[Resolvido!] Socket Error # 11004

[Manssur 0]

Quando vou entrar em um serve de TS aparece esse erro.

tem como me ajduar ??

obrigado !

[PedroN 1]

Opa Manssur, seja bem vindo ao fórum Imasters :)

 

Léia este tópico e retorne com o log do hijackthis

 

Regra Nº 02 - Utilizando O Hijackthis

[Manssur 0]

Opa Manssur, seja bem vindo ao fórum Imasters :)

 

Léia este tópico e retorne com o log do hijackthis

 

Regra Nº 02 - Utilizando O Hijackthis

 

obrigado por estar me ajudando parceiro ^^

 

tae o Log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:02:22, on 8/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9a4c54db1d082) (gupdate1c9a4c54db1d082) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 11182 bytes

[PedroN 1]

Oi Manssur!

 

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

[Manssur 0]

farei um segundo Hijack e vou postar com o log do combofix

[Manssur 0]

farei um segundo Hijack e vou postar com o log do combofix

 

ComboFix 09-06-07.07 - Lucas 08/06/2009 15:41.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1257 [GMT -3:00]

Executando de: c:\documents and settings\Lucas\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

c:\documents and settings\Lucas\Dados de aplicativos\inst.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\mssockdp.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_OREANS32

-------\Service_oreans32

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))

.

 

2009-06-08 18:47 . 2009-06-08 18:47 53248 ----a-w- c:\temp\catchme.dll

2009-06-08 18:45 . 2009-06-08 18:45 60416 ----a-w- c:\temp\Perflib_Perfdata__755.dat

2009-06-08 17:00 . 2009-06-08 17:02 -------- d-----w- C:\Hijack

2009-06-08 15:18 . 2009-06-08 16:57 -------- d-----w- c:\temp\plugtmp-17

2009-06-08 10:45 . 2009-06-08 10:51 -------- d-----w- c:\temp\plugtmp-16

2009-06-07 16:35 . 2009-06-08 01:16 -------- d-----w- c:\temp\plugtmp-15

2009-06-06 13:34 . 2009-06-06 18:40 -------- d-----w- c:\temp\plugtmp-14

2009-06-05 14:03 . 2009-06-05 16:54 -------- d-----w- c:\temp\plugtmp-13

2009-06-04 20:46 . 2009-06-04 21:04 -------- d-----w- c:\temp\plugtmp-12

2009-06-04 12:54 . 2009-06-04 17:19 -------- d-----w- c:\temp\plugtmp-11

2009-06-03 12:46 . 2009-06-08 18:44 -------- d-----w- c:\temp\plugtmp-10

2009-06-02 13:23 . 2009-06-02 13:23 -------- d-----w- c:\temp\Adobe

2009-06-01 16:21 . 2009-06-01 16:21 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-06-01 11:33 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-06-01 11:30 . 2009-06-01 11:33 -------- d-----w- c:\windows\system32\XPSViewer

2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\arquivos de programas\MSBuild

2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-06-01 11:29 . 2009-06-01 11:30 -------- d-----w- C:\7bba691b16349014008360ea

2009-06-01 11:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-06-01 11:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-06-01 11:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-06-01 11:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-06-01 11:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-06-01 11:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-06-01 11:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-06-01 10:24 . 2009-06-08 18:44 -------- d-----w- c:\temp\plugtmp-9

2009-06-01 10:21 . 2009-06-03 02:31 -------- d-----w- c:\arquivos de programas\Killing Floor

2009-05-31 20:36 . 2009-05-31 20:48 -------- d-----w- c:\arquivos de programas\Valve

2009-05-31 17:54 . 2009-05-31 17:54 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Tibia

2009-05-31 17:54 . 2009-05-31 17:54 -------- d-----w- c:\arquivos de programas\Tibia

2009-05-30 14:23 . 2009-05-30 14:24 -------- d-----w- c:\temp\plugtmp-8

2009-05-27 16:15 . 2009-05-28 03:17 -------- d-----w- c:\temp\plugtmp-7

2009-05-27 01:37 . 2009-05-27 02:08 -------- d-----w- c:\temp\plugtmp-6

2009-05-26 16:44 . 2009-05-26 18:10 -------- d-----w- c:\temp\plugtmp-5

2009-05-26 15:27 . 2009-05-26 15:39 -------- d-----w- c:\temp\plugtmp-4

2009-05-25 11:26 . 2009-05-25 11:26 10134 ----a-r- c:\documents and settings\Lucas\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-05-25 11:26 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll

2009-05-25 11:26 . 2009-05-25 11:26 -------- d-----w- c:\arquivos de programas\Microsoft WSE

2009-05-25 10:44 . 2009-05-25 10:47 -------- d-----w- c:\temp\ge1800

2009-05-25 10:28 . 2009-05-25 10:33 -------- d-----w- c:\temp\ge1060

2009-05-24 14:14 . 2009-05-24 18:12 -------- d-----w- c:\temp\plugtmp-3

2009-05-24 14:14 . 2009-05-25 11:54 -------- d-----w- c:\temp\~nsu.tmp

2009-05-23 13:14 . 2009-05-23 13:14 -------- d-----w- c:\temp\plugtmp-2

2009-05-23 12:25 . 2009-06-06 10:35 -------- d-----w- c:\temp\hsperfdata_Lucas

2009-05-22 14:35 . 2009-05-22 17:18 -------- d-----w- c:\temp\plugtmp-1

2009-05-21 17:30 . 2009-05-21 17:30 -------- d-----w- c:\temp\plugtmp

2009-05-21 01:43 . 2009-05-21 01:43 -------- d-----w- c:\arquivos de programas\EA Games

2009-05-18 03:23 . 2009-06-08 18:44 -------- d-----w- c:\temp\B37FC18C-DC60-409C-8286-82CB09ED7BA0

2009-05-10 15:23 . 2009-05-20 13:48 -------- d-----w- c:\temp\ge3232

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-08 18:46 . 2009-03-16 14:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-08 18:45 . 2009-03-11 17:43 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Free Download Manager

2009-06-08 16:20 . 2008-07-06 20:41 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2009-06-08 16:15 . 2009-03-20 12:17 -------- d-----w- c:\arquivos de programas\Warcraft III

2009-06-08 15:24 . 2009-03-20 14:06 -------- d-----w- c:\arquivos de programas\Garena

2009-06-06 17:18 . 2008-06-08 22:52 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-06-02 21:28 . 2008-08-03 15:21 -------- d-----w- c:\arquivos de programas\sXe Injected

2009-06-02 20:48 . 2008-12-31 14:01 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\uTorrent

2009-06-01 16:21 . 2008-06-02 14:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-06-01 11:31 . 2001-10-28 11:07 82988 ----a-w- c:\windows\system32\perfc016.dat

2009-06-01 11:31 . 2001-10-28 11:07 477230 ----a-w- c:\windows\system32\perfh016.dat

2009-05-31 20:33 . 2008-08-02 18:43 -------- d-----w- c:\arquivos de programas\Hero Editor

2009-05-25 11:19 . 2009-05-03 12:40 -------- d-----w- c:\arquivos de programas\Electronic Arts

2009-05-25 11:19 . 2008-05-31 02:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-20 13:48 . 2008-06-08 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-05-18 03:37 . 2009-02-20 02:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\2DBoy

2009-05-18 03:28 . 2009-02-08 00:35 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Corel

2009-05-18 03:28 . 2009-02-08 00:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2009-05-18 03:22 . 2008-07-07 11:22 -------- d-----w- c:\arquivos de programas\Diablo II

2009-05-16 10:59 . 2008-07-10 11:51 -------- d-----w- c:\arquivos de programas\Google

2009-05-11 11:22 . 2009-03-28 23:50 -------- d-----w- c:\arquivos de programas\Crayon Physics Deluxe

2009-05-10 14:23 . 2009-04-27 01:09 -------- d-----w- c:\arquivos de programas\TibiaBot NG

2009-05-03 12:49 . 2009-05-03 12:47 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\SPORE

2009-05-03 12:26 . 2008-09-11 14:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-01 22:39 . 2009-03-20 12:19 117955 ----a-w- c:\windows\War3Unin.dat

2009-04-29 18:15 . 2009-04-29 18:15 -------- d-----w- c:\arquivos de programas\Macmillan

2009-04-29 13:07 . 2009-04-29 12:09 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-04-29 13:07 . 2009-04-29 12:09 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-04-29 12:09 . 2009-04-29 12:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-04-29 12:09 . 2009-04-29 12:09 -------- d-----w- c:\arquivos de programas\Avira

2009-04-19 16:19 . 2009-04-18 15:28 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-04-19 01:10 . 2009-03-23 20:11 -------- d-----w- c:\arquivos de programas\GameSpy Arcade

2009-04-19 01:07 . 2009-01-04 04:01 -------- d-----w- c:\arquivos de programas\Microsoft Games

2009-04-18 23:50 . 2009-04-18 23:50 -------- d-----w- c:\arquivos de programas\Joymax

2009-04-18 12:49 . 2009-04-18 12:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-04-18 12:45 . 2008-05-31 02:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-04-16 03:03 . 2009-04-15 18:26 -------- d-----w- c:\arquivos de programas\World of Warcraft

2009-04-15 19:08 . 2009-04-15 18:56 -------- d-----w- c:\arquivos de programas\InnerSpace

2009-04-15 18:28 . 2008-07-21 00:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment

2009-04-08 01:38 . 2009-04-08 01:38 725 ----a-w- c:\windows\eReg.dat

2009-03-28 19:32 . 2009-03-20 12:19 2829 ----a-w- c:\windows\War3Unin.pif

2009-03-28 19:32 . 2009-03-20 12:19 139264 ----a-w- c:\windows\War3Unin.exe

2009-03-11 18:29 . 2008-05-31 02:16 319488 ----a-w- c:\windows\HideWin.exe

.

 

------- Sigcheck -------

 

[-] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2004-08-04 02:45 577536 E0FF28447D1038DE106D1F2FDF851647 c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 02:20 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 02:20 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\system32\user32.dll

[7] 2008-04-14 02:20 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\VistaMizer\old\user32.dll

 

[-] 2007-01-04 14:02 667136 B8B6A731FC318E2FB4E7F689B6F92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll

[7] 2008-03-01 12:35 827392 B7D78DDC9BDB7CE9E70CB97A142B160C c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[7] 2008-04-23 04:20 827392 7282F35CBA5770795325F4B55E992F8F c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[7] 2008-06-23 15:40 827904 8CFD66CC90F966333CFA8D8161E185DF c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 09:10 827904 CC9CD001AE0FF30D0E16A172BF39576A c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-10-16 19:33 827904 4BCD45D77BD42A5E9C2DD2E847A5467E c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\$NtUninstallKB928090$\wininet.dll

[-] 2007-01-04 13:38 660992 C1819190DC0728400719E4E92F5C9382 c:\windows\ie7\wininet.dll

[7] 2006-11-08 00:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB947864-IE7\wininet.dll

[7] 2008-03-01 13:02 826368 85B2CDB953E8D6956FB17B4B5FBECA60 c:\windows\ie7updates\KB950759-IE7\wininet.dll

[7] 2008-04-23 07:14 826368 DD01BDE9CA09B53C50F67E932181CB7E c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-08-26 08:11 826368 ACB8649F0EFDCC6D7B081E3BC213B93A c:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-10-16 20:23 927744 62C7D091B1BD44B371FC33BB9772F4A7 c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2008-10-16 20:23 927744 62C7D091B1BD44B371FC33BB9772F4A7 c:\windows\system32\wininet.dll

[-] 2008-10-16 20:23 927744 62C7D091B1BD44B371FC33BB9772F4A7 c:\windows\system32\dllcache\wininet.dll

[7] 2008-10-16 20:23 826368 779479E6F38BC77831F26BD9AAE3FAD3 c:\windows\VistaMizer\old\wininet.dll

 

[7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 02:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 02:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\system32\winlogon.exe

[7] 2008-04-14 02:21 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2005-03-02 13:13 2061184 AED7B3AA86AD031CF39C6E4BBA37E818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 11:08 2063616 D027F0097B8F099C09369B8CC97D7C32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2008-08-14 21:26 2070272 586A93E0C23F6A1893F6706F36B22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2007-02-28 16:02 2019840 1F433C0F544A74459F035B71121A4569 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2004-08-04 02:55 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2005-03-02 18:08 2019328 98C8C29BB2BD2427819674062604668C c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2008-04-14 02:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[7] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2008-08-14 13:24 2285056 8B1B0833705EA0893B60680FF19CA6FB c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2008-08-14 13:24 2285056 8B1B0833705EA0893B60680FF19CA6FB c:\windows\system32\ntkrnlpa.exe

[-] 2008-08-14 13:24 2285056 8B1B0833705EA0893B60680FF19CA6FB c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2008-08-14 13:24 2028032 616D6CD2B6AD2B022234C4A524DB3E46 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2005-03-02 18:13 2183808 6E3AB4241E058B248CB7CDC5157449C3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 16:08 2186368 BFB4C8761976CCE0B544D557B4C70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2008-08-14 21:26 2193408 A42CC3CFC02A7B2BAEC7B0D45808B257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2007-02-28 16:02 2140160 7AACD829F2A9BB4DACE70CBFC6046934 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2005-03-02 18:08 2139648 7C9E84463BF6228660898395851464E0 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2008-04-14 02:00 2149376 0ED0AB8E279126064A46A73A5ED59069 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[7] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2008-08-14 13:24 2406400 B95BB4F32289D3DFEDB169888FA104E4 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2008-08-14 13:24 2406400 B95BB4F32289D3DFEDB169888FA104E4 c:\windows\system32\ntoskrnl.exe

[-] 2008-08-14 13:24 2406400 B95BB4F32289D3DFEDB169888FA104E4 c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-08-14 13:24 2149376 023A1B1C004483AEEB4209239524DCC5 c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2008-04-14 02:20 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\explorer.exe

[-] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 02:20 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

[7] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\VistaMizer\old\explorer.exe

 

[7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 02:20 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 02:20 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\system32\ctfmon.exe

[7] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-26 12:32 279944 ----a-w- c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Easy-PrintToolBox"="c:\arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-10-16 124928]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CABAL Online (BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\utorrent 1.6.1.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15310:TCP"= 15310:TCP:BitComet 15310 TCP

"15310:UDP"= 15310:UDP:BitComet 15310 UDP

"333:UDP"= 333:UDP:cs

"333:TCP"= 333:TCP:cs

"27015:UDP"= 27015:UDP:27015

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [29/4/2009 09:09 108289]

R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [15/2/2008 14:17 832760]

S2 gupdate1c9a4c54db1d082;Google Update Service (gupdate1c9a4c54db1d082);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [14/3/2009 13:52 133104]

S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]

S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]

S3 XDva168;XDva168;\??\c:\windows\system32\XDva168.sys --> c:\windows\system32\XDva168.sys [?]

S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 20:57]

 

2009-06-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-14 16:52]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-ares - c:\arquivos de programas\Ares\Ares.exe

HKCU-Run-DriverUpdaterPro - c:\arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe

HKCU-Run-DLD.EXE - c:\arquivos de programas\Download Direct\DLD.exe

HKLM-Run-Flashget - c:\arquivos de programas\FlashGet\FlashGet.exe

HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe

Notify-WgaLogon - (no file)

SafeBoot-procexp90.Sys

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.plusnetwork.com

uInternet Settings,ProxyOverride = *.local

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar link usando &BitComet

IE: Baixar todos os links usando BitComet

IE: Baixar todos os vídeos usando BitComet

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll

FF - ProfilePath - c:\documents and settings\Lucas\Dados de aplicativos\Mozilla\Firefox\Profiles\qqhti7d9.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\documents and settings\Lucas\Dados de aplicativos\Mozilla\Firefox\Profiles\qqhti7d9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Windows Media Player\np-mswmp.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-08 15:47

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-746137067-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:22,84,dd,75,cf,53,68,6d,9e,bb,f1,b5,dc,06,5b,b3,fa,d9,5d,12,3a,

81,30,ee,42,5d,9f,9b,47,48,d0,cb,5e,a8,d9,58,b9,9f,84,a9,57,13,eb,8a,1e,92,\

"rkeysecu"=hex:5a,78,7d,c4,a0,e8,a9,06,c3,ff,21,af,d6,d8,9b,69

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(708)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

c:\windows\system32\CLBCATQ.DLL

 

- - - - - - - > 'lsass.exe'(764)

c:\windows\system32\setupapi.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(3592)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroSearchBar.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\MFC71U.DLL

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\phonebrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-08 15:50 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-08 18:50

 

Pré-execução: 25 pasta(s) 155.908.771.840 bytes disponíveis

Pós execução: 24 pasta(s) 156.351.152.128 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

361 --- E O F --- 2008-12-17 21:22

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:53:21, on 8/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9a4c54db1d082) (gupdate1c9a4c54db1d082) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10120 bytes

[PedroN 1]

Opa Manssur, boa tarde !

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

c:\temp\plugtmp-17

c:\temp\plugtmp-16

c:\temp\plugtmp-15

c:\temp\plugtmp-14

c:\temp\plugtmp-13

c:\temp\plugtmp-12

c:\temp\plugtmp-11

c:\temp\plugtmp-10

c:\temp\plugtmp-9

c:\temp\plugtmp-8

c:\temp\plugtmp-7

c:\temp\plugtmp-6

c:\temp\plugtmp-5

c:\temp\plugtmp-4

c:\temp\plugtmp-3

c:\temp\plugtmp-2

c:\temp\plugtmp-1

c:\temp\plugtmp

File::

c:\windows\system32\XDva092.sys

Driver::

"XDva092"

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[Manssur 0]

ComboFix 09-06-07.07 - Lucas 08/06/2009 16:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2039.1301 [GMT -3:00]

Executando de: c:\documents and settings\Lucas\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Lucas\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\windows\system32\XDva092.sys"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\temp\plugtmp-1

c:\temp\plugtmp-10

c:\temp\plugtmp-11

c:\temp\plugtmp-12

c:\temp\plugtmp-13

c:\temp\plugtmp-14

c:\temp\plugtmp-15

c:\temp\plugtmp-16

c:\temp\plugtmp-17

c:\temp\plugtmp-2

c:\temp\plugtmp-3

c:\temp\plugtmp-4

c:\temp\plugtmp-5

c:\temp\plugtmp-6

c:\temp\plugtmp-7

c:\temp\plugtmp-8

c:\temp\plugtmp-9

c:\temp\plugtmp

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_XDVA092

-------\Service_XDva092

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-08 to 2009-06-08 ))))))))))))))))))))))))))))

.

 

2009-06-08 19:30 . 2009-06-08 19:30 60416 ----a-w- c:\temp\Perflib_Perfdata__755.dat

2009-06-08 17:00 . 2009-06-08 18:53 -------- d-----w- C:\Hijack

2009-06-02 13:23 . 2009-06-02 13:23 -------- d-----w- c:\temp\Adobe

2009-06-01 16:21 . 2009-06-01 16:21 -------- d-----w- c:\arquivos de programas\Ask Search Assistant

2009-06-01 11:33 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll

2009-06-01 11:30 . 2009-06-01 11:33 -------- d-----w- c:\windows\system32\XPSViewer

2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\arquivos de programas\MSBuild

2009-06-01 11:30 . 2009-06-01 11:30 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-06-01 11:29 . 2009-06-01 11:30 -------- d-----w- C:\7bba691b16349014008360ea

2009-06-01 11:29 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-06-01 11:29 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-06-01 11:29 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-06-01 11:29 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-06-01 11:29 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-06-01 11:29 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-06-01 11:29 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-06-01 10:21 . 2009-06-03 02:31 -------- d-----w- c:\arquivos de programas\Killing Floor

2009-05-31 20:36 . 2009-05-31 20:48 -------- d-----w- c:\arquivos de programas\Valve

2009-05-31 17:54 . 2009-05-31 17:54 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Tibia

2009-05-31 17:54 . 2009-05-31 17:54 -------- d-----w- c:\arquivos de programas\Tibia

2009-05-25 11:26 . 2009-05-25 11:26 10134 ----a-r- c:\documents and settings\Lucas\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

2009-05-25 11:26 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll

2009-05-25 11:26 . 2009-05-25 11:26 -------- d-----w- c:\arquivos de programas\Microsoft WSE

2009-05-25 10:44 . 2009-05-25 10:47 -------- d-----w- c:\temp\ge1800

2009-05-25 10:28 . 2009-05-25 10:33 -------- d-----w- c:\temp\ge1060

2009-05-24 14:14 . 2009-05-25 11:54 -------- d-----w- c:\temp\~nsu.tmp

2009-05-23 12:25 . 2009-06-06 10:35 -------- d-----w- c:\temp\hsperfdata_Lucas

2009-05-21 01:43 . 2009-05-21 01:43 -------- d-----w- c:\arquivos de programas\EA Games

2009-05-18 03:23 . 2009-06-08 18:44 -------- d-----w- c:\temp\B37FC18C-DC60-409C-8286-82CB09ED7BA0

2009-05-10 15:23 . 2009-05-20 13:48 -------- d-----w- c:\temp\ge3232

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-08 19:32 . 2009-03-16 14:43 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-06-08 19:31 . 2009-03-11 17:43 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Free Download Manager

2009-06-08 19:22 . 2009-03-20 12:17 -------- d-----w- c:\arquivos de programas\Warcraft III

2009-06-08 19:03 . 2009-03-20 14:06 -------- d-----w- c:\arquivos de programas\Garena

2009-06-08 16:20 . 2008-07-06 20:41 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2009-06-06 17:18 . 2008-06-08 22:52 -------- d-----w- c:\arquivos de programas\CyberScript32

2009-06-02 21:28 . 2008-08-03 15:21 -------- d-----w- c:\arquivos de programas\sXe Injected

2009-06-02 20:48 . 2008-12-31 14:01 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\uTorrent

2009-06-01 16:21 . 2008-06-02 14:54 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-06-01 11:31 . 2001-10-28 11:07 82988 ----a-w- c:\windows\system32\perfc016.dat

2009-06-01 11:31 . 2001-10-28 11:07 477230 ----a-w- c:\windows\system32\perfh016.dat

2009-05-31 20:33 . 2008-08-02 18:43 -------- d-----w- c:\arquivos de programas\Hero Editor

2009-05-25 11:19 . 2009-05-03 12:40 -------- d-----w- c:\arquivos de programas\Electronic Arts

2009-05-25 11:19 . 2008-05-31 02:19 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-20 13:48 . 2008-06-08 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-05-18 03:37 . 2009-02-20 02:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\2DBoy

2009-05-18 03:28 . 2009-02-08 00:35 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\Corel

2009-05-18 03:28 . 2009-02-08 00:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel

2009-05-18 03:22 . 2008-07-07 11:22 -------- d-----w- c:\arquivos de programas\Diablo II

2009-05-16 10:59 . 2008-07-10 11:51 -------- d-----w- c:\arquivos de programas\Google

2009-05-11 11:22 . 2009-03-28 23:50 -------- d-----w- c:\arquivos de programas\Crayon Physics Deluxe

2009-05-10 14:23 . 2009-04-27 01:09 -------- d-----w- c:\arquivos de programas\TibiaBot NG

2009-05-03 12:49 . 2009-05-03 12:47 -------- d-----w- c:\documents and settings\Lucas\Dados de aplicativos\SPORE

2009-05-03 12:26 . 2008-09-11 14:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-05-01 22:39 . 2009-03-20 12:19 117955 ----a-w- c:\windows\War3Unin.dat

2009-04-29 18:15 . 2009-04-29 18:15 -------- d-----w- c:\arquivos de programas\Macmillan

2009-04-29 13:07 . 2009-04-29 12:09 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-04-29 13:07 . 2009-04-29 12:09 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-04-29 12:09 . 2009-04-29 12:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-04-29 12:09 . 2009-04-29 12:09 -------- d-----w- c:\arquivos de programas\Avira

2009-04-19 16:19 . 2009-04-18 15:28 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-04-19 01:10 . 2009-03-23 20:11 -------- d-----w- c:\arquivos de programas\GameSpy Arcade

2009-04-19 01:07 . 2009-01-04 04:01 -------- d-----w- c:\arquivos de programas\Microsoft Games

2009-04-18 23:50 . 2009-04-18 23:50 -------- d-----w- c:\arquivos de programas\Joymax

2009-04-18 12:49 . 2009-04-18 12:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2009-04-18 12:45 . 2008-05-31 02:16 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-04-16 03:03 . 2009-04-15 18:26 -------- d-----w- c:\arquivos de programas\World of Warcraft

2009-04-15 19:08 . 2009-04-15 18:56 -------- d-----w- c:\arquivos de programas\InnerSpace

2009-04-15 18:28 . 2008-07-21 00:41 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Blizzard Entertainment

2009-04-08 01:38 . 2009-04-08 01:38 725 ----a-w- c:\windows\eReg.dat

2009-03-28 19:32 . 2009-03-20 12:19 2829 ----a-w- c:\windows\War3Unin.pif

2009-03-28 19:32 . 2009-03-20 12:19 139264 ----a-w- c:\windows\War3Unin.exe

2009-03-11 18:29 . 2008-05-31 02:16 319488 ----a-w- c:\windows\HideWin.exe

.

 

------- Sigcheck -------

 

[-] 2005-03-02 18:20 577536 3ED0A4D74EFD5AAF8408095F452E2613 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2007-03-08 15:50 578560 F86D3E5C8FE13297E1C2D662F9E2D59D c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 15:36 578048 B5782EE6EAFE3C218236F79F1A27B747 c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2004-08-04 02:45 577536 E0FF28447D1038DE106D1F2FDF851647 c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2005-03-02 18:18 577536 7FFBCF1B94E6929DEECE06670C2407D6 c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-04-14 02:20 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 02:20 588288 7C0E5D593730414B5994A15A6D10C201 c:\windows\system32\user32.dll

[7] 2008-04-14 02:20 579072 54907DB28872A7A6D3EE2B4747A23828 c:\windows\VistaMizer\old\user32.dll

 

[-] 2007-01-04 14:02 667136 B8B6A731FC318E2FB4E7F689B6F92631 c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll

[7] 2008-03-01 12:35 827392 B7D78DDC9BDB7CE9E70CB97A142B160C c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[7] 2008-04-23 04:20 827392 7282F35CBA5770795325F4B55E992F8F c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[7] 2008-06-23 15:40 827904 8CFD66CC90F966333CFA8D8161E185DF c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 09:10 827904 CC9CD001AE0FF30D0E16A172BF39576A c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-10-16 19:33 827904 4BCD45D77BD42A5E9C2DD2E847A5467E c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2004-08-04 02:45 658432 398A619CE60090303042D1F8CC68F712 c:\windows\$NtUninstallKB928090$\wininet.dll

[-] 2007-01-04 13:38 660992 C1819190DC0728400719E4E92F5C9382 c:\windows\ie7\wininet.dll

[7] 2006-11-08 00:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB947864-IE7\wininet.dll

[7] 2008-03-01 13:02 826368 85B2CDB953E8D6956FB17B4B5FBECA60 c:\windows\ie7updates\KB950759-IE7\wininet.dll

[7] 2008-04-23 07:14 826368 DD01BDE9CA09B53C50F67E932181CB7E c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-08-26 08:11 826368 ACB8649F0EFDCC6D7B081E3BC213B93A c:\windows\ie7updates\KB958215-IE7\wininet.dll

[-] 2008-10-16 20:23 927744 62C7D091B1BD44B371FC33BB9772F4A7 c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2008-10-16 20:23 927744 62C7D091B1BD44B371FC33BB9772F4A7 c:\windows\system32\wininet.dll

[-] 2008-10-16 20:23 927744 62C7D091B1BD44B371FC33BB9772F4A7 c:\windows\system32\dllcache\wininet.dll

[7] 2008-10-16 20:23 826368 779479E6F38BC77831F26BD9AAE3FAD3 c:\windows\VistaMizer\old\wininet.dll

 

[7] 2004-08-04 02:45 504320 6F7BDE7A1126DEBF0CC359A54953EFC1 c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 02:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 02:21 549376 B0C0BF2504B830BFC1E93CA39F3C75FE c:\windows\system32\winlogon.exe

[7] 2008-04-14 02:21 509952 71D440F79B711627B12B567FB2EADB42 c:\windows\VistaMizer\old\winlogon.exe

 

[-] 2005-03-02 13:13 2061184 AED7B3AA86AD031CF39C6E4BBA37E818 c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 11:08 2063616 D027F0097B8F099C09369B8CC97D7C32 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2008-08-14 21:26 2070272 586A93E0C23F6A1893F6706F36B22598 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[-] 2007-02-28 16:02 2019840 1F433C0F544A74459F035B71121A4569 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[7] 2004-08-04 02:55 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2005-03-02 18:08 2019328 98C8C29BB2BD2427819674062604668C c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2008-04-14 02:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[7] 2008-08-14 13:24 2070272 A62251C7C1F0DBC3241ABF1985EDE75E c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2008-08-14 13:24 2285056 8B1B0833705EA0893B60680FF19CA6FB c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2008-08-14 13:24 2285056 8B1B0833705EA0893B60680FF19CA6FB c:\windows\system32\ntkrnlpa.exe

[-] 2008-08-14 13:24 2285056 8B1B0833705EA0893B60680FF19CA6FB c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2008-08-14 13:24 2028032 616D6CD2B6AD2B022234C4A524DB3E46 c:\windows\VistaMizer\old\ntkrnlpa.exe

 

[-] 2005-03-02 18:13 2183808 6E3AB4241E058B248CB7CDC5157449C3 c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 16:08 2186368 BFB4C8761976CCE0B544D557B4C70825 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2008-08-14 21:26 2193408 A42CC3CFC02A7B2BAEC7B0D45808B257 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[-] 2007-02-28 16:02 2140160 7AACD829F2A9BB4DACE70CBFC6046934 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[7] 2004-08-04 02:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2005-03-02 18:08 2139648 7C9E84463BF6228660898395851464E0 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2008-04-14 02:00 2149376 0ED0AB8E279126064A46A73A5ED59069 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[7] 2008-08-14 13:24 2193408 04BA43B0D2A13BD6B06D707299243CFC c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2008-08-14 13:24 2406400 B95BB4F32289D3DFEDB169888FA104E4 c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2008-08-14 13:24 2406400 B95BB4F32289D3DFEDB169888FA104E4 c:\windows\system32\ntoskrnl.exe

[-] 2008-08-14 13:24 2406400 B95BB4F32289D3DFEDB169888FA104E4 c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-08-14 13:24 2149376 023A1B1C004483AEEB4209239524DCC5 c:\windows\VistaMizer\old\ntoskrnl.exe

 

[-] 2008-04-14 02:20 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\explorer.exe

[-] 2007-06-13 13:10 1035264 45D521506825A10B80833B4E9621CCF6 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 13:21 1035264 DCCBF18E94D651393A3FFA060F88E0A0 c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 02:20 1554432 F1A3E95588DB92660C8C6DAA9101D49B c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-04 02:45 1034240 FA61A19050AE14BEC1A26DE82390DD65 c:\windows\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

[7] 2008-04-14 02:20 1035776 064EC7FF5F58B928C3E119402977FA6D c:\windows\VistaMizer\old\explorer.exe

 

[7] 2004-08-04 02:45 15360 F40BC97996B8E53799EEF1D63996674B c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 02:20 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 02:20 25088 D67945A2290E98BB54D7792F09E7504E c:\windows\system32\ctfmon.exe

[7] 2008-04-14 02:20 15360 4E486ADFE3A0B9ED0EB0639902E9F64F c:\windows\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-26 12:32 279944 ----a-w- c:\arquivos de programas\AskBarDis\bar\bin\askBar.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"Nokia.PCSync"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]

"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Easy-PrintToolBox"="c:\arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-10-16 124928]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CABAL Online (BRAZIL)\\launcher\\update\\ESTdnheadless.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\uTorrent\\utorrent 1.6.1.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15310:TCP"= 15310:TCP:BitComet 15310 TCP

"15310:UDP"= 15310:UDP:BitComet 15310 UDP

"333:UDP"= 333:UDP:cs

"333:TCP"= 333:TCP:cs

"27015:UDP"= 27015:UDP:27015

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [29/4/2009 09:09 108289]

R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe [15/2/2008 14:17 832760]

S2 gupdate1c9a4c54db1d082;Google Update Service (gupdate1c9a4c54db1d082);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [14/3/2009 13:52 133104]

S3 XDva165;XDva165;\??\c:\windows\system32\XDva165.sys --> c:\windows\system32\XDva165.sys [?]

S3 XDva168;XDva168;\??\c:\windows\system32\XDva168.sys --> c:\windows\system32\XDva168.sys [?]

S3 XDva172;XDva172;\??\c:\windows\system32\XDva172.sys --> c:\windows\system32\XDva172.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 20:57]

 

2009-06-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-03-14 16:52]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.plusnetwork.com

uInternet Settings,ProxyOverride = *.local

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar link usando &BitComet

IE: Baixar todos os links usando BitComet

IE: Baixar todos os vídeos usando BitComet

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll

FF - ProfilePath - c:\documents and settings\Lucas\Dados de aplicativos\Mozilla\Firefox\Profiles\qqhti7d9.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: c:\documents and settings\Lucas\Dados de aplicativos\Mozilla\Firefox\Profiles\qqhti7d9.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8873}\components\GbMzhUni.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Windows Media Player\np-mswmp.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-08 16:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-606747145-746137067-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:22,84,dd,75,cf,53,68,6d,9e,bb,f1,b5,dc,06,5b,b3,fa,d9,5d,12,3a,

81,30,ee,42,5d,9f,9b,47,48,d0,cb,5e,a8,d9,58,b9,9f,84,a9,57,13,eb,8a,1e,92,\

"rkeysecu"=hex:5a,78,7d,c4,a0,e8,a9,06,c3,ff,21,af,d6,d8,9b,69

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(708)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(764)

c:\windows\system32\setupapi.dll

c:\windows\system32\psbase.dll

 

- - - - - - - > 'explorer.exe'(2372)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroSearchBar.dll

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\MFC71U.DLL

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\phonebrowser.dll

c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr

c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-06-08 16:36 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-06-08 19:36

ComboFix2.txt 2009-06-08 18:50

 

Pré-execução: 25 pasta(s) 156.346.220.544 bytes disponíveis

Pós execução: 24 pasta(s) 156.370.391.040 bytes disponíveis

 

345 --- E O F --- 2008-12-17 21:22

 

________________________________________________________________________________

_______________________________________________

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45:39, on 8/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9a4c54db1d082) (gupdate1c9a4c54db1d082) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10121 bytes

[PedroN 1]

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

[Manssur 0]

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste,os relatórios: mbam-log-2008-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

 

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2249

Windows 5.1.2600 Service Pack 3

 

8/6/2009 17:17:17

mbam-log-2009-06-08 (17-17-17).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 191004

Tempo decorrido: 2 minute(s), 15 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:18:07, on 8/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9a4c54db1d082) (gupdate1c9a4c54db1d082) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10485 bytes

[PedroN 1]

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

 

poste o log do scan aqui mesmo no tópico

[Manssur 0]

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

 

poste o log do scan aqui mesmo no tópico

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Tuesday, June 9, 2009

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Tuesday, June 09, 2009 03:12:12

Records in database: 2328408

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan statistics:

Files scanned: 116934

Threat name: 1

Infected objects: 1

Suspicious objects: 0

Duration of the scan: 01:45:59

 

 

File name / Threat name / Threats count

C:\Arquivos de programas\CyberScript32\CyberScript.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

 

The selected area was scanned.

[PedroN 1]

-- Acesse o site do Vírus Total e envie o arquivo em destaque abaixo:

 

C:\Arquivos de programas\CyberScript32\CyberScript.exe.

 

Clique em enviar arquivo. Ao término do procedimento poste o resultado na sua proxima resposta.

 

• Baixe: < ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

• Poste, também, HijackThis atualizado.

[Manssur 0]

Arquivo B9985DEA00B37B6740431FFC6820680027101E37.exe recebido em 2009.05.30 17:33:50 (UTC)

Andamento: terminado

Resultado: 9/40 (22.50%)

 

Antivírus Versão Última Atualização Resultado

a-squared 4.0.0.101 2009.05.30 Riskware.Client-IRC.Win32.mIRC!IK

AhnLab-V3 5.0.0.2 2009.05.29 -

AntiVir 7.9.0.180 2009.05.30 -

Antiy-AVL 2.0.3.1 2009.05.27 -

Authentium 5.1.2.4 2009.05.29 -

Avast 4.8.1335.0 2009.05.29 -

AVG 8.5.0.339 2009.05.30 -

BitDefender 7.2 2009.05.30 -

CAT-QuickHeal 10.00 2009.05.29 -

ClamAV 0.94.1 2009.05.30 -

Comodo 1199 2009.05.30 Application.Win32.ClientIRC.mIRC.~AB

DrWeb 5.0.0.12182 2009.05.29 -

eSafe 7.0.17.0 2009.05.27 Suspicious File

eTrust-Vet 31.6.6530 2009.05.30 -

F-Prot 4.4.4.56 2009.05.29 -

F-Secure 8.0.14470.0 2009.05.30 Client-IRC.Win32.mIRC.617

Fortinet 3.117.0.0 2009.05.30 -

GData 19 2009.05.30 -

Ikarus T3.1.1.57.0 2009.05.30 -

K7AntiVirus 7.10.749 2009.05.29 not-a-virus:Client-IRC.Win32.mIRC

Kaspersky 7.0.0.125 2009.05.30 not-a-virus:Client-IRC.Win32.mIRC.617

McAfee 5631 2009.05.30 -

McAfee+Artemis 5631 2009.05.30 potentially unwanted program Artemis!36B610F032CC

McAfee-GW-Edition 6.7.6 2009.05.29 -

Microsoft 1.4701 2009.05.30 -

NOD32 4116 2009.05.29 -

Norman 2009.05.29 -

nProtect 2009.1.8.0 2009.05.30 -

Panda 10.0.0.14 2009.05.30 -

PCTools 4.4.2.0 2009.05.30 -

Prevx 3.0 2009.05.30 -

Rising 21.31.21.00 2009.05.27 -

Sophos 4.42.0 2009.05.30 -

Sunbelt 3.2.1858.2 2009.05.30 Client-IRC.Win32.mIRC.GeN

Symantec 1.4.4.12 2009.05.30 -

TheHacker 6.3.4.3.334 2009.05.29 -

TrendMicro 8.950.0.1092 2009.05.29 -

VBA32 3.12.10.6 2009.05.27 -

ViRobot 2009.5.29.1761 2009.05.29 Not_a_virus:ClientIRC.mIRC.2048000.A

VirusBuster 4.6.5.0 2009.05.30 -

Informações adicionais

File size: 2048000 bytes

MD5 : 0436b610f032cc47707b4e526da03d6d

SHA1 : 892b7ce6b1032ccf4bf82c5628bcc8c8aa31de87

SHA256: b190b1df5dc9e08bab474193886003f69540d4ce384e7d726e74829bfad15069

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x185C28

timedatestamp.....: 0x43F63226 (Fri Feb 17 21:29:26 2006)

machinetype.......: 0x14C (Intel I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x192609 0x193000 6.58 fbc5ecde9d4e2c464421da2b6dd11433

.rdata 0x194000 0x1878C 0x19000 5.99 f765e10f257d5e33da28ea9584380a09

.data 0x1AD000 0x2B140 0x4000 3.98 7ad73b5bd18b7b3569f8b7c3a9a721dc

.rsrc 0x1D9000 0x425E8 0x43000 4.34 7d00cd511d6a876e2ad53a49bb599eb4

 

( 13 imports )

 

> advapi32.dll: RegEnumKeyA, RegCreateKeyExA, RegSetValueExA, RegDeleteKeyA, RegOpenKeyA, RegQueryValueA, RegCreateKeyA, RegSetValueA, RegCloseKey, RegOpenKeyExA

> comctl32.dll: ImageList_AddMasked, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

> comdlg32.dll: ChooseFontA, CommDlgExtendedError, ChooseColorA

> gdi32.dll: StretchBlt, CreateCompatibleBitmap, LineTo, MoveToEx, CreatePen, SelectClipRgn, CombineRgn, CreateRectRgn, GetNearestColor, GetDeviceCaps, GetTextExtentPointA, CreateFontIndirectA, GetDIBits, CreateDIBitmap, ExtFloodFill, CreatePatternBrush, Rectangle, RoundRect, SetStretchBltMode, DeleteDC, SetROP2, SetBkMode, ExtTextOutW, EnumFontFamiliesExA, GetTextCharset, StretchDIBits, PtInRegion, CreatePolygonRgn, GetTextExtentPointW, Polyline, SetPixel, ExcludeClipRect, CreateBitmap, PatBlt, SetWindowOrgEx, GetObjectType, CreateRectRgnIndirect, SetBrushOrgEx, CreateCompatibleDC, GetObjectA, Ellipse, BitBlt, RectInRegion, CreateFontA, CreateSolidBrush, CreateHatchBrush, GetTextMetricsA, SetTextColor, SetBkColor, ExtTextOutA, DeleteObject, SelectObject, GetStockObject, GetPixel, SetPixelV

> kernel32.dll: CreateEventA, GetSystemDefaultLangID, GetLocaleInfoA, GetSystemDefaultLCID, GetWindowsDirectoryA, SetEndOfFile, lstrlenA, GlobalUnlock, GlobalLock, GlobalFree, GlobalAlloc, lstrcatA, lstrcpyA, lstrcatW, lstrlenW, lstrcpyW, GetVersionExA, QueryPerformanceCounter, QueryPerformanceFrequency, CreateFileA, QueryDosDeviceA, GetFileType, GetFileAttributesA, WinExec, WriteFile, MulDiv, FindClose, FindNextFileA, FindFirstFileA, GetModuleFileNameA, _lwrite, _lclose, _hwrite, GlobalSize, OpenFile, _hread, _llseek, _lopen, GetCurrentThreadId, lstrcpynA, SetFilePointer, GetLastError, ReadFile, FlushFileBuffers, LoadLibraryA, GetVolumeInformationA, GetDriveTypeA, GetLogicalDriveStringsA, SetFileAttributesA, WritePrivateProfileStringA, GetPrivateProfileStringA, GetLocalTime, lstrcmpA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, SetErrorMode, FindCloseChangeNotification, FindNextChangeNotification, WaitForMultipleObjects, FindFirstChangeNotificationA, GetEnvironmentVariableA, GetShortPathNameA, CompareFileTime, GetFileTime, ReleaseMutex, WaitForSingleObject, CreateMutexA, GetTimeZoneInformation, LocalAlloc, LocalReAlloc, LocalFree, GetTempPathA, SizeofResource, CreateThread, TlsGetValue, TlsSetValue, ExitThread, RtlUnwind, HeapFree, HeapAlloc, FileTimeToSystemTime, FileTimeToLocalFileTime, SetConsoleCtrlHandler, DeleteFileA, MoveFileA, GetACP, GetOEMCP, GetProcAddress, FreeLibrary, GetCurrentThread, SetThreadPriority, SetEvent, Sleep, CloseHandle, WideCharToMultiByte, MultiByteToWideChar, GetTickCount, FindResourceA, GetCPInfo, ExitProcess, GetModuleHandleA, TerminateProcess, LoadResource, LockResource, GetSystemTimeAsFileTime, SetStdHandle, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, GetTimeFormatA, GetDateFormatA, GetStartupInfoA, GetCommandLineA, DeleteCriticalSection, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, TlsFree, SetLastError, TlsAlloc, UnhandledExceptionFilter, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, InitializeCriticalSection, GetFullPathNameA, GetCurrentDirectoryA, SetCurrentDirectoryA, GetStringTypeA, GetStringTypeW, SetEnvironmentVariableA, SetEnvironmentVariableW, VirtualProtect, GetSystemInfo, VirtualQuery, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, RaiseException, GetCurrentProcessId, HeapSize, CompareStringA, CompareStringW, GetFileInformationByHandle, PeekNamedPipe, HeapReAlloc, RemoveDirectoryA, GetDiskFreeSpaceA, CreateDirectoryA

> mpr.dll: WNetCloseEnum, WNetOpenEnumA, WNetEnumResourceA

> ole32.dll: ProgIDFromCLSID, CoCreateInstance, CLSIDFromProgID, CoGetInterfaceAndReleaseStream, OleUninitialize, OleInitialize

> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -

> shell32.dll: SHGetSpecialFolderLocation, Shell_NotifyIconA, SHBrowseForFolderA, SHFileOperationA, SHGetDesktopFolder, SHGetPathFromIDListA, SHGetMalloc, DragQueryPoint, DragQueryFileA, DragFinish, ExtractIconExA, ExtractIconA, FindExecutableA, ShellExecuteA, DragAcceptFiles

> user32.dll: DdeUnaccessData, DdeAccessData, DdeQueryStringA, DdeCreateDataHandle, DdeClientTransaction, DdeConnect, DdeCreateStringHandleA, DdeInitializeA, CallWindowProcA, SetKeyboardState, GetKeyboardState, ToAscii, ScrollDC, DrawIconEx, GetMessageA, GetWindowThreadProcessId, ClipCursor, GetSystemMetrics, FlashWindow, RedrawWindow, ShowScrollBar, WindowFromDC, CharLowerBuffA, CharLowerA, GetWindowDC, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, VkKeyScanA, GetKeyboardLayout, CopyAcceleratorTableA, MapVirtualKeyA, CallNextHookEx, GetCapture, CharUpperBuffA, SystemParametersInfoA, DefMDIChildProcA, GetMenuState, IsMenu, RemoveMenu, SetMenuItemInfoA, GetMenuItemInfoA, GetMenuItemID, TrackPopupMenu, GetMenuCheckMarkDimensions, RegisterWindowMessageA, SetWindowsHookExA, LoadAcceleratorsA, DispatchMessageA, TranslateMessage, TranslateMDISysAccel, TranslateAcceleratorA, IsDialogMessageA, GetForegroundWindow, LoadMenuA, PostQuitMessage, DefFrameProcA, RegisterClassExA, UnhookWindowsHookEx, ChildWindowFromPoint, ValidateRect, InvertRect, DefWindowProcA, DrawFrameControl, RegisterClassA, CreateIconIndirect, FindWindowExA, FindWindowA, OffsetRect, SetScrollInfo, EqualRect, DdeFreeDataHandle, SetActiveWindow, SetWindowLongA, SetMenu, GetCursorPos, GetFocus, GetAsyncKeyState, ClientToScreen, IsClipboardFormatAvailable, EmptyClipboard, SetClipboardData, OpenClipboard, EnumClipboardFormats, GetClipboardFormatNameA, CreateWindowExA, GetClipboardData, DestroyWindow, CloseClipboard, GetWindowTextLengthA, GetWindowTextA, WinHelpA, LoadStringA, MessageBeep, GetTopWindow, IsZoomed, GetActiveWindow, IsWindow, IsCharAlphaNumericA, GetDesktopWindow, IsIconic, GetDialogBaseUnits, SetDlgItemInt, GetDlgItemInt, GetSystemMenu, CheckMenuItem, LoadCursorA, SetCursor, CreatePopupMenu, DestroyMenu, GetMenu, GetSubMenu, GetMenuItemCount, DeleteMenu, AppendMenuA, DrawMenuBar, FrameRect, FillRect, SetWindowTextA, GetClientRect, DestroyIcon, LoadImageA, GetParent, DrawFocusRect, GetSysColor, CheckDlgButton, IsWindowEnabled, GetKeyState, IsDlgButtonChecked, PeekMessageA, MsgWaitForMultipleObjects, BeginPaint, EndPaint, SendMessageA, LoadBitmapA, InvalidateRect, UpdateWindow, KillTimer, EndDialog, SetRect, SetFocus, PostMessageA, PtInRect, DdeNameService, DdeUninitialize, DdeDisconnect, DdeFreeStringHandle, DialogBoxParamA, IsChild, InsertMenuA, ModifyMenuA, GetNextDlgTabItem, EnableMenuItem, ChildWindowFromPointEx, GetScrollPos, GetScrollRange, SetScrollPos, CreateMenu, LoadIconA, EnableWindow, ShowWindow, MoveWindow, SetWindowPos, SetTimer, wsprintfA, SetScrollRange, GetIconInfo, DrawIcon, GetDlgCtrlID, DrawTextA, SetCapture, ReleaseCapture, GetWindowPlacement, SetWindowPlacement, SetForegroundWindow, GetMenuStringA, CreateDialogParamA, GetWindow, CopyRect, SendDlgItemMessageA, GetDC, GetDlgItem, GetWindowRect, MapWindowPoints, ReleaseDC, IsWindowVisible, WindowFromPoint, ScreenToClient, GetWindowLongA, BringWindowToTop, GetClassNameA

> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

> winmm.dll: timeEndPeriod, timeSetEvent, timeKillEvent, mciGetErrorStringA, timeGetDevCaps, mixerClose, mixerSetControlDetails, mciGetDeviceIDA, mciSendStringA, timeBeginPeriod, sndPlaySoundA, mixerGetLineControlsA, mixerGetLineInfoA, mixerOpen, mixerGetControlDetailsA

> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

 

( 0 exports )

TrID : File type identification

Generic Win/DOS Executable (49.9%)

DOS Executable Generic (49.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

ThreatExpert: http://www.threatexpert.com/report.aspx?md...07b4e526da03d6d

ssdeep: 24576:Nu171jcC5n7rnCr7idVXDyAf3yz4yr3sjOGDhwYnywCM/6nfxJBUk/uzP5NCbi9+:eJzV4ZqywCMifxJBuv6X7CqT

PEiD : -

CWSandbox: http://research.sunbelt-software.com/partn...07b4e526da03d6d

RDS : NSRL Reference Data Set

-

[Manssur 0]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E4600 @ 2.40GHz )

BIOS : Award Modular BIOS v6.00PG

USER : Lucas ( Administrator )

BOOT : Fail-safe boot

Antivirus : AntiVir Desktop 9.0.1.26 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:298 Go (Free:145 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( ter 09/06/2009|13:05 )

C:\WINDOWS\iun6002.exe

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Arquivos de programas\AskBarDis\bar

Deletado! - C:\Arquivos de programas\AskBarDis\PopSwatter

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.dat

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.exe

Deletado! - C:\WINDOWS\iun6002.exe

Deletado! - C:\Arquivos de programas\AskBarDis

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(Lucas) - {87F8774F-B485-47E2-A755-A40A8A5E8873} => gbmzhuni

(Lucas) - {987311C6-B504-4aa2-90BF-60CC49808D42} => bugmenot

(Lucas) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd

(Lucas) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.plusnetwork.com"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Lucas\Dados de aplicativos\uTorrent\CorelDraw X4 + Keygen [blaze69].torrent

C:\DOCUME~1\Lucas\Dados de aplicativos\uTorrent\SporeCrack.torrent

C:\DOCUME~1\Lucas\Dados de aplicativos\uTorrent\[NTi]_Titan.Quest.v.1.30.NoDVD.CRACK-Unleashed.torrent

C:\DOCUME~1\Lucas\Desktop\Lucas\Mp3\Nanzinho - Relaxa No Crack.mp3

C:\DOCUME~1\Lucas\Meus documentos\GTA San Andreas User Files\User Tracks\Nanzinho - Relaxa No Crack.mp3

C:\DOCUME~1\Lucas\Meus documentos\Meus arquivos recebidos\D2 Keygens.rar

C:\DOCUME~1\Lucas\Meus documentos\Meus arquivos recebidos\Nanzinho - Relaxa No Crack.mp3

C:\DOCUME~1\Lucas\Recent\Nanzinho - Relaxa No Crack.lnk

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - ter 09/06/2009|13:07 - Option : [2]

 

-----------\\ Verificação completa em 13:07:46,28

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:20:28, on 9/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPAPI\MPAPI3s.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Arquivos de programas\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Arquivos de programas\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Arquivos de programas\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU\..\Run: [DLD.EXE] C:\Arquivos de programas\Download Direct\DLD.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Arquivos de programas\Arquivos comuns\BinarySense\hlAPP.dll" (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9a4c54db1d082) (gupdate1c9a4c54db1d082) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Arquivos de programas\Arquivos comuns\BinarySense\hldasvc.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10345 bytes

[PedroN 1]

Opa Manssur, Tenha uma boa tarde!

 

Vá em Iniciar > Executar e digite "combofix /u" sem aspas como mostra a imagem abaixo:

 

 

Aguarde a desinstalação do programa combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

• Atualize o Java.

• Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

• Faça download da última versão do Java Runtime Environment (JRE) 6u13.

• Localize: "Java Runtime Environment (JRE) 6 Update 13"

• Clique no botão Download.

• Marque a opção que diz: "Accept License Agreement"

• A página será atualizada!

• Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

• Feche o IE ou Firefox + Programas que estejam sendo executados.

• Vá em Iniciar --> Painel de Controle.

• Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

• Exemplos de antigas versões:

 

< > Java 2 Runtime Environment, SE v1.4.2

< > J2SE Runtime Environment 5.0

< > J2SE Runtime Environment 5.0 Update 6

 

• Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

• Clique no botão Remover ou Alterar/Remover.

• Repita quantas vezes for necessária,para remover cada versão do Java.

• Concluindo,reinicie o computador!

• Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

<><><><><><><><><><><><><><><>

• Ccrie um ponto limpo na Restauração do Sistema.

• Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

• Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

• Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

• Para maiores detalhes,leia o Tutorial: < Link >

 

Reinstale o TS.

 

Faça o download do ATF-Cleaner.exe

 

- Execute a Ferramenta ATF-Cleaner.exe. Marque a opção Select All e clique em Empty Selected. Aparecerá uma janela "Done Cleaning". Clique em OK e Exit.

 

- No mais seu log estar limpo!

 

Foi um prazêr.

[Manssur 0]

muito obrigado cara.

um ultimo pedido, voce opderia me esplicar oque fizemos e oque estava errado ? obrigado flw ..

[Manssur 0]

po cara..o erro persiste =/

[PedroN 1]

Manssur, o seu problema não se trata mais com malware. ;)

 

Ja o seu problema com o TS foi resolvido uma vez somente na reinstalação do programa como descrito neste tópico:

http://forum.imasters.com.br/index.php?showtopic=345731

 

Se o seu problema não for resolvido desta forma, lamentamos!, e mais uma coisa como seu problema não se trata mais de malware vamos ter que fechar este tópico!

 

Tem algum problema relacionado a malware ainda?

[Manssur 0]

creio que não ..