02-26 18:36 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

2009-02-25 21:54 . 2009-03-01 10:20 1,891 --a------ c:\windows\imsins.BAK

2009-02-25 18:22 . 2009-02-25 18:22 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Motive

2009-02-25 18:20 . 2009-02-25 18:20 <DIR> d-------- c:\arquivos de programas\Motive

2009-02-25 18:13 . 2009-02-25 18:13 64 --a------ c:\windows\Wininit.ini

2009-02-25 14:23 . 2009-02-25 21:57 <DIR> d-------- c:\arquivos de programas\DreaMule

2009-02-25 14:20 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll

2009-02-25 14:20 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll

2009-02-25 14:20 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll

2009-02-25 14:20 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll

2009-02-24 19:53 . 2009-02-24 19:53 <DIR> d-------- c:\documents and settings\UserName\Configuraes locais

2009-02-24 18:08 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-02-24 18:08 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-02-24 18:08 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-24 18:08 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-02-24 18:08 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-02-24 18:08 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-02-24 18:08 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-02-24 18:08 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-24 18:08 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-02-24 17:54 . 2009-02-24 17:54 <DIR> d-------- c:\arquivos de programas\SUPER

2009-02-23 23:11 . 2009-02-23 23:11 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Any Video Converter

2009-02-23 23:06 . 2009-02-23 23:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Adobe Systems

2009-02-23 21:48 . 2009-02-28 22:59 69 --a------ c:\windows\NeroDigital.ini

2009-02-22 13:11 . 2004-08-04 00:36 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys

2009-02-22 12:44 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-02-22 12:44 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-22 12:44 . 2008-08-14 07:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2009-02-22 12:43 . 2008-12-20 19:47 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll

2009-02-22 12:43 . 2008-12-20 19:47 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll

2009-02-22 12:42 . 2009-01-16 21:16 3,594,752 -----c--- c:\windows\system32\dllcache\mshtml.dll

2009-02-22 12:41 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-22 12:41 . 2008-09-15 12:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-22 12:36 . 2008-04-11 16:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-22 12:36 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-22 12:36 . 2008-12-11 07:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-22 12:36 . 2008-05-08 11:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-22 12:34 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-22 12:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-02-22 12:06 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-02-22 12:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-02-22 11:33 . 2009-02-22 11:33 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Sony Corporation

2009-02-22 11:24 . 2006-11-02 16:57 118,520 --a------ c:\windows\system32\PxInsI64.exe

2009-02-22 11:24 . 2006-10-18 19:43 115,960 --a------ c:\windows\system32\PxCpyI64.exe

2009-02-22 11:24 . 2006-11-02 16:57 36,624 --a------ c:\windows\system32\drivers\pxhelp20.sys

2009-02-22 11:24 . 2006-08-28 21:48 2,560 --a------ c:\windows\system32\drivers\cdralw2k.sys

2009-02-22 11:24 . 2006-08-28 21:48 2,432 --a------ c:\windows\system32\drivers\cdr4_xp.sys

2009-02-22 11:22 . 2009-02-22 11:22 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\InstallShield

2009-02-21 20:15 . 2009-02-28 22:05 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-21 19:24 . 2009-02-21 19:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Zylom

2009-02-21 19:23 . 2005-02-12 20:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax

2009-02-21 19:23 . 2005-02-05 20:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax

2009-02-21 19:23 . 2005-02-12 20:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax

2009-02-21 19:23 . 2005-02-12 20:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax

2009-02-21 19:22 . 2005-01-17 20:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax

2009-02-21 19:22 . 2006-08-16 11:53 175,104 -r-hs---- c:\windows\system32\CoreAAC.ax

2009-02-21 19:22 . 2005-02-22 13:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax

2009-02-21 19:20 . 2009-02-21 19:20 <DIR> d-------- c:\arquivos de programas\eRightSoft

2009-02-21 18:48 . 2009-03-01 10:30 <DIR> d-------- c:\documents and settings\UserName\Tracing

2009-02-21 18:26 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-02-21 18:26 . 2007-08-10 08:12 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-02-21 17:50 . 2009-02-21 17:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2009-02-21 15:17 . 2009-02-21 15:17 <DIR> d---s---- c:\documents and settings\UserName\UserData

2009-02-21 15:14 . 2008-04-13 15:45 52,864 --a------ c:\windows\system32\drivers\dmusic.sys

2009-02-21 15:14 . 2008-04-13 15:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys

2009-02-21 15:13 . 2008-04-13 23:21 129,536 --a------ c:\windows\system32\ksproxy.ax

2009-02-21 15:13 . 2008-04-13 15:39 7,552 --a------ c:\windows\system32\drivers\mskssrv.sys

2009-02-21 15:13 . 2008-04-13 15:39 5,376 --a------ c:\windows\system32\drivers\mspclock.sys

2009-02-21 15:13 . 2008-04-13 15:39 4,992 --a------ c:\windows\system32\drivers\mspqm.sys

2009-02-21 15:13 . 2008-04-13 23:20 4,096 --a------ c:\windows\system32\ksuser.dll

2009-02-21 15:13 . 2001-07-05 21:19 164 -r------- c:\windows\avrack.ini

2009-02-21 15:12 . 2005-07-22 11:56 18,763,776 -ra------ c:\windows\system32\ALSNDMGR.CPL

2009-02-21 15:12 . 2005-07-22 11:59 10,458,112 -ra------ c:\windows\system32\RTLCPL.EXE

2009-02-21 15:12 . 2005-07-26 14:03 3,644,032 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS

2009-02-21 15:12 . 2005-06-02 13:31 294,912 -r------- c:\windows\alcupd.exe

2009-02-21 15:12 . 2005-06-02 13:43 200,704 -r------- c:\windows\alcrmv.exe

2009-02-21 15:12 . 2004-09-07 11:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll

2009-02-21 15:12 . 2002-02-05 10:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV

2009-02-21 15:12 . 2005-07-22 12:00 81,920 -ra------ c:\windows\SOUNDMAN.EXE

2009-02-21 15:12 . 2005-07-15 13:48 40,960 -r------- c:\windows\system32\ChCfg.exe

2009-02-21 15:08 . 2009-02-21 15:18 14,098 --a------ c:\windows\Ascd_tmp.ini

2009-02-21 15:08 . 2004-04-27 12:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS

2009-02-21 15:08 . 2004-08-13 07:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys

2009-02-21 15:01 . 2009-02-21 15:17 <DIR> d-------- c:\documents and settings\UserName\Contacts

2009-02-21 14:58 . 2009-02-21 14:35 <DIR> d--h----- c:\documents and settings\UserName\Modelos

2009-02-21 14:58 . 2009-02-24 20:34 <DIR> dr------- c:\documents and settings\UserName\Meus documentos

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> dr------- c:\documents and settings\UserName\Menu Iniciar

2009-02-21 14:58 . 2009-02-24 19:08 <DIR> dr------- c:\documents and settings\UserName\Favoritos

2009-02-21 14:58 . 2009-02-28 22:09 <DIR> dr-h----- c:\documents and settings\UserName\Dados de aplicativos

2009-02-21 14:58 . 2009-03-01 10:36 <DIR> d--h----- c:\documents and settings\UserName\Configurações locais

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> d--h----- c:\documents and settings\UserName\Ambiente de rede

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> d--h----- c:\documents and settings\UserName\Ambiente de impressão

2009-02-21 14:58 . 2009-03-01 10:28 <DIR> d-------- c:\documents and settings\UserName

2009-02-21 14:58 . 2004-08-03 22:45 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-21 14:58 . 2009-02-21 15:09 1,100 --a------ c:\windows\system32\d3d8caps.dat

2009-02-21 14:52 . 2001-09-06 07:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex

2009-02-21 14:51 . 2008-04-13 23:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2009-02-21 14:50 . 2003-04-14 20:54 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll

2009-02-21 14:50 . 2001-09-06 07:00 171,520 --a--c--- c:\windows\system32\dllcache\iisui.dll

2009-02-21 14:50 . 2001-09-06 07:00 96,256 --a--c--- c:\windows\system32\dllcache\certmap.ocx

2009-02-21 14:50 . 2001-09-06 07:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll

2009-02-21 14:50 . 2001-09-06 07:00 14,848 --a--c--- c:\windows\system32\dllcache\iisreset.exe

2009-02-21 14:50 . 2001-09-06 07:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe

2009-02-21 14:50 . 2001-09-06 07:00 6,144 --a--c--- c:\windows\system32\dllcache\ftpsapi2.dll

2009-02-21 14:50 . 2001-09-06 07:00 5,632 --a--c--- c:\windows\system32\dllcache\iisrstap.dll

2009-02-21 14:50 . 2009-02-21 14:50 421 --a------ c:\windows\ODBC.INI

2009-02-21 14:46 . 2004-09-19 15:27 172,032 --a------ c:\windows\system32\LClock.cpl

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-28 21:01 --------- d--h--w c:\documents and settings\Administrador\Dados de aplicativos\drivers

2009-02-25 21:30 --------- d-----w c:\arquivos de programas\ESET

2009-02-25 21:21 --------- d-----w c:\arquivos de programas\Common Files

2009-02-25 21:21 --------- d-----w c:\arquivos de programas\Assistente Tecnico Speedy

2009-02-24 23:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-24 20:54 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2009-02-24 02:08 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-02-22 14:29 --------- d-----w c:\arquivos de programas\TopDesk

2009-02-21 23:21 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-02-21 18:47 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-21 18:13 --------- d-----w c:\arquivos de programas\Realtek AC97

2009-02-21 18:13 --------- d-----w c:\arquivos de programas\AvRack

2009-02-21 17:46 --------- d-----w c:\arquivos de programas\LClock

2009-02-21 17:44 --------- d-----w c:\arquivos de programas\Nero

2009-02-21 17:37 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-21 17:36 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-02-21 15:58 --------- d-----w c:\arquivos de programas\Google

2009-02-21 15:39 155,995 ----a-w c:\windows\java\Packages\DRTBXV9Z.ZIP

2009-02-21 14:30 --------- d-----w c:\arquivos de programas\lg_fwupdate

2009-02-20 20:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Any Video Converter

2009-02-20 12:43 --------- d-----w c:\arquivos de programas\Ahead

2009-02-18 19:02 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\vghd

2009-02-18 19:02 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-18 19:02 --------- d-----w c:\arquivos de programas\CCleaner

2009-02-04 16:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Playrix Entertainment

2009-01-24 17:42 --------- d-----w c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-24 17:42 --------- d-----w c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-24 16:17 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-01-24 16:14 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Oneface

2009-01-24 16:13 --------- d-----w c:\arquivos de programas\Oneface

2009-01-24 16:13 --------- d-----w c:\arquivos de programas\MessengerPlus! 3

2009-01-24 14:09 1,044,168 ----a-w C:\vbrun60sp5.exe

2009-01-23 13:48 --------- d-----w c:\arquivos de programas\Alwil Software

2009-01-23 12:57 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2009-01-21 13:54 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Zylom

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\windows\HDbar ----

 

2006-08-20 21:52 17542 --a------ c:\windows\HDbar\s99.ico

2006-08-20 21:52 17542 --a------ c:\windows\HDbar\s92.ico

2006-08-20 21:51 17542 --a------ c:\windows\HDbar\s83.ico

2006-08-20 21:51 17542 --a------ c:\windows\HDbar\s75.ico

2006-08-20 21:50 17542 --a------ c:\windows\HDbar\s67.ico

2006-08-20 21:49 17542 --a------ c:\windows\HDbar\s58.ico

2006-08-20 21:49 17542 --a------ c:\windows\HDbar\s50.ico

2006-08-20 21:48 17542 --a------ c:\windows\HDbar\s33.ico

2006-08-20 21:47 17542 --a------ c:\windows\HDbar\25.ico

2006-08-20 21:46 17542 --a------ c:\windows\HDbar\s41.ico

2006-08-20 21:46 17542 --a------ c:\windows\HDbar\s25.ico

2006-08-20 21:41 17542 --a------ c:\windows\HDbar\s16.ico

2006-08-20 21:41 17542 --a------ c:\windows\HDbar\s08.ico

2006-08-20 21:36 17542 --a------ c:\windows\HDbar\99.ico

2006-08-20 21:36 17542 --a------ c:\windows\HDbar\92.ico

2006-08-20 21:35 17542 --a------ c:\windows\HDbar\83.ico

2006-08-20 21:31 17542 --a------ c:\windows\HDbar\75.ico

2006-08-20 21:29 17542 --a------ c:\windows\HDbar\67.ico

2006-08-20 21:28 17542 --a------ c:\windows\HDbar\58.ico

2006-08-20 21:26 17542 --a------ c:\windows\HDbar\50.ico

2006-08-20 21:25 17542 --a------ c:\windows\HDbar\41.ico

2006-08-20 21:22 17542 --a------ c:\windows\HDbar\33.ico

2006-08-20 21:21 17542 --a------ c:\windows\HDbar\08.ico

2006-08-20 21:19 17542 --a------ c:\windows\HDbar\00.ico

2006-08-20 21:16 17542 --a------ c:\windows\HDbar\16.ico

2006-08-16 20:13 110 --a------ c:\windows\HDbar\uninstall.cmd

2006-07-30 02:37 121089 --a------ c:\windows\HDbar\vsdrv.exe

 

 

((((((((((((((((((((((((((((( SnapShot@2009-02-28_18.01.39,22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-07-15 05:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3028\_PerfCounter.dll

+ 2004-07-15 05:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW3884\_PerfCounter.dll

+ 2009-03-01 13:29:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5d8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-21 171448]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-01-24 15872]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-07 385024]

 

c:\documents and settings\UserName\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-07 385024]

 

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-08-30 217088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="%windir%\Resources\Logon\Newlogo.exe"

 

[HKLM\~\startupfolder\C:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

path=c:\documents and settings\UserName\Menu Iniciar\Programas\Inicializar\UberIcon.lnk

backup=c:\windows\pss\UberIcon.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56899:TCP"= 56899:TCP:Pando P2P TCP Listening Port

"56899:UDP"= 56899:UDP:Pando P2P UDP Listening Port

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-24 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-UberIcon - c:\arquivos de programas\UberIcon\UberIcon Manager.exe

MSConfigStartUp-UberIcon - c:\arquivos de programas\UberIcon\UberIcon Manager.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {17F4F1FF-78EC-420C-823C-FCC75D81DB43} = 200.204.0.138 200.204.0.10

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\UserName\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-01 10:36:20

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-01 10:37:49

ComboFix-quarantined-files.txt 2009-03-01 13:37:44

 

Pré-execução: 14 pasta(s) 83.039.027.200 bytes disponíveis

Pós execução: 14 pasta(s) 83,028,942,848 bytes disponíveis

 

328 --- E O F --- 2009-03-01 03:16:43

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:39:09, on 3/1/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 7646 bytes

[DigRam 144]

Bom Dia! Drumer

 

<@> Faça um scan online em: < Kaspersky >

<@> Utilize para isso,o navegador Internet Explorer.

 

<!> Acesse o site,e clique em: < >

 

<@> Na próxima página,clique em: I Accept

<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.

<@> Na próxima página,clique em: My Computer e faça o scan.

<@> Tenha paciência!

<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.

<@> Terminando,salve e poste o relatório.

<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )

<@> Salve o resultado como .txt,segundo a imagem abaixo:

 

 

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Drumer 0]

Boa Tarde DigRam aqui vai os relatórios, primeiro do scan

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, March 2, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Monday, March 02, 2009 14:55:22

Records in database: 1862121

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

Z:\

 

Scan statistics:

Files scanned: 65259

Threat name: 1

Infected objects: 5

Suspicious objects: 0

Duration of the scan: 01:22:06

 

 

File name / Threat name / Threats count

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\Atom four joy real.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\Bags Draw Base.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\boneclock.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\dumqmvuf.exe Infected: Trojan.Win32.Obfuscated.gen 1

C:\Documents and Settings\All Users\Dados de aplicativos\Book Slow Axis Web\PILE LESS.exe Infected: Trojan.Win32.Obfuscated.gen 1

 

The selected area was scanned.

 

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:31:04, on 3/2/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8139 bytes

[DigRam 144]

Boa Tarde! Drumer

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Drumer 0]

Boa Trade Digram aqui vao os relatorios

 

 

------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3500+ )

BIOS : BIOS Date: 11/09/05 11:45:49 Ver: 08.00.12

USER : UserName ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.7.1043 [VPS 090302-0] 4.7.1043 (Activated)

C:\ (Local Disk) - NTFS - Total:97 Go (Free:77 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:51 Go (Free:14 Go)

Z:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( seg 03/02/aaaa|17:41 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\PILE LESS.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\PILE LESS.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web

-

[ Arquivos/Ficheiros Hosts ] .. RESTAURADO

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[12/18/aaaa|05:23] C:\DOCUME~1\ADMINI~1\DADOSD~1\Adobe

[09/19/aaaa|12:08] C:\DOCUME~1\ADMINI~1\DADOSD~1\Ahead

[02/20/aaaa|17:56] C:\DOCUME~1\ADMINI~1\DADOSD~1\Any Video Converter

[09/24/aaaa|00:55] C:\DOCUME~1\ADMINI~1\DADOSD~1\Any Video Converter Professional

[01/23/aaaa|09:57] C:\DOCUME~1\ADMINI~1\DADOSD~1\AVGTOOLBAR

[02/28/aaaa|18:01] C:\DOCUME~1\ADMINI~1\DADOSD~1\drivers

[02/18/aaaa|16:02] C:\DOCUME~1\ADMINI~1\DADOSD~1\GameHouse

[12/06/aaaa|06:10] C:\DOCUME~1\ADMINI~1\DADOSD~1\GanymedeNet

[09/25/aaaa|17:34] C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

[01/03/aaaa|22:12] C:\DOCUME~1\ADMINI~1\DADOSD~1\Help

[11/02/aaaa|12:26] C:\DOCUME~1\ADMINI~1\DADOSD~1\HP

[01/21/aaaa|10:54] C:\DOCUME~1\ADMINI~1\DADOSD~1\Identities

[11/02/aaaa|12:57] C:\DOCUME~1\ADMINI~1\DADOSD~1\Image Zone Express

[08/30/aaaa|21:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\InterTrust

[11/01/aaaa|11:46] C:\DOCUME~1\ADMINI~1\DADOSD~1\LimeWire

[08/30/aaaa|22:35] C:\DOCUME~1\ADMINI~1\DADOSD~1\Macromedia

[01/23/aaaa|10:39] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

[08/30/aaaa|21:12] C:\DOCUME~1\ADMINI~1\DADOSD~1\Motive

[08/31/aaaa|13:04] C:\DOCUME~1\ADMINI~1\DADOSD~1\Mozilla

[01/24/aaaa|13:14] C:\DOCUME~1\ADMINI~1\DADOSD~1\Oneface

[02/04/aaaa|13:56] C:\DOCUME~1\ADMINI~1\DADOSD~1\Playrix Entertainment

[08/31/aaaa|13:22] C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

[11/01/aaaa|19:28] C:\DOCUME~1\ADMINI~1\DADOSD~1\Screenshot Sender

[12/07/aaaa|10:55] C:\DOCUME~1\ADMINI~1\DADOSD~1\Sony Corporation

[02/17/aaaa|16:36] C:\DOCUME~1\ADMINI~1\DADOSD~1\Steinberg

[10/30/aaaa|23:36] C:\DOCUME~1\ADMINI~1\DADOSD~1\Sun

[02/18/aaaa|16:02] C:\DOCUME~1\ADMINI~1\DADOSD~1\vghd

[01/21/aaaa|10:54] C:\DOCUME~1\ADMINI~1\DADOSD~1\Zylom

 

[08/31/aaaa|13:49] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[08/31/aaaa|15:28] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe Systems

[02/13/aaaa|10:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[02/18/aaaa|09:27] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[08/30/aaaa|21:35] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[11/10/aaaa|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant

[09/28/aaaa|16:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[02/18/aaaa|10:16] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[02/18/aaaa|16:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\n7-89-o9-3r-4t-r9

[02/18/aaaa|16:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[09/23/aaaa|01:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[10/25/aaaa|00:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Winamp Toolbar

[11/27/aaaa|17:35] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[08/31/aaaa|12:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

[09/14/aaaa|23:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Yahoo! Companion

[01/21/aaaa|09:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Zylom

 

[02/23/aaaa|23:03] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Adobe

[02/23/aaaa|23:06] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Adobe Systems

[02/21/aaaa|12:58] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Google

[02/28/aaaa|22:09] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Malwarebytes

[02/21/aaaa|17:50] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Messenger Plus!

[02/21/aaaa|18:24] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Microsoft

[02/27/aaaa|12:36] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Real

[02/28/aaaa|22:05] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Spybot - Search & Destroy

[02/24/aaaa|17:59] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Windows Genuine Advantage

[02/25/aaaa|18:28] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\WinZip

[02/21/aaaa|19:24] C:\DOCUME~1\ALLUSE~1.WIN\DADOSD~1\Zylom

 

[08/31/aaaa|21:29] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[02/21/aaaa|12:20] C:\DOCUME~1\DEFAUL~1.WIN\DADOSD~1\Microsoft

 

[02/21/aaaa|12:58] C:\DOCUME~1\Henrique\DADOSD~1\Adobe

[02/21/aaaa|12:59] C:\DOCUME~1\Henrique\DADOSD~1\Google

[02/21/aaaa|12:32] C:\DOCUME~1\Henrique\DADOSD~1\Identities

[02/21/aaaa|12:58] C:\DOCUME~1\Henrique\DADOSD~1\Macromedia

[02/21/aaaa|13:47] C:\DOCUME~1\Henrique\DADOSD~1\Microsoft

[02/21/aaaa|13:02] C:\DOCUME~1\Henrique\DADOSD~1\Mozilla

 

[01/23/aaaa|10:39] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[02/21/aaaa|17:51] C:\DOCUME~1\LOCALS~1.AUT\DADOSD~1\Microsoft

 

[01/23/aaaa|10:39] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[02/21/aaaa|12:20] C:\DOCUME~1\NETWOR~1.AUT\DADOSD~1\Microsoft

 

[02/24/aaaa|19:53] C:\DOCUME~1\UserName\DADOSD~1\Adobe

[02/23/aaaa|23:11] C:\DOCUME~1\UserName\DADOSD~1\Any Video Converter

[02/21/aaaa|19:26] C:\DOCUME~1\UserName\DADOSD~1\Google

[02/26/aaaa|06:32] C:\DOCUME~1\UserName\DADOSD~1\Help

[02/21/aaaa|14:58] C:\DOCUME~1\UserName\DADOSD~1\Identities

[02/22/aaaa|11:22] C:\DOCUME~1\UserName\DADOSD~1\InstallShield

[02/21/aaaa|16:06] C:\DOCUME~1\UserName\DADOSD~1\Macromedia

[02/28/aaaa|22:09] C:\DOCUME~1\UserName\DADOSD~1\Malwarebytes

[02/27/aaaa|14:20] C:\DOCUME~1\UserName\DADOSD~1\Media Player Classic

[02/25/aaaa|00:43] C:\DOCUME~1\UserName\DADOSD~1\Microsoft

[02/25/aaaa|18:22] C:\DOCUME~1\UserName\DADOSD~1\Motive

[02/21/aaaa|16:02] C:\DOCUME~1\UserName\DADOSD~1\Mozilla

[02/27/aaaa|12:36] C:\DOCUME~1\UserName\DADOSD~1\Real

[02/22/aaaa|11:33] C:\DOCUME~1\UserName\DADOSD~1\Sony Corporation

[03/02/aaaa|10:37] C:\DOCUME~1\UserName\DADOSD~1\Sun

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[02/24/aaaa 20:36][--a------] C:\WINDOWS\tasks\NSSstub.job

[03/02/aaaa 10:08][--ah-----] C:\WINDOWS\tasks\SA.DAT

[09/06/aaaa 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[02/24/aaaa|20:14] C:\Arquivos de programas\Adobe

[02/20/aaaa|09:43] C:\Arquivos de programas\Ahead

[01/23/aaaa|10:48] C:\Arquivos de programas\Alwil Software

[08/30/aaaa|20:58] C:\Arquivos de programas\AMD

[03/01/aaaa|10:35] C:\Arquivos de programas\Arquivos comuns

[02/25/aaaa|18:21] C:\Arquivos de programas\Assistente Tecnico Speedy

[02/21/aaaa|15:13] C:\Arquivos de programas\AvRack

[02/18/aaaa|16:02] C:\Arquivos de programas\CCleaner

[02/21/aaaa|09:45] C:\Arquivos de programas\Circl Developement

[02/25/aaaa|18:21] C:\Arquivos de programas\Common Files

[02/21/aaaa|12:16] C:\Arquivos de programas\ComPlus Applications

[08/30/aaaa|21:16] C:\Arquivos de programas\CyberLink DVD Solution

[02/25/aaaa|21:57] C:\Arquivos de programas\DreaMule

[08/30/aaaa|15:24] C:\Arquivos de programas\D-Tools

[02/21/aaaa|19:20] C:\Arquivos de programas\eRightSoft

[02/25/aaaa|18:30] C:\Arquivos de programas\ESET

[11/30/aaaa|21:00] C:\Arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

[08/30/aaaa|15:21] C:\Arquivos de programas\Foxit Software

[09/20/aaaa|11:31] C:\Arquivos de programas\Free Audio Pack

[02/20/aaaa|12:22] C:\Arquivos de programas\GameHouse

[02/20/aaaa|12:22] C:\Arquivos de programas\Ganymede

[02/21/aaaa|12:58] C:\Arquivos de programas\Google

[08/30/aaaa|21:29] C:\Arquivos de programas\Hewlett-Packard

[10/26/aaaa|19:52] C:\Arquivos de programas\HP

[02/24/aaaa|20:12] C:\Arquivos de programas\InstallShield Installation Information

[02/24/aaaa|19:08] C:\Arquivos de programas\Internet Explorer

[02/21/aaaa|14:43] C:\Arquivos de programas\Java

[02/21/aaaa|14:46] C:\Arquivos de programas\LClock

[02/21/aaaa|11:30] C:\Arquivos de programas\lg_fwupdate

[11/01/aaaa|11:13] C:\Arquivos de programas\LimeWire

[02/28/aaaa|22:09] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[02/20/aaaa|12:21] C:\Arquivos de programas\Marcos Velasco Security

[02/24/aaaa|22:53] C:\Arquivos de programas\Messenger

[02/21/aaaa|15:47] C:\Arquivos de programas\Messenger Plus! Live

[01/24/aaaa|13:13] C:\Arquivos de programas\MessengerPlus! 3

[02/18/aaaa|16:01] C:\Arquivos de programas\Microsoft

[08/30/aaaa|15:28] C:\Arquivos de programas\microsoft frontpage

[08/30/aaaa|15:27] C:\Arquivos de programas\Microsoft Office

[02/02/aaaa|10:59] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[08/30/aaaa|15:27] C:\Arquivos de programas\Microsoft.NET

[11/30/aaaa|21:00] C:\Arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

[02/25/aaaa|18:20] C:\Arquivos de programas\Motive

[02/24/aaaa|22:47] C:\Arquivos de programas\Movie Maker

[03/02/aaaa|17:17] C:\Arquivos de programas\Mozilla Firefox

[08/30/aaaa|22:15] C:\Arquivos de programas\MSN BackUp

[08/30/aaaa|15:28] C:\Arquivos de programas\msn gaming zone

[02/21/aaaa|18:25] C:\Arquivos de programas\MSN Messenger

[08/31/aaaa|21:22] C:\Arquivos de programas\MSXML 4.0

[02/21/aaaa|14:44] C:\Arquivos de programas\Nero

[02/24/aaaa|22:43] C:\Arquivos de programas\NetMeeting

[01/24/aaaa|13:13] C:\Arquivos de programas\Oneface

[02/24/aaaa|22:43] C:\Arquivos de programas\Outlook Express

[02/25/aaaa|18:27] C:\Arquivos de programas\Pando Networks

[02/27/aaaa|12:21] C:\Arquivos de programas\Real

[02/27/aaaa|14:20] C:\Arquivos de programas\Real Alternative

[02/21/aaaa|15:13] C:\Arquivos de programas\Realtek AC97

[08/30/aaaa|20:49] C:\Arquivos de programas\Realtek Sound Manager

[08/30/aaaa|20:47] C:\Arquivos de programas\S3

[01/24/aaaa|14:42] C:\Arquivos de programas\SDHelper (Spybot - Search & Destroy)

[08/30/aaaa|15:16] C:\Arquivos de programas\Serviços on-line

[12/07/aaaa|10:40] C:\Arquivos de programas\Sony

[02/21/aaaa|20:21] C:\Arquivos de programas\Spybot - Search & Destroy

[02/18/aaaa|16:00] C:\Arquivos de programas\Steinberg

[08/30/aaaa|15:24] C:\Arquivos de programas\Styler

[02/24/aaaa|17:54] C:\Arquivos de programas\SUPER

[02/18/aaaa|16:03] C:\Arquivos de programas\Syncrosoft

[01/24/aaaa|14:42] C:\Arquivos de programas\TeaTimer (Spybot - Search & Destroy)

[02/20/aaaa|12:21] C:\Arquivos de programas\Telefonica

[02/22/aaaa|11:29] C:\Arquivos de programas\TopDesk

[08/30/aaaa|15:33] C:\Arquivos de programas\Uninstall Information

[09/18/aaaa|02:01] C:\Arquivos de programas\Unlocker

[10/25/aaaa|00:32] C:\Arquivos de programas\Winamp Toolbar

[11/05/aaaa|10:46] C:\Arquivos de programas\WinAVI Video Converter

[02/18/aaaa|16:02] C:\Arquivos de programas\Windows Live

[02/24/aaaa|17:54] C:\Arquivos de programas\Windows Live Safety Center

[02/18/aaaa|16:01] C:\Arquivos de programas\Windows Live SkyDrive

[02/21/aaaa|14:36] C:\Arquivos de programas\Windows Media Connect 2

[02/24/aaaa|22:43] C:\Arquivos de programas\Windows Media Player

[02/24/aaaa|22:43] C:\Arquivos de programas\Windows NT

[09/19/aaaa|11:50] C:\Arquivos de programas\Windows XP Fun Pack

[08/30/aaaa|15:16] C:\Arquivos de programas\WindowsUpdate

[08/30/aaaa|15:21] C:\Arquivos de programas\WinRAR

[08/30/aaaa|15:28] C:\Arquivos de programas\xerox

[08/31/aaaa|23:28] C:\Arquivos de programas\Yahoo!

[02/21/aaaa|19:24] C:\Arquivos de programas\Zylom Games

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[02/23/aaaa|23:08] C:\Arquivos de programas\Arquivos comuns\Adobe

[08/31/aaaa|15:28] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[08/30/aaaa|15:21] C:\Arquivos de programas\Arquivos comuns\Ahead

[08/30/aaaa|15:27] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[08/30/aaaa|21:27] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[08/30/aaaa|21:34] C:\Arquivos de programas\Arquivos comuns\HP

[08/30/aaaa|21:16] C:\Arquivos de programas\Arquivos comuns\InstallShield

[08/30/aaaa|15:21] C:\Arquivos de programas\Arquivos comuns\Java

[02/21/aaaa|14:49] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[08/30/aaaa|21:12] C:\Arquivos de programas\Arquivos comuns\Motive

[08/30/aaaa|15:15] C:\Arquivos de programas\Arquivos comuns\MSSoap

[08/30/aaaa|12:09] C:\Arquivos de programas\Arquivos comuns\ODBC

[08/31/aaaa|12:20] C:\Arquivos de programas\Arquivos comuns\Real

[02/21/aaaa|14:37] C:\Arquivos de programas\Arquivos comuns\Serviços

[08/30/aaaa|12:09] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[02/24/aaaa|22:43] C:\Arquivos de programas\Arquivos comuns\System

[01/24/aaaa|13:17] C:\Arquivos de programas\Arquivos comuns\Windows Live

[08/31/aaaa|12:36] C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

[08/31/aaaa|12:20] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 38 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-02 17:43:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:1174][D:19]-> C:\DOCUME~1\UserName\CONFIG~1\Temp

[F:26][D:0]-> C:\DOCUME~1\UserName\Cookies

[F:721][D:4]-> C:\DOCUME~1\UserName\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - seg 03/02/aaaa|17:43 - Option : [2]

 

--------------------\\ Verificação completa em 17:43:45

 

 

 

 

Log Hiajckthis

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59:50, on 3/2/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe

O4 - Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8582 bytes

[DigRam 144]

Boa Noite! Drumer

 

<@> Baixe: < OTMoveIt3 >

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Files

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\Atom four joy real.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\Bags Draw Base.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\boneclock.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\dumqmvuf.exe

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,há que observar o que foi gerado após sua execução.

 

Abraços!

[Drumer 0]

Boa noite DigRam

 

 

Aqui vai relatorio

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\Atom four joy real.exe moved successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\Bags Draw Base.exe moved successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\boneclock.exe moved successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface\dumqmvuf.exe moved successfully.

C:\Documents and Settings\Administrador\Dados de aplicativos\Oneface moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\UserName\CONFIG~1\Temp\etilqs_tDlqKqct6180VGgF9HgO scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_584.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03032009_224157

 

Files moved on Reboot...

File C:\DOCUME~1\UserName\CONFIG~1\Temp\etilqs_tDlqKqct6180VGgF9HgO not found!

File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_584.dat moved successfully.

C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\UserName\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\XUL.mfl moved successfully.

 

 

Como nao pediu relatorio do hijackthis, estou postando por via das duvidas ok!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:50:46, on 3/3/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8411 bytes

[DigRam 144]

Bom Dia! Drumer

 

<@> Desabilite TeaTimer. ( Spybot )

<><><><><><><><><><>

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\WINDOWS\Resources\Logon\Newlogo.exe

C:\WINDOWS\HDbar\vsdrv.exe

Regnull::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

Reglock::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt

 

Abraços!

[Drumer 0]

Bom Dia DigRam

 

Aqui vao os relatórios

 

ComboFix 09-03-03.01 - UserName 2009-03-04 11:15:31.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.959.658 [GMT -3:00]

Executando de: c:\documents and settings\UserName\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\UserName\Desktop\CFScript.txt

AV: avast! antivirus 4.7.1043 [VPS 090303-2] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

c:\windows\HDbar\vsdrv.exe

c:\windows\Resources\Logon\Newlogo.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-02-04 to 2009-03-04 ))))))))))))))))))))))))))))

.

 

2009-03-03 22:41 . 2009-03-03 22:41 <DIR> d-------- C:\_OTMoveIt

2009-03-03 19:21 . 2009-03-03 19:21 <DIR> d-------- c:\arquivos de programas\Microsoft Silverlight

2009-03-03 06:32 . 2009-03-03 06:32 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\DVD Shrink

2009-03-02 17:40 . 2009-03-02 17:43 <DIR> d-------- C:\Lop SD

2009-03-02 17:40 . 2009-03-02 17:40 530,106 --a------ C:\LopSD.exe

2009-02-28 22:09 . 2009-02-28 22:09 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Malwarebytes

2009-02-28 22:09 . 2009-02-28 22:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Malwarebytes

2009-02-28 22:09 . 2009-02-28 22:09 <DIR> d-------- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-02-28 22:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-28 22:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-28 17:57 . 2009-02-28 18:02 <DIR> d-------- C:\KomboFix

2009-02-27 12:36 . 2009-02-27 14:20 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Media Player Classic

2009-02-27 12:36 . 2009-02-27 14:20 <DIR> d-------- c:\arquivos de programas\Real Alternative

2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d-------- c:\arquivos de programas\Real

2009-02-26 18:36 . 2008-05-09 07:55 512,000 -----c--- c:\windows\system32\dllcache\jscript.dll

2009-02-26 18:36 . 2008-05-09 07:55 430,080 -----c--- c:\windows\system32\dllcache\vbscript.dll

2009-02-26 18:36 . 2008-05-09 07:55 180,224 -----c--- c:\windows\system32\dllcache\scrobj.dll

2009-02-26 18:36 . 2008-05-09 07:55 172,032 -----c--- c:\windows\system32\dllcache\scrrun.dll

2009-02-26 18:36 . 2008-05-08 08:24 155,648 -----c--- c:\windows\system32\dllcache\wscript.exe

2009-02-26 18:36 . 2008-05-09 05:45 135,168 -----c--- c:\windows\system32\dllcache\cscript.exe

2009-02-26 18:36 . 2008-05-09 07:55 90,112 -----c--- c:\windows\system32\dllcache\wshext.dll

2009-02-25 18:22 . 2009-02-25 18:22 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Motive

2009-02-25 18:20 . 2009-02-25 18:20 <DIR> d-------- c:\arquivos de programas\Motive

2009-02-25 18:13 . 2009-02-25 18:13 64 --a------ c:\windows\Wininit.ini

2009-02-25 14:23 . 2009-02-25 21:57 <DIR> d-------- c:\arquivos de programas\DreaMule

2009-02-25 14:20 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll

2009-02-25 14:20 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll

2009-02-25 14:20 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll

2009-02-25 14:20 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll

2009-02-24 19:53 . 2009-02-24 19:53 <DIR> d-------- c:\documents and settings\UserName\Configuraes locais

2009-02-24 18:08 . 2008-12-20 19:46 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-02-24 18:08 . 2007-04-17 06:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-02-24 18:08 . 2007-03-08 02:12 1,024,000 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-02-24 18:08 . 2008-12-20 19:46 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-02-24 18:08 . 2008-12-20 19:46 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-02-24 18:08 . 2008-12-20 19:46 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-02-24 18:08 . 2008-12-20 19:46 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-02-24 18:08 . 2008-12-20 19:46 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-02-24 18:08 . 2008-12-19 06:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-02-24 17:54 . 2009-02-24 17:54 <DIR> d-------- c:\arquivos de programas\SUPER

2009-02-23 23:11 . 2009-02-23 23:11 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Any Video Converter

2009-02-23 23:06 . 2009-02-23 23:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Adobe Systems

2009-02-23 21:48 . 2009-03-04 00:41 69 --a------ c:\windows\NeroDigital.ini

2009-02-22 13:11 . 2004-08-04 00:36 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys

2009-02-22 12:44 . 2008-06-14 14:34 272,384 --------- c:\windows\system32\drivers\bthport.sys

2009-02-22 12:44 . 2008-06-14 14:34 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-02-22 12:44 . 2008-08-14 07:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys

2009-02-22 12:43 . 2008-12-20 19:47 1,160,192 -----c--- c:\windows\system32\dllcache\urlmon.dll

2009-02-22 12:43 . 2008-12-20 19:47 826,368 -----c--- c:\windows\system32\dllcache\wininet.dll

2009-02-22 12:42 . 2009-01-16 21:16 3,594,752 -----c--- c:\windows\system32\dllcache\mshtml.dll

2009-02-22 12:41 . 2008-08-14 10:24 2,193,408 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,149,376 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,070,272 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-02-22 12:41 . 2008-08-14 10:24 2,028,032 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-02-22 12:41 . 2008-09-15 12:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-02-22 12:36 . 2008-04-11 16:05 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-02-22 12:36 . 2008-10-24 08:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-02-22 12:36 . 2008-12-11 07:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-02-22 12:36 . 2008-05-08 11:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-02-22 12:34 . 2008-10-15 13:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-02-22 12:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-02-22 12:06 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-02-22 12:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-02-22 11:33 . 2009-02-22 11:33 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\Sony Corporation

2009-02-22 11:24 . 2006-11-02 16:57 118,520 --a------ c:\windows\system32\PxInsI64.exe

2009-02-22 11:24 . 2006-10-18 19:43 115,960 --a------ c:\windows\system32\PxCpyI64.exe

2009-02-22 11:24 . 2006-11-02 16:57 36,624 --a------ c:\windows\system32\drivers\pxhelp20.sys

2009-02-22 11:24 . 2006-08-28 21:48 2,560 --a------ c:\windows\system32\drivers\cdralw2k.sys

2009-02-22 11:24 . 2006-08-28 21:48 2,432 --a------ c:\windows\system32\drivers\cdr4_xp.sys

2009-02-22 11:22 . 2009-02-22 11:22 <DIR> d-------- c:\documents and settings\UserName\Dados de aplicativos\InstallShield

2009-02-21 20:15 . 2009-03-02 18:15 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2009-02-21 19:24 . 2009-02-21 19:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Zylom

2009-02-21 19:23 . 2005-02-12 20:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax

2009-02-21 19:23 . 2005-02-05 20:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax

2009-02-21 19:23 . 2005-02-12 20:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax

2009-02-21 19:23 . 2005-02-12 20:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax

2009-02-21 19:22 . 2005-01-17 20:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax

2009-02-21 19:22 . 2006-08-16 11:53 175,104 -r-hs---- c:\windows\system32\CoreAAC.ax

2009-02-21 19:22 . 2005-02-22 13:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax

2009-02-21 19:20 . 2009-02-21 19:20 <DIR> d-------- c:\arquivos de programas\eRightSoft

2009-02-21 18:48 . 2009-03-04 11:03 <DIR> d-------- c:\documents and settings\UserName\Tracing

2009-02-21 18:26 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-02-21 18:26 . 2007-08-10 08:12 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-02-21 17:50 . 2009-02-21 17:50 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2009-02-21 15:17 . 2009-02-21 15:17 <DIR> d---s---- c:\documents and settings\UserName\UserData

2009-02-21 15:14 . 2008-04-13 15:45 52,864 --a------ c:\windows\system32\drivers\dmusic.sys

2009-02-21 15:14 . 2008-04-13 15:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys

2009-02-21 15:13 . 2008-04-13 23:21 129,536 --a------ c:\windows\system32\ksproxy.ax

2009-02-21 15:13 . 2008-04-13 15:39 7,552 --a------ c:\windows\system32\drivers\mskssrv.sys

2009-02-21 15:13 . 2008-04-13 15:39 5,376 --a------ c:\windows\system32\drivers\mspclock.sys

2009-02-21 15:13 . 2008-04-13 15:39 4,992 --a------ c:\windows\system32\drivers\mspqm.sys

2009-02-21 15:13 . 2008-04-13 23:20 4,096 --a------ c:\windows\system32\ksuser.dll

2009-02-21 15:13 . 2001-07-05 21:19 164 -r------- c:\windows\avrack.ini

2009-02-21 15:12 . 2005-07-22 11:56 18,763,776 -ra------ c:\windows\system32\ALSNDMGR.CPL

2009-02-21 15:12 . 2005-07-22 11:59 10,458,112 -ra------ c:\windows\system32\RTLCPL.EXE

2009-02-21 15:12 . 2005-07-26 14:03 3,644,032 -ra------ c:\windows\system32\drivers\ALCXWDM.SYS

2009-02-21 15:12 . 2005-06-02 13:31 294,912 -r------- c:\windows\alcupd.exe

2009-02-21 15:12 . 2005-06-02 13:43 200,704 -r------- c:\windows\alcrmv.exe

2009-02-21 15:12 . 2004-09-07 11:23 156,672 -ra------ c:\windows\system32\RTLCPAPI.dll

2009-02-21 15:12 . 2002-02-05 10:54 141,016 -ra------ c:\windows\system32\ALSNDMGR.WAV

2009-02-21 15:12 . 2005-07-22 12:00 81,920 -ra------ c:\windows\SOUNDMAN.EXE

2009-02-21 15:12 . 2005-07-15 13:48 40,960 -r------- c:\windows\system32\ChCfg.exe

2009-02-21 15:08 . 2009-02-21 15:18 14,098 --a------ c:\windows\Ascd_tmp.ini

2009-02-21 15:08 . 2004-04-27 12:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS

2009-02-21 15:08 . 2004-08-13 07:56 5,810 -ra------ c:\windows\system32\drivers\ASACPI.sys

2009-02-21 15:01 . 2009-02-21 15:17 <DIR> d-------- c:\documents and settings\UserName\Contacts

2009-02-21 14:58 . 2009-02-21 14:35 <DIR> d--h----- c:\documents and settings\UserName\Modelos

2009-02-21 14:58 . 2009-03-01 18:52 <DIR> dr------- c:\documents and settings\UserName\Meus documentos

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> dr------- c:\documents and settings\UserName\Menu Iniciar

2009-02-21 14:58 . 2009-02-24 19:08 <DIR> dr------- c:\documents and settings\UserName\Favoritos

2009-02-21 14:58 . 2009-03-02 10:37 <DIR> dr-h----- c:\documents and settings\UserName\Dados de aplicativos

2009-02-21 14:58 . 2009-03-04 11:16 <DIR> d--h----- c:\documents and settings\UserName\Configurações locais

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> d--h----- c:\documents and settings\UserName\Ambiente de rede

2009-02-21 14:58 . 2009-02-21 08:45 <DIR> d--h----- c:\documents and settings\UserName\Ambiente de impressão

2009-02-21 14:58 . 2009-03-04 01:53 <DIR> d-------- c:\documents and settings\UserName

2009-02-21 14:58 . 2004-08-03 22:45 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-21 14:58 . 2009-02-21 15:09 1,100 --a------ c:\windows\system32\d3d8caps.dat

2009-02-21 14:52 . 2001-09-06 07:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex

2009-02-21 14:51 . 2008-04-13 23:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2009-02-21 14:50 . 2003-04-14 20:54 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll

2009-02-21 14:50 . 2001-09-06 07:00 171,520 --a--c--- c:\windows\system32\dllcache\iisui.dll

2009-02-21 14:50 . 2001-09-06 07:00 96,256 --a--c--- c:\windows\system32\dllcache\certmap.ocx

2009-02-21 14:50 . 2001-09-06 07:00 19,968 --a--c--- c:\windows\system32\dllcache\inetsloc.dll

2009-02-21 14:50 . 2001-09-06 07:00 14,848 --a--c--- c:\windows\system32\dllcache\iisreset.exe

2009-02-21 14:50 . 2001-09-06 07:00 7,680 --a--c--- c:\windows\system32\dllcache\inetmgr.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-04 02:24 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2009-02-28 21:01 --------- d--h--w c:\documents and settings\Administrador\Dados de aplicativos\drivers

2009-02-25 21:30 --------- d-----w c:\arquivos de programas\ESET

2009-02-25 21:21 --------- d-----w c:\arquivos de programas\Common Files

2009-02-25 21:21 --------- d-----w c:\arquivos de programas\Assistente Tecnico Speedy

2009-02-24 23:12 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2009-02-24 02:08 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2009-02-22 14:29 --------- d-----w c:\arquivos de programas\TopDesk

2009-02-21 23:21 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2009-02-21 18:47 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2009-02-21 18:13 --------- d-----w c:\arquivos de programas\Realtek AC97

2009-02-21 18:13 --------- d-----w c:\arquivos de programas\AvRack

2009-02-21 17:46 --------- d-----w c:\arquivos de programas\LClock

2009-02-21 17:44 --------- d-----w c:\arquivos de programas\Nero

2009-02-21 17:37 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2009-02-21 17:36 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-02-21 15:58 --------- d-----w c:\arquivos de programas\Google

2009-02-21 15:39 155,995 ----a-w c:\windows\java\Packages\DRTBXV9Z.ZIP

2009-02-21 14:30 --------- d-----w c:\arquivos de programas\lg_fwupdate

2009-02-20 20:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Any Video Converter

2009-02-20 12:43 --------- d-----w c:\arquivos de programas\Ahead

2009-02-18 19:02 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\vghd

2009-02-18 19:02 --------- d-----w c:\arquivos de programas\Windows Live

2009-02-18 19:02 --------- d-----w c:\arquivos de programas\CCleaner

2009-02-18 19:01 --------- d-----w c:\arquivos de programas\Microsoft

2009-02-04 16:56 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Playrix Entertainment

2009-02-02 13:59 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-01-24 17:42 --------- d-----w c:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-01-24 17:42 --------- d-----w c:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-01-24 16:17 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-01-24 16:13 --------- d-----w c:\arquivos de programas\Oneface

2009-01-24 16:13 --------- d-----w c:\arquivos de programas\MessengerPlus! 3

2009-01-24 14:09 1,044,168 ----a-w C:\vbrun60sp5.exe

2009-01-23 13:48 --------- d-----w c:\arquivos de programas\Alwil Software

2009-01-23 12:57 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AVGTOOLBAR

2009-01-21 13:54 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Zylom

2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll

2004-10-01 18:00 40,960 ----a-w c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-24 68856]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]

"UnlockerAssistant"="c:\arquivos de programas\Unlocker\UnlockerAssistant.exe" [2009-01-24 15872]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"Motive SmartBridge"="c:\arquiv~1\ASSIST~1\SMARTB~1\MotiveSB.exe" [2005-04-15 397312]

"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2005-03-11 c:\windows\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-07-22 c:\windows\SOUNDMAN.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-07 385024]

 

c:\documents and settings\UserName\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do Picture Motion Browser.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-07 385024]

 

c:\documents and settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

Assistente Tecnico Speedy.lnk - c:\arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe [2008-08-30 217088]

 

[HKLM\~\startupfolder\C:^Documents and Settings^UserName^Menu Iniciar^Programas^Inicializar^UberIcon.lnk]

backup=c:\windows\pss\UberIcon.lnkStartup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\DreaMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56899:TCP"= 56899:TCP:Pando P2P TCP Listening Port

"56899:UDP"= 56899:UDP:Pando P2P UDP Listening Port

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-02-24 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe []

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {17F4F1FF-78EC-420C-823C-FCC75D81DB43} = 200.204.0.138 200.204.0.10

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\UserName\Dados de aplicativos\Mozilla\Firefox\Profiles\jpcdm6eq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 11:17:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-03-04 11:18:17

ComboFix-quarantined-files.txt 2009-03-04 14:18:15

ComboFix2.txt 2009-03-01 13:37:50

 

Pré-execução: 16 pasta(s) 82.570.293.248 bytes disponíveis

Pós execução: 16 pasta(s) 82,588,983,296 bytes disponíveis

 

264 --- E O F --- 2009-03-04 04:54:02

 

E Hijackthis caso necessário, caso nao seja mais avise beleza? Vlw

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:20:10, on 3/4/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8158 bytes

[DigRam 144]

Boa Tarde! Drumer

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Abra o OTMoveIt3 --> Clique em CleanUp! --> Aguarde as remoções!

<><><><><><><><><><><>

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

 

Abraços!

[Drumer 0]

Aqui vai relatorio do Norman Malware

 

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/03/02 09:11:48

 

Norman Scanner Engine Version: 6.00.06

Nvcbin.def Version: 6.00.00, Date: 2009/03/02 09:11:48, Variants: 2926698

 

Scan started: 04/03/2009 16:08:58

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: HENRIQUE-F9243A\UserName

 

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 1896

Number of processes/threads scanned: 1896

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 36s

 

 

Scanning file system...

 

Scanning: C:\*.*

 

C:\System Volume Information\_restore{366FE272-C89C-4050-8FF9-A11E9381DE95}\RP58\A0010590.exe (Infected with W32/Ircbot.ANFB)

Deleted file

 

C:\System Volume Information\_restore{3F3141AE-C731-41B9-82D9-774A12672C8C}\RP429\A0058561.exe (Infected with Suspicious_F.gen)

Deleted file

 

C:\System Volume Information\_restore{3F3141AE-C731-41B9-82D9-774A12672C8C}\RP439\A0063216.exe (Infected with Suspicious_F.gen)

Deleted file

 

C:\System Volume Information\_restore{3F3141AE-C731-41B9-82D9-774A12672C8C}\RP440\A0063291.exe (Infected with Suspicious_F.gen)

Deleted file

 

C:\System Volume Information\_restore{3F3141AE-C731-41B9-82D9-774A12672C8C}\RP444\A0065728.exe (Infected with W32/Swizzor.QBN)

Deleted file

 

Scanning: E:\*.*

 

E:\Aquivos de programa\DreMule\incoming\incoming\Brasileirinhas+Fogosas+e+Furiosas+DVDRip+XviD-BronhaMan.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

E:\Aquivos de programa\DreMule\incoming\incoming\Creedence Clearwater Revival - 1970 - Cosmos Factory - Album.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

E:\Aquivos de programa\DreMule\incoming\incoming\Popcap-Games-Bejeweled 2 Deluxe + crack.rar/bejeweled.2.deluxe.1.0.windows.setup.exe (Infected with W32/Smalltroj.IBLY)

Deleted file

 

E:\Rick\Set-up\WinAVI.Video.Converter 8.0.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

 

Running post-scan cleanup routine:

 

Number of files found: 131025

Number of archives unpacked: 1654

Number of files scanned: 130996

Number of files not scanned: 29

Number of files skipped due to exclude list: 0

Number of infected files found: 6

Number of infected files repaired/deleted: 6

Number of infections removed: 6

Total scanning time: 52m 39s

 

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:38, on 3/4/aaaa

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mad.exe

C:\Arquivos de programas\Assistente Tecnico Speedy\bin\mpbtn.exe

C:\ARQUIV~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

E:\Rick\Set-up\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [unlockerAssistant] C:\Arquivos de programas\Unlocker\UnlockerAssistant.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'SYSTEM')

O4 - S-1-5-18 Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - .DEFAULT User Startup: ObjectDock.lnk = C:\Arquivos de programas\OBjectDock\ObjectDock.exe (User 'Default user')

O4 - .DEFAULT User Startup: UberIcon.lnk = C:\Arquivos de programas\UberIcon\UberIcon Manager.exe (User 'Default user')

O4 - .DEFAULT User Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Assistente Tecnico Speedy.lnk = C:\Arquivos de programas\Assistente Tecnico Speedy\bin\matcli.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O17 - HKLM\System\CS1\Services\Tcpip\..\{17F4F1FF-78EC-420C-823C-FCC75D81DB43}: NameServer = 200.204.0.138 200.204.0.10

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 8503 bytes

[DigRam 144]

Boa Noite! Drumer

 

<@> Baixe: < CCleaner >

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo de backup. ( .reg )

<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Ok.

<@> Para maiores detalhes,vá em: < Docs >

<><><><><><><><><><>

<º> O log está limpo! :thumbsup:

<º> Tudo OK?

 

Abraços!

[Drumer 0]

Olha o pc melhoro bastante, da p perceber, mas alguns erros ainda continuam!! Um deles e o Assistente Tecnico Speedy, dp de ter feito td isso eu desinstalei e reinstalei p ver se configurava normal mas nao consegue, da erro, e tda vez que ligo pc aparece os dizeres:

 

SmartBridge Alerts Motive Sb.exe - Ponto de entrada não encontrado

Não foi possivel localizar o ponto de entrada do procedimento Get Process Image file NameW na biblioteca de vínculo dinâmico PSAPI.DLL

 

E depois que desinstalei alguns daqueles programas que me pediu aparece uma msg de erro

 

Erro

 

Product not instaled

 

E o programa Super que funcionava normal, ja reinstalei, baixei dnvo este programa e quando vo instala instala normal, mas quando vo abrir p utiliza-lo aparece uma msg

 

'7/17/sábado 09:39:04 is not a valid date and time

 

E o programa trava e nao converte nada e isso foi dp do virus q peguei, e dp de toda essa limpeza ainda não consigo instala, mesmo ja tendo baixado dnvo!!

 

Pode me ajudar a corrigir isso?

 

Vlw por tudo

[DigRam 144]

Olha o pc melhoro bastante, da p perceber, mas alguns erros ainda continuam!! Um deles e o Assistente Tecnico Speedy, dp de ter feito td isso eu desinstalei e reinstalei p ver se configurava normal mas nao consegue, da erro, e tda vez que ligo pc aparece os dizeres:

 

SmartBridge Alerts Motive Sb.exe - Ponto de entrada não encontrado

Não foi possivel localizar o ponto de entrada do procedimento Get Process Image file NameW na biblioteca de vínculo dinâmico PSAPI.DLL

 

E depois que desinstalei alguns daqueles programas que me pediu aparece uma msg de erro

 

Erro

 

Product not instaled

 

E o programa Super que funcionava normal, ja reinstalei, baixei dnvo este programa e quando vo instala instala normal, mas quando vo abrir p utiliza-lo aparece uma msg

 

'7/17/sábado 09:39:04 is not a valid date and time

 

E o programa trava e nao converte nada e isso foi dp do virus q peguei, e dp de toda essa limpeza ainda não consigo instala, mesmo ja tendo baixado dnvo!!

 

Pode me ajudar a corrigir isso?

 

Vlw por tudo

<><><><><><><><><>

Opa! Drumer

 

<!> Vá a este endereço,abaixo,e tente a correção!

 

< http://social.technet.microsoft.com/Forums...f-28b2a4716a09/ >

 

Abraços!