[Arquivado] Análise de Log....

[leandro aislan 0]

Poderiam analisar meu log?

O computador estava cheio de vírus poderiam verificar meu logo e me ajudar....

Como são computadores da firma sempre um funcionário acaba fazendo op que não deve, ja vim outras vezes aqui pedir ajuda em outros computadores....desculpe ficar todas vez pedindo ajuda....

Abraçossss

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:38:18, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe

C:\Mlpd\lpd.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe

C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater6\Adobe_Updater.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Cliente\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MochaSoft Lpd.lnk = C:\Mlpd\lpd.exe

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{451EAA7C-A74F-4635-B6E7-A4574AC3D087}: NameServer = 208.67.222.222,192.168.1.1

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 5411 bytes

[MGuitar 11]

- Faça o download do SDFix e salve no desktop;

 

● Dê um duplo clique no SDFix.exe e a ferramenta será instalada em C:\SDFix. Mas não o execute ainda;

● Reinicie seu computador seu computador em Modo de Segurança (segurando a tecla F8 durante a inicialização do sistema e escolhendo a opção Modo Seguro);

● Entre na pasta do SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat;

● Tecle Y para que a ferramenta inicie o processo de remoção;

● Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Faça isso. Seu computador será reiniciado automaticamente;

● Após reiniciar, a ferramenta ainda será executada novamente, irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla novamente;

● Uma janela com o relatório do SDFix irá aparecer;

● O log abrirá automaticamente para você. Estará salvo na pasta do SDFix com o nome Report.txt;

 

Faça um novo log do HijackThis e cole na sua próxima resposta, juntamente com o log do SDFix.

[leandro aislan 0]

Segue o log.

 

SDFix: Version 1.240

Run by Administrador on qui 07/02/aaaa at 17:12

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

Name :

ICF

 

Path :

C:\WINDOWS\system32\svchost.exe:ext.exe

 

ICF - Deleted

 

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-02 17:14:26

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"="C:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe:*:Enabled:nxclient"

"C:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"="C:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe:*:Enabled:nxssh"

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Mlpd\\lpd.exe"="C:\\Mlpd\\lpd.exe:*:Enabled:lpd Application"

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"="C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="C:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 20 Oct 2003 73,688 ..SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\Setup.exe"

Sat 24 Jan 2004 5,120 A.SHR --- "C:\Arquivos de programas\Autodesk\Autodesk DWF Viewer\_Setupx.dll"

 

Finished!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:17:51, on 2/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe

C:\Mlpd\lpd.exe

C:\Arquivos de programas\No-IP\DUC20.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Cliente\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MochaSoft Lpd.lnk = C:\Mlpd\lpd.exe

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{451EAA7C-A74F-4635-B6E7-A4574AC3D087}: NameServer = 208.67.222.222,192.168.1.1

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 5003 bytes

 

 

 

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[leandro aislan 0]

Outro fato curioso quando vou em configurações do sistema - inicializar, aparece uma lista grande com muitas coisas...

O arquivo que mais tem é uulo c:\uulo.exe SOFTAWARE\Microsoft\Windows\CurrentVersion\Run deve ter uns 40 ítem de inicialização deste programa.

Abraçossss

[MGuitar 11]

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

[leandro aislan 0]

Segue o log.....

 

ComboFix 09-07-02.02 - Cliente 03/07/2009 8:36.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.657 [GMT -3:00]

Executando de: c:\documents and settings\Cliente\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))

.

 

2009-07-03 11:06 . 2009-07-03 11:15 -------- d-----w- c:\windows\LastGood

2009-07-02 20:11 . 2009-07-02 20:11 -------- d-----w- c:\windows\ERUNT

2009-07-02 20:02 . 2009-07-02 20:15 -------- d-----w- C:\SDFix

2009-07-02 17:44 . 2009-07-02 17:46 -------- d-----w- C:\Fotoshop

2009-07-02 13:23 . 2009-06-23 14:06 245408 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll

2009-07-02 13:23 . 2009-04-05 17:26 8784 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll

2009-07-02 13:23 . 2009-04-05 17:26 71248 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe

2009-07-02 13:23 . 2009-02-19 14:38 2633728 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

2009-07-02 13:03 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-02 13:03 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-02 13:03 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-02 13:03 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Avira

2009-07-02 12:35 . 2007-06-22 00:35 180224 ----a-r- c:\windows\system32\igfxres.dll

2009-07-02 12:29 . 2008-04-14 12:00 86016 -c--a-w- c:\windows\system32\dllcache\metada51.dll

2009-07-02 12:28 . 2008-04-14 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll

2009-07-02 12:15 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-07-02 12:15 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-07-02 12:15 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-07-02 12:15 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-07-01 17:44 . 2009-07-01 17:44 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Yahoo!

2009-07-01 17:43 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Malwarebytes

2009-06-22 17:33 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-22 17:33 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-19 13:59 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Phone Browser

2009-06-19 13:57 . 2009-06-19 13:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2009-06-19 13:57 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Nokia

2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\DIFX

2009-06-19 13:57 . 2009-06-19 14:11 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\PC Suite

2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2009-06-19 13:57 . 2007-02-22 14:15 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-06-19 13:57 . 2007-06-21 09:21 23919704 ----a-r- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_US.exe

2009-06-19 13:56 . 2009-06-19 14:13 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe

2009-06-19 13:56 . 2009-06-19 14:13 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

2009-06-19 13:56 . 2009-06-19 14:13 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe

2009-06-19 13:56 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2009-06-18 18:30 . 2009-06-18 18:29 45056 ----a-w- c:\windows\system32\unredmon.exe

2009-06-18 18:30 . 2009-06-18 18:29 116224 ----a-w- c:\windows\system32\redmonnt.dll

2009-06-18 18:29 . 2009-06-18 18:29 -------- d-----w- C:\redmon

2009-06-18 18:27 . 2009-06-18 18:27 -------- d-----w- c:\arquivos de programas\Ghostgum

2009-06-18 18:22 . 2009-06-18 18:22 -------- d-----w- c:\arquivos de programas\gs

2009-06-18 18:08 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Autodesk

2009-06-18 18:07 . 2009-06-18 18:07 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2009-06-18 18:03 . 2009-06-18 18:58 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Autodesk

2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\AutoCAD 2005

2009-06-18 18:03 . 2009-06-18 18:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2009-06-18 18:00 . 2009-06-18 18:01 -------- d-----w- c:\windows\system32\URTTemp

2009-06-17 16:47 . 2009-07-02 09:13 -------- d-----w- c:\windows\l2schemas

2009-06-17 16:47 . 2009-06-17 16:47 -------- d-----w- c:\windows\system32\bits

2009-06-17 16:45 . 2009-06-17 16:47 -------- d-----w- c:\windows\ServicePackFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-03 11:38 . 2009-05-13 17:20 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Skype

2009-07-03 11:04 . 2009-05-13 17:24 -------- d-----w- c:\arquivos de programas\LogMeIn

2009-07-02 12:51 . 2001-10-28 18:07 61618 ----a-w- c:\windows\system32\perfc016.dat

2009-07-02 12:51 . 2001-10-28 18:07 413480 ----a-w- c:\windows\system32\perfh016.dat

2009-07-02 12:25 . 2009-05-11 17:36 23604 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-01 18:09 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost(3).exe

2009-07-01 18:09 . 2004-08-04 03:45 14336 ----a-w- c:\windows\system32\svchost(2).exe

2009-06-29 13:53 . 2009-05-11 18:35 -------- d-----w- c:\arquivos de programas\MSN Messenger

2009-05-27 20:52 . 2009-05-27 20:52 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-05-27 11:48 . 2009-05-27 11:48 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-20 15:36 . 2009-05-20 15:36 0 ----a-w- c:\windows\nsreg.dat

2009-05-13 17:46 . 2009-05-13 17:46 405504 ----a-w- c:\windows\lpduninstall.exe

2009-05-13 17:41 . 2009-05-13 17:41 -------- d-----w- c:\arquivos de programas\No-IP

2009-05-13 17:35 . 2009-05-13 17:35 -------- d-----w- c:\arquivos de programas\NX Client for Windows

2009-05-13 17:34 . 2009-05-13 17:33 -------- d-----w- c:\arquivos de programas\EditPlus 2

2009-05-13 17:31 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-05-13 17:30 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\HP

2009-05-13 17:25 . 2009-05-13 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogMeIn

2009-05-13 16:20 . 2009-05-13 16:20 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-05-13 16:20 . 2009-05-11 18:00 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-13 16:19 . 2009-05-13 12:33 -------- d-----w- c:\arquivos de programas\TP-LINK

2009-05-13 12:53 . 2009-05-11 17:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----r- c:\arquivos de programas\Skype

2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-05-11 18:53 . 2009-05-11 18:53 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-05-11 18:52 . 2009-05-11 18:52 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-05-11 18:51 . 2009-05-11 18:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-05-11 18:50 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Ahead

2009-05-11 18:49 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-05-11 18:27 . 2009-05-11 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-11 18:27 . 2009-05-11 18:27 -------- d-----w- c:\arquivos de programas\Java

2009-05-11 18:27 . 2009-05-11 18:27 152576 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-11 18:23 . 2009-05-11 18:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-05-11 18:12 . 2009-05-11 18:12 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-05-11 18:01 . 2009-05-11 18:00 -------- d-----w- c:\arquivos de programas\IDT

2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w- c:\arquivos de programas\Intel

2009-05-11 17:44 . 2009-05-11 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-11 17:39 . 2009-05-11 17:39 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Cliente\Menu Iniciar\Programas\Inicializar\

MochaSoft Lpd.lnk - c:\mlpd\lpd.exe [2009-5-13 405504]

No-IP DUC.lnk - c:\arquivos de programas\No-IP\DUC20.exe [2009-5-13 1172992]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

TL-WN321G Wireless Utility.lnk - c:\arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-5-13 622592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"VSS"=3 (0x3)

"usnjsvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"ServiceLayer"=3 (0x3)

"helpsvc"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Mlpd\\lpd.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2/7/2009 10:03 108289]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [13/5/2009 14:25 47640]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - BITS

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {451EAA7C-A74F-4635-B6E7-A4574AC3D087} = 208.67.222.222,192.168.1.1

FF - ProfilePath - c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\

FF - plugin: c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-03 08:45

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Tempo para conclusão: 2009-07-03 8:46

ComboFix-quarantined-files.txt 2009-07-03 11:46

 

Pré-execução: 10 pasta(s) 151.886.680.064 bytes disponíveis

Pós execução: 10 pasta(s) 151.915.716.608 bytes disponíveis

 

187 --- E O F --- 2009-06-22 20:53

[MGuitar 11]

Selecione e copie este conteúdo abaixo (começando de File). Cole dentro do bloco de notas de seu PC e salve-o no desktop como CFScript.txt

 

File::

c:\windows\system32\svchost(3).exe

c:\windows\system32\svchost(2).exe

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

[leandro aislan 0]

ComboFix 09-07-05.04 - Cliente 06/07/2009 17:41.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1015.597 [GMT -3:00]

Executando de: c:\documents and settings\Cliente\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Cliente\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\windows\system32\svchost(2).exe"

"c:\windows\system32\svchost(3).exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\system32\svchost(2).exe

c:\windows\system32\svchost(3).exe

 

----- BITS: Sites possivelmente infectados -----

 

hxxp://au.download.windowsupdate.cj+|Cv+@J:NGD_DQ{zcxLJS@uyS;:AV!Messenger Update.S-1-5-21-1844237615-1450960922-839522115-1003XtD$?

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-06 to 2009-07-06 ))))))))))))))))))))))))))))

.

 

2009-07-06 10:52 . 2009-07-06 10:52 -------- d-----w- c:\windows\LastGood

2009-07-03 11:26 . 2009-02-09 11:25 2193280 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-07-03 11:26 . 2009-02-09 11:25 2028032 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-07-03 11:26 . 2009-02-09 11:25 2149376 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-07-03 11:22 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-07-02 20:11 . 2009-07-02 20:11 -------- d-----w- c:\windows\ERUNT

2009-07-02 20:02 . 2009-07-02 20:15 -------- d-----w- C:\SDFix

2009-07-02 17:44 . 2009-07-02 17:46 -------- d-----w- C:\Fotoshop

2009-07-02 13:23 . 2009-06-23 14:06 245408 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\unicows.dll

2009-07-02 13:23 . 2009-04-05 17:26 8784 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll

2009-07-02 13:23 . 2009-04-05 17:26 71248 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe

2009-07-02 13:23 . 2009-02-19 14:38 2633728 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

2009-07-02 13:03 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-02 13:03 . 2009-03-24 19:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-02 13:03 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-02 13:03 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-07-02 13:03 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Avira

2009-07-02 12:35 . 2007-06-22 00:35 180224 ----a-r- c:\windows\system32\igfxres.dll

2009-07-02 12:29 . 2008-04-14 12:00 86016 -c--a-w- c:\windows\system32\dllcache\metada51.dll

2009-07-02 12:28 . 2008-04-14 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll

2009-07-02 12:15 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-07-02 12:15 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-07-02 12:15 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-07-02 12:15 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-07-01 17:44 . 2009-07-01 17:44 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Yahoo!

2009-07-01 17:43 . 2009-07-02 13:03 -------- d-----w- c:\arquivos de programas\Yahoo!

2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Malwarebytes

2009-06-22 17:33 . 2009-06-17 14:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-22 17:33 . 2009-06-22 17:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-06-22 17:33 . 2009-06-17 14:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-19 13:59 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Phone Browser

2009-06-19 13:57 . 2009-06-19 13:58 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2009-06-19 13:57 . 2009-06-19 13:59 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Nokia

2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\DIFX

2009-06-19 13:57 . 2009-06-19 14:11 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\PC Suite

2009-06-19 13:57 . 2009-06-19 13:57 -------- d-----w- c:\arquivos de programas\PC Connectivity Solution

2009-06-19 13:57 . 2007-02-22 14:15 90624 ----a-w- c:\windows\system32\nmwcdcls.dll

2009-06-19 13:57 . 2007-06-21 09:21 23919704 ----a-r- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_US.exe

2009-06-19 13:56 . 2009-06-19 14:13 8192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe

2009-06-19 13:56 . 2009-06-19 14:13 61440 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe

2009-06-19 13:56 . 2009-06-19 14:13 10240 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe

2009-06-19 13:56 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Installations

2009-06-18 18:30 . 2009-06-18 18:29 45056 ----a-w- c:\windows\system32\unredmon.exe

2009-06-18 18:30 . 2009-06-18 18:29 116224 ----a-w- c:\windows\system32\redmonnt.dll

2009-06-18 18:29 . 2009-06-18 18:29 -------- d-----w- C:\redmon

2009-06-18 18:27 . 2009-06-18 18:27 -------- d-----w- c:\arquivos de programas\Ghostgum

2009-06-18 18:22 . 2009-06-18 18:22 -------- d-----w- c:\arquivos de programas\gs

2009-06-18 18:08 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Autodesk

2009-06-18 18:07 . 2009-06-18 18:07 -------- d-----w- c:\arquivos de programas\AnswerWorks 4.0

2009-06-18 18:03 . 2009-06-18 18:58 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Autodesk

2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Autodesk Shared

2009-06-18 18:03 . 2009-06-18 18:08 -------- d-----w- c:\arquivos de programas\AutoCAD 2005

2009-06-18 18:03 . 2009-06-18 18:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk

2009-06-18 18:00 . 2009-06-18 18:01 -------- d-----w- c:\windows\system32\URTTemp

2009-06-17 16:47 . 2009-07-02 09:13 -------- d-----w- c:\windows\l2schemas

2009-06-17 16:47 . 2009-06-17 16:47 -------- d-----w- c:\windows\system32\bits

2009-06-17 16:45 . 2009-06-17 16:47 -------- d-----w- c:\windows\ServicePackFiles

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-06 20:37 . 2009-05-13 17:20 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Skype

2009-07-06 10:51 . 2009-05-13 17:24 -------- d-----w- c:\arquivos de programas\LogMeIn

2009-07-02 12:51 . 2001-10-28 18:07 61618 ----a-w- c:\windows\system32\perfc016.dat

2009-07-02 12:51 . 2001-10-28 18:07 413480 ----a-w- c:\windows\system32\perfh016.dat

2009-07-02 12:25 . 2009-05-11 17:36 23604 ----a-w- c:\windows\system32\emptyregdb.dat

2009-06-29 13:53 . 2009-05-11 18:35 -------- d-----w- c:\arquivos de programas\MSN Messenger

2009-05-27 20:52 . 2009-05-27 20:52 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-05-27 11:48 . 2009-05-27 11:48 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-20 15:36 . 2009-05-20 15:36 0 ----a-w- c:\windows\nsreg.dat

2009-05-13 17:46 . 2009-05-13 17:46 405504 ----a-w- c:\windows\lpduninstall.exe

2009-05-13 17:41 . 2009-05-13 17:41 -------- d-----w- c:\arquivos de programas\No-IP

2009-05-13 17:35 . 2009-05-13 17:35 -------- d-----w- c:\arquivos de programas\NX Client for Windows

2009-05-13 17:34 . 2009-05-13 17:33 -------- d-----w- c:\arquivos de programas\EditPlus 2

2009-05-13 17:31 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-05-13 17:30 . 2009-05-13 17:30 -------- d-----w- c:\arquivos de programas\HP

2009-05-13 17:25 . 2009-05-13 17:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\LogMeIn

2009-05-13 16:20 . 2009-05-13 16:20 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-05-13 16:20 . 2009-05-11 18:00 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-13 16:19 . 2009-05-13 12:33 -------- d-----w- c:\arquivos de programas\TP-LINK

2009-05-13 12:53 . 2009-05-11 17:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----r- c:\arquivos de programas\Skype

2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-05-11 18:53 . 2009-05-11 18:53 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-05-11 18:52 . 2009-05-11 18:52 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-05-11 18:51 . 2009-05-11 18:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-05-11 18:50 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Ahead

2009-05-11 18:49 . 2009-05-11 18:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ahead

2009-05-11 18:27 . 2009-05-11 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-11 18:27 . 2009-05-11 18:27 -------- d-----w- c:\arquivos de programas\Java

2009-05-11 18:27 . 2009-05-11 18:27 152576 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-11 18:23 . 2009-05-11 18:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-05-11 18:12 . 2009-05-11 18:12 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-05-11 18:01 . 2009-05-11 18:00 -------- d-----w- c:\arquivos de programas\IDT

2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w- c:\arquivos de programas\Intel

2009-05-11 17:44 . 2009-05-11 17:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-05-11 17:39 . 2009-05-11 17:39 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-05-11 17:37 . 2009-05-11 17:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-03_11.45.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-06 10:51 . 2009-07-06 10:51 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat

+ 2009-05-11 17:36 . 2008-10-16 17:08 34328 c:\windows\system32\wups.dll

+ 2009-05-11 18:00 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe

- 2009-05-11 18:00 . 2007-08-10 11:12 26488 c:\windows\system32\spupdsvc.exe

- 2009-05-11 18:18 . 2007-11-30 12:39 18296 c:\windows\system32\spmsg.dll

+ 2009-05-11 18:18 . 2008-07-09 07:34 18296 c:\windows\system32\spmsg.dll

+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe

- 2008-04-14 12:00 . 2005-01-28 04:21 96768 c:\windows\system32\logagent.exe

+ 2008-04-14 12:00 . 2008-06-10 08:52 96768 c:\windows\system32\logagent.exe

+ 2009-05-11 17:36 . 2008-10-16 17:08 34328 c:\windows\system32\dllcache\wups.dll

+ 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe

+ 2008-04-14 12:00 . 2008-06-10 08:52 96768 c:\windows\system32\dllcache\logagent.exe

- 2008-04-14 12:00 . 2005-01-28 04:21 96768 c:\windows\system32\dllcache\logagent.exe

+ 2008-04-14 12:00 . 2007-10-20 09:01 227328 c:\windows\system32\wmasf.dll

+ 2009-05-11 17:34 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2009-05-11 17:34 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2009-05-11 17:34 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll

+ 2008-04-14 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll

+ 2008-04-14 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe

+ 2008-04-14 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 286208 c:\windows\system32\pdh.dll

+ 2008-04-14 12:00 . 2009-03-06 14:20 286208 c:\windows\system32\pdh.dll

+ 2008-04-14 12:00 . 2009-02-09 10:53 730624 c:\windows\system32\ntdll.dll

+ 2008-04-14 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 337408 c:\windows\system32\netapi32.dll

+ 2008-04-14 12:00 . 2009-02-09 10:53 731648 c:\windows\system32\lsasrv.dll

+ 2008-04-14 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys

+ 2008-04-14 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys

+ 2008-04-14 12:00 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys

+ 2009-05-11 17:35 . 2008-04-21 21:15 216064 c:\windows\system32\dllcache\wordpad.exe

+ 2009-05-11 17:34 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2009-05-11 17:34 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll

+ 2008-04-14 12:00 . 2007-10-20 09:01 227328 c:\windows\system32\dllcache\wmasf.dll

+ 2008-04-14 12:00 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2008-04-14 12:00 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys

+ 2008-04-14 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\dllcache\services.exe

+ 2008-04-14 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll

+ 2008-04-14 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys

- 2008-04-14 12:00 . 2008-04-14 12:00 286208 c:\windows\system32\dllcache\pdh.dll

+ 2008-04-14 12:00 . 2009-03-06 14:20 286208 c:\windows\system32\dllcache\pdh.dll

+ 2008-04-14 12:00 . 2009-02-09 10:53 730624 c:\windows\system32\dllcache\ntdll.dll

+ 2008-04-14 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 337408 c:\windows\system32\dllcache\netapi32.dll

- 2009-05-11 17:36 . 2008-04-14 12:00 331776 c:\windows\system32\dllcache\msadce.dll

+ 2009-05-11 17:36 . 2008-05-01 14:36 331776 c:\windows\system32\dllcache\msadce.dll

+ 2008-04-14 12:00 . 2009-02-09 10:53 731648 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-05-11 17:34 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll

+ 2008-04-14 12:00 . 2009-02-09 10:53 683520 c:\windows\system32\dllcache\advapi32.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 683520 c:\windows\system32\dllcache\advapi32.dll

+ 2008-04-14 12:00 . 2009-02-09 10:53 683520 c:\windows\system32\advapi32.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 683520 c:\windows\system32\advapi32.dll

+ 2009-07-03 11:22 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys

- 2009-05-11 19:24 . 2008-04-15 17:49 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll

+ 2009-07-03 11:24 . 2008-04-15 17:49 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll

+ 2008-04-14 12:00 . 2008-06-10 10:07 2376760 c:\windows\system32\WMVCore.dll

+ 2008-04-14 12:00 . 2007-04-30 11:20 5537792 c:\windows\system32\wmp.dll

+ 2008-04-14 12:00 . 2008-06-10 09:28 1028096 c:\windows\system32\WMNetmgr.dll

+ 2008-04-14 12:00 . 2009-02-09 11:25 2149376 c:\windows\system32\ntoskrnl.exe

- 2008-04-14 12:00 . 2008-04-14 12:00 2149376 c:\windows\system32\ntoskrnl.exe

+ 2008-04-13 19:00 . 2009-02-09 11:25 2028032 c:\windows\system32\ntkrnlpa.exe

- 2008-04-13 19:00 . 2008-04-14 12:00 2028032 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-14 12:00 . 2008-09-04 17:16 1106944 c:\windows\system32\msxml3.dll

+ 2008-04-14 12:00 . 2008-06-10 10:07 2376760 c:\windows\system32\dllcache\WMVCore.dll

+ 2008-04-14 12:00 . 2007-04-30 11:20 5537792 c:\windows\system32\dllcache\wmp.dll

+ 2008-04-14 12:00 . 2008-06-10 09:28 1028096 c:\windows\system32\dllcache\WMNetmgr.dll

+ 2009-02-10 22:07 . 2009-02-10 22:07 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-04-14 12:00 . 2008-09-04 17:16 1106944 c:\windows\system32\dllcache\msxml3.dll

+ 2009-07-03 11:26 . 2009-02-09 11:25 2193280 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-07-03 11:26 . 2009-02-09 11:25 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2009-02-10 22:07 . 2009-02-10 22:07 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-07-03 11:26 . 2009-02-09 11:25 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Cliente\Menu Iniciar\Programas\Inicializar\

MochaSoft Lpd.lnk - c:\mlpd\lpd.exe [2009-5-13 405504]

No-IP DUC.lnk - c:\arquivos de programas\No-IP\DUC20.exe [2009-5-13 1172992]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

TL-WN321G Wireless Utility.lnk - c:\arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe [2009-5-13 622592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"VSS"=3 (0x3)

"usnjsvc"=3 (0x3)

"TapiSrv"=3 (0x3)

"ServiceLayer"=3 (0x3)

"helpsvc"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

"aswUpdSv"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Mlpd\\lpd.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [2/7/2009 10:03 108289]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [13/5/2009 14:25 47640]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {451EAA7C-A74F-4635-B6E7-A4574AC3D087} = 208.67.222.222,192.168.1.1

FF - ProfilePath - c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\

FF - plugin: c:\documents and settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\vbvmn4io.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-06 17:52

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\windows\system32\igfxdev.dll

.

Tempo para conclusão: 2009-07-06 17:53

ComboFix-quarantined-files.txt 2009-07-06 20:53

ComboFix2.txt 2009-07-03 11:46

 

Pré-execução: 10 pasta(s) 151.736.041.472 bytes disponíveis

Pós execução: 10 pasta(s) 151.729.020.928 bytes disponíveis

 

279 --- E O F --- 2009-07-03 20:52

 

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:15:31, on 8/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe

C:\Documents and Settings\Cliente\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MochaSoft Lpd.lnk = C:\Mlpd\lpd.exe

O4 - Startup: No-IP DUC.lnk = C:\Arquivos de programas\No-IP\DUC20.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\..\{451EAA7C-A74F-4635-B6E7-A4574AC3D087}: NameServer = 208.67.222.222,192.168.1.1

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 4914 bytes

[MGuitar 11]

Vá em Iniciar > Executar, digite ComboFix /u e dê um OK para remover a ferramenta.

 

Execute o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O log está limpo.

 

Algum problema ainda?

[leandro aislan 0]

Ontem ainda o antri virus estava bem doido....

Vou postar o log aqui...

Sendo ligado em rede com outro computador teriamos que fazer a limpeza dos 2??

Abraçosssss

 

 

 

Avira AntiVir Personal

Report file date: quinta-feira, 9 de julho de 2009 16:17

 

Scanning for 1485149 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : M4151

 

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/aaaa 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/aaaa 13:14:47

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 14:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 15:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 14:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/aaaa 13:08:19

ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 7/8/aaaa 19:16:07

ANTIVIR3.VDF : 7.1.4.203 93696 Bytes 7/8/aaaa 19:16:10

Engineversion : 8.2.0.204

AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/aaaa 15:52:04

AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/2/aaaa 13:10:02

AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/aaaa 15:02:01

AERDL.DLL : 8.1.2.2 438642 Bytes 7/2/aaaa 13:09:57

AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/aaaa 20:07:20

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/2/aaaa 13:09:48

AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/2/aaaa 13:09:45

AEHELP.DLL : 8.1.3.6 205174 Bytes 7/2/aaaa 13:09:00

AEGEN.DLL : 8.1.1.48 348532 Bytes 7/2/aaaa 13:08:56

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/aaaa 18:32:40

AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/aaaa 20:07:20

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/aaaa 18:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 12:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 14:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 18:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 14:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 19:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 14:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 19:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 12:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 14:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/aaaa 19:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 14:19:48

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: quarta-feira, 8 de julho de 2009 16:17

 

Starting search for hidden objects.

'26754' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avnotify.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'ibserver.exe' - '1' Module(s) have been scanned

Scan process 'ibguard.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'stacsv.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'DUC20.exe' - '1' Module(s) have been scanned

Scan process 'lpd.exe' - '1' Module(s) have been scanned

Scan process 'TWCU.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ramaint.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

36 processes with 36 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '54' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\Cliente\Desktop\ComboFix.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\n.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000249.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000250.exe

[DETECTION] Contains recognition pattern of the WORM/AutoIt.BP worm

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000251.exe

[DETECTION] Is the TR/Spy.Gen Trojan

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000252.exe

[DETECTION] Is the TR/Spy.Gen Trojan

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000253.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001838.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001923.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

 

Beginning disinfection:

C:\Documents and Settings\Cliente\Desktop\ComboFix.exe

[NOTE] The file was moved to '4ac1f524.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000249.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '4a84f4e6.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000250.exe

[DETECTION] Contains recognition pattern of the WORM/AutoIt.BP worm

[NOTE] The file was moved to '4bf06d5f.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000251.exe

[DETECTION] Is the TR/Spy.Gen Trojan

[NOTE] The file was moved to '4bedf9ef.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000252.exe

[DETECTION] Is the TR/Spy.Gen Trojan

[NOTE] The file was moved to '4bf15567.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP2\A0000253.exe

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[NOTE] The file was moved to '4bfc4c3f.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001838.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

[NOTE] The file was moved to '4bfd3447.qua'!

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP4\A0001923.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

[NOTE] The file was moved to '4bfe3c8f.qua'!

 

 

End of the scan: quarta-feira, 8 de julho de 2009 16:34

Used time: 15:31 Minute(s)

 

The scan has been done completely.

 

2948 Scanned directories

227813 Files were scanned

8 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

8 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

227804 Files not concerned

1039 Archives were scanned

1 Warnings

9 Notes

26754 Objects were scanned with rootkit scan

0 Hidden objects were found

[leandro aislan 0]

Este é o scam de hoje logo após executar o que pediu....

 

 

Avira AntiVir Personal

Report file date: sexta-feira, 10 de julho de 2009 08:18

 

Scanning for 1501656 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : M4151

 

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/aaaa 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/aaaa 13:14:47

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/aaaa 14:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/aaaa 15:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/aaaa 14:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/aaaa 16:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/aaaa 13:08:19

ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 7/8/aaaa 19:16:07

ANTIVIR3.VDF : 7.1.4.216 333824 Bytes 7/10/aaaa 11:16:14

Engineversion : 8.2.0.204

AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/aaaa 15:52:04

AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/2/aaaa 13:10:02

AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/aaaa 15:02:01

AERDL.DLL : 8.1.2.2 438642 Bytes 7/2/aaaa 13:09:57

AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/aaaa 20:07:20

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/2/aaaa 13:09:48

AEHEUR.DLL : 8.1.0.137 1823095 Bytes 7/2/aaaa 13:09:45

AEHELP.DLL : 8.1.3.6 205174 Bytes 7/2/aaaa 13:09:00

AEGEN.DLL : 8.1.1.48 348532 Bytes 7/2/aaaa 13:08:56

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/aaaa 18:32:40

AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/aaaa 20:07:20

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/aaaa 18:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/aaaa 12:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/aaaa 14:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/aaaa 18:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/aaaa 14:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/aaaa 19:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/aaaa 14:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/aaaa 19:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/aaaa 12:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/aaaa 14:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/aaaa 19:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/aaaa 14:19:48

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\arquivos de programas\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: sexta-feira, 10 de julho de 2009 08:18

 

Starting search for hidden objects.

'27161' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'msconfig.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'NXWin.exe' - '1' Module(s) have been scanned

Scan process 'nxssh.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'DUC20.exe' - '1' Module(s) have been scanned

Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned

Scan process 'lpd.exe' - '1' Module(s) have been scanned

Scan process 'TWCU.exe' - '1' Module(s) have been scanned

Scan process 'ibserver.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'stacsv.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned

Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned

Scan process 'ramaint.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'ibguard.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

37 processes with 37 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '53' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP9\A0002537.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\n.pif

[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)

 

Beginning disinfection:

C:\System Volume Information\_restore{A8122E49-0B9D-4BAE-8B3E-19BFC9FF306E}\RP9\A0002537.exe

[NOTE] The file was moved to '4a872880.qua'!

 

 

End of the scan: sexta-feira, 10 de julho de 2009 08:38

Used time: 15:48 Minute(s)

 

The scan has been done completely.

 

2971 Scanned directories

228111 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

228109 Files not concerned

1031 Archives were scanned

1 Warnings

2 Notes

27161 Objects were scanned with rootkit scan

0 Hidden objects were found

[MGuitar 11]

Ontem ainda o antri virus estava bem doido....

Vou postar o log aqui...

Não é vírus. O Avira está detectando os arquivos do ComboFix - falso-positivo. Basta limpar a pasta da restauração do sistema que os alertas irão parar.

 

Vá em Iniciar > Executar, digite sysdm.cpl e dê um OK. Clique na aba Restauração do Sistema, marque a opção Desativar restauração do sistema > OK. Após isto, volte neste mesmo local e desmarque a opção.

 

Sendo ligado em rede com outro computador teriamos que fazer a limpeza dos 2??

Se já estava ligado quando fazíamos a limpeza deste PC, terá que limpar os outros dois sim. Se ligou os dois computadores na rede agora, não há necessidade.

[leandro aislan 0]

Sim estava ligado enquanto faziamos a limpeza.....

Devo postar um novo log aqui ou abro um novo tópico???

[leandro aislan 0]

Segue o log do outro computador.......

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:43:34, on 13/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe

C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe

C:\Documents and Settings\Asafer\Meus documentos\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: hpdj00 - HP - C:\DOCUME~1\Asafer\CONFIG~1\Temp\hpdj00.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8853 bytes

[MGuitar 11]

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

[leandro aislan 0]

Logfile of random's system information tool 1.06 (written by random/random)

Run by Asafer at 2009-07-14 09:06:58

Microsoft Windows XP Professional Service Pack 3

System drive C: has 35 GB (70%) free of 50 GB

Total RAM: 2047 MB (61% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:07:06, on 14/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\NXCLIE~1\bin\NXWin.exe

C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Asafer\Desktop\RSIT.exe

C:\Documents and Settings\Asafer\Meus documentos\Asafer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8745 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{CA683917-B656-44F2-9D5E-06FFC81B47C9}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-17 1062184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-05-28 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-28 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016]

"LanguageShortcut"=C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]

"LogMeIn GUI"=C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-05-28 148888]

"avgnt"=C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

"SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

"Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2007-08-17 23120680]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\ARQUIV~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\Arquivos de programas\GbPlugin\gbieh.dll [2009-06-18 302368]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programa de transferência de arquivos"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\NX Client for Windows\nxclient.exe"="C:\Arquivos de programas\NX Client for Windows\nxclient.exe:*:Enabled:nxclient"

"C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe"="C:\Arquivos de programas\NX Client for Windows\bin\nxssh.exe:*:Enabled:nxssh"

"C:\Arquivos de programas\Java\jre6\bin\java.exe"="C:\Arquivos de programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======File associations======

 

.scr - open - "C:\WINDOWS\notepad.exe" "%1"

.scr - install -

.scr - config -

 

======List of files/folders created in the last 1 months======

 

2009-07-14 09:06:58 ----D---- C:\rsit

2009-07-13 11:06:27 ----D---- C:\3840

2009-07-06 17:50:56 ----D---- C:\WINDOWS\ERUNT

2009-07-06 17:50:09 ----D---- C:\WINDOWS\CSC

2009-07-06 17:45:32 ----D---- C:\SDFix

2009-07-02 08:57:59 ----D---- C:\MSNCleaner

2009-06-30 16:22:57 ----D---- C:\Arquivos de programas\Steam

2009-06-22 13:35:34 ----D---- C:\Arquivos de programas\Programas SPED

 

======List of files/folders modified in the last 1 months======

 

2009-07-14 09:07:00 ----D---- C:\WINDOWS\Prefetch

2009-07-14 08:45:05 ----D---- C:\Documents and Settings\Asafer\Dados de aplicativos\Skype

2009-07-14 08:21:03 ----D---- C:\WINDOWS\temp

2009-07-14 08:07:17 ----D---- C:\Arquivos de programas\LogMeIn

2009-07-14 07:55:59 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-07-14 07:44:47 ----D---- C:\WINDOWS

2009-07-14 07:43:02 ----SD---- C:\WINDOWS\Tasks

2009-07-14 07:40:19 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-14 07:39:53 ----D---- C:\WINDOWS\system32

2009-07-14 07:39:34 ----AD---- C:\WINDOWS\system32\drivers

2009-07-13 17:48:53 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-13 16:20:47 ----HD---- C:\WINDOWS\inf

2009-07-13 16:20:47 ----D---- C:\Arquivos de programas\Windows Live Safety Center

2009-07-13 11:10:46 ----D---- C:\WINDOWS\system32\CatRoot

2009-07-13 11:10:20 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-07-13 11:09:36 ----A---- C:\WINDOWS\hpdj3840.ini

2009-07-13 11:09:21 ----SHD---- C:\WINDOWS\Installer

2009-07-13 11:09:21 ----HD---- C:\Config.Msi

2009-07-13 11:09:21 ----D---- C:\Arquivos de programas\Hewlett-Packard

2009-07-13 11:05:48 ----D---- C:\ncs

2009-07-13 08:02:13 ----D---- C:\Arquivos de programas\GbPlugin

2009-07-09 10:53:30 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2009-07-08 09:01:53 ----AC---- C:\WINDOWS\win.ini

2009-07-02 17:21:29 ----RASH---- C:\boot.ini

2009-07-02 17:21:29 ----A---- C:\WINDOWS\system.ini

2009-07-02 08:21:37 ----D---- C:\LinhaDefensiva

2009-07-02 08:18:55 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-30 16:22:57 ----RD---- C:\Arquivos de programas

2009-06-26 11:46:03 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-06-22 08:59:35 ----D---- C:\WINDOWS\network diagnostic

2009-06-16 08:14:33 ----D---- C:\WINDOWS\Debug

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-27 55640]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2007-05-28 116176]

R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2007-05-28 381056]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Asafer\CONFIG~1\Temp\catchme.sys []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2007-05-28 235100]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-02-17 58288]

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-02-17 8336]

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-02-17 94064]

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-02-17 85408]

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-02-17 83344]

S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2007-05-29 54784]

R2 GbpSv;Gbp Service; C:\ARQUIV~1\GbPlugin\GbpSv.exe [2009-05-13 53320]

R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-05-28 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WinDefend;Windows Defender; C:\Arquivos de programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

S2 LMIMaint;LogMeIn Maintenance Service; C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]

S2 LogMeIn;LogMeIn; C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 NBService;NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

 

-----------------EOF-----------------------------------

 

 

 

info.txt logfile of random's system information tool 1.06 2009-07-14 09:07:09

 

======Uninstall list======

 

-->C:\Arquivos de programas\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Lightroom 2.3-->MsiExec.exe /I{7CBD8A89-45F4-4203-9923-673F72603747}

Adobe Reader 8.1.4 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81300000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Advanced WindowsCare 2.41 Personal-->"C:\Arquivos de programas\IObit\Advanced WindowsCare V2\unins000.exe"

Assistente de Conexão do Windows Live-->MsiExec.exe /I{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}

Atualização Crítica para o Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Atualização para Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Atualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Atualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

AutoCAD 2004-->MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}

Autodesk Express Viewer-->C:\ARQUIV~1\Autodesk\AUTODE~1\Setup.exe /remove

Automac-->C:\Automac\UNWISE.EXE C:\Automac\INSTALL.LOG

Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Cobrança de Títulos-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{2CD24956-0074-4FA9-BA7D-21719839C161}\Setup.exe" -l0x416 Uninstall

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Dream Aquarium-->"C:\Arquivos de programas\Dream Aquarium\UnInstall.exe"

DVD Suite-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

EditPlus 2-->C:\Arquivos de programas\EditPlus 2\remove.exe

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

HijackThis 2.0.2-->"C:\Documents and Settings\Asafer\Meus documentos\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Customer Participation Program 9.0-->C:\Arquivos de programas\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 9.0-->C:\Arquivos de programas\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart All-In-One Software 9.0-->C:\Arquivos de programas\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat

HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}

HP Solution Center 9.0-->C:\Arquivos de programas\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

Intel® PRO Network Connections Drivers-->Prounstl.exe

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

LightModem 3.0-->"C:\Arquivos de programas\DLink\Modem\fw\unins000.exe"

LogMeIn-->MsiExec.exe /I{A75107A3-DB3A-4224-80EB-42F1ED13372B}

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.0.11)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1046}

No-IP.com DUC (remove only)-->"C:\Arquivos de programas\No-IP\DUC20.exe" -uninstall

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

NX Client for Windows 3.3.0-6-->"C:\Arquivos de programas\NX Client for Windows\unins000.exe"

Plugin JRE - Pentium IV-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{49015D1F-3596-11D6-9142-0002B30FBDFA}\Setup.exe" Uninstall

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

SafeCast Shared Components-->C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sistema Simplificado de Cobrança Itaú 2.00-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{D5940AE3-7244-11D6-BAB7-00010332BA5B}\Setup.exe"

Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SoundMAX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x416

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}

Windows Live Mail-->MsiExec.exe /I{852E74A9-74F1-4F71-BE3E-991A48EF232D}

Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Arquivos de programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

 

======Hosts File======

 

127.0.0.1 localhost

 

======Security center information======

 

AV: AntiVir Desktop

 

======System event log======

 

Computer Name: ASAFER

Event Code: 7036

Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.

 

Record Number: 24613

Source Name: Service Control Manager

Time Written: 20090527114341.000000-180

Event Type: Informações

User:

 

Computer Name: ASAFER

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

 

Record Number: 24612

Source Name: Service Control Manager

Time Written: 20090527114340.000000-180

Event Type: Informações

User:

 

Computer Name: ASAFER

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

 

Record Number: 24611

Source Name: Service Control Manager

Time Written: 20090527114340.000000-180

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

 

Computer Name: ASAFER

Event Code: 7036

Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

 

Record Number: 24610

Source Name: Service Control Manager

Time Written: 20090527114339.000000-180

Event Type: Informações

User:

 

Computer Name: ASAFER

Event Code: 7035

Message: O serviço Gerenciador de conexão de acesso remoto recebeu com êxito um controle Iniciar.

 

Record Number: 24609

Source Name: Service Control Manager

Time Written: 20090527114339.000000-180

Event Type: Informações

User: ASAFER\Asafer

 

=====Application event log=====

 

Computer Name: ASAFER-662CB9E6

Event Code: 103

Message: msnmsgr (3688) \\.\C:\Documents and Settings\Asafer\Configurações locais\Dados de aplicativos\Microsoft\Messenger\leandro_777@vista.aero\SharingMetadata\Working\database_68A0_C273_A0C2_4772\dfsr.db: O mecanismo de banco de dados interrompeu uma instância (0).

 

Record Number: 212

Source Name: ESENT

Time Written: 20090113221818.000000-180

Event Type: Informações

User:

 

Computer Name: ASAFER-662CB9E6

Event Code: 1000

Message: Os contadores de desempenho para o serviço Outlook (Outlook) foram carregados com êxito.

A página 'Registrar dados' contém os novos valores de índice atribuídos

ao serviço.

 

Record Number: 211

Source Name: LoadPerf

Time Written: 20090113221555.000000-180

Event Type: Informações

User:

 

Computer Name: ASAFER-662CB9E6

Event Code: 2002

Message: O arquivo MOF criado para o serviço Outlook não pôde ser carregado. O

código de erro retornado pelo Compilador MOF está contido na página 'Registrar dados'.

Antes que os contadores de desempenho deste serviço possam ser coletados pelo WMI,

o arquivo MOF precisará ser carregado manualmente. Contate o fornecedor desse

serviço para obter informações adicionais.

 

Record Number: 210

Source Name: LoadPerf

Time Written: 20090113221555.000000-180

Event Type: aviso

User:

 

Computer Name: ASAFER-662CB9E6

Event Code: 1001

Message: Os contadores de desempenho para o serviço outlook (outlook) foram removidos com êxito.

A página 'Registrar dados' contém os novos valores das entradas

Last Counter e Last Help do Registro do sistema.

 

Record Number: 209

Source Name: LoadPerf

Time Written: 20090113221541.000000-180

Event Type: Informações

User:

 

Computer Name: ASAFER-662CB9E6

Event Code: 1000

Message: Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00150227.

 

Record Number: 208

Source Name: Microsoft Office 11

Time Written: 20090113221451.000000-180

Event Type: Erro

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0409

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[MGuitar 11]

Por favor, rode o ComboFix nesta máquina conforme passei na instrução anterior.

 

Poste o log dele em sua próxima resposta.

[leandro aislan 0]

ComboFix 09-07-14.07 - Asafer 15/07/2009 8:06.7.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1565 [GMT -3:00]

Executando de: c:\documents and settings\Asafer\Desktop\Segurança\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Asafer\Desktop\CFScript.txt.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\52b01b6.msp

c:\windows\Installer\52b01cc.msp

c:\windows\Installer\52b01e2.msp

c:\windows\Installer\d1218f.msi

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))

.

 

2009-07-15 10:49 . 2009-07-15 10:49 -------- d-----w- c:\windows\LastGood

2009-07-14 12:06 . 2009-07-14 12:07 -------- d-----w- C:\rsit

2009-07-13 14:06 . 2009-07-13 14:06 -------- d-----w- C:\3840

2009-07-09 11:14 . 2009-07-09 11:18 -------- d-----w- c:\documents and settings\Asafer\DoctorWeb

2009-07-06 20:51 . 2009-07-06 20:51 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-07-06 20:50 . 2009-07-06 20:50 -------- d-----w- c:\windows\ERUNT

2009-07-06 20:45 . 2009-07-06 20:58 -------- d-----w- C:\SDFix

2009-07-02 11:57 . 2009-07-02 11:58 -------- d-----w- C:\MSNCleaner

2009-06-30 19:22 . 2009-07-09 20:27 -------- d-----w- c:\arquivos de programas\Steam

2009-06-22 16:35 . 2009-06-22 16:35 -------- d-----w- c:\arquivos de programas\Programas SPED

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-15 10:47 . 2009-05-07 17:06 -------- d-----w- c:\documents and settings\Asafer\Dados de aplicativos\Skype

2009-07-15 10:46 . 2009-05-07 17:56 -------- d-----w- c:\arquivos de programas\LogMeIn

2009-07-15 10:46 . 2007-06-13 14:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-07-13 19:20 . 2007-05-29 19:25 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-07-13 14:09 . 2007-06-04 10:56 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-07-13 11:02 . 2007-06-13 14:09 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-09 20:53 . 2009-05-27 11:22 1984508 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-09 20:53 . 2009-05-27 11:22 169252896 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-02 11:18 . 2008-09-17 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-15 22:19 . 2009-02-02 16:30 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-06-08 19:20 . 2009-06-08 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-06-08 19:17 . 2009-06-08 19:17 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-05-28 18:05 . 2009-05-28 18:05 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-28 18:05 . 2009-05-28 18:05 -------- d-----w- c:\arquivos de programas\Java

2009-05-28 18:02 . 2009-05-28 18:02 0 ----a-w- c:\windows\system32\REN25.tmp

2009-05-28 18:02 . 2009-05-28 18:02 0 ----a-w- c:\windows\system32\REN24.tmp

2009-05-25 19:53 . 2008-09-12 10:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-25 14:24 . 2009-05-25 14:24 2967799 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-13 17:23 . 2009-05-13 17:23 28271376 ----a-w- C:\3840_ptb_win2k_xp.exe

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-27 10:34 . 2009-04-20 12:24 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-04-27 10:34 . 2009-04-20 12:24 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-16 12:22 . 2001-10-28 15:07 62474 ----a-w- c:\windows\system32\perfc016.dat

2009-04-16 12:22 . 2001-10-28 15:07 416384 ----a-w- c:\windows\system32\perfh016.dat

2009-06-19 16:33 . 2009-05-07 17:09 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2007-08-17 23120680]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-28 148888]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/4/2009 09:24 108289]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [13/6/2007 11:09 53320]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/5/2009 14:56 47640]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/2/2009 13:30 27056]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [9/8/2007 07:39 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [9/8/2007 07:39 85696]

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2/4/2008 12:37 58288]

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2/4/2008 12:37 8336]

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2/4/2008 12:37 94064]

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2/4/2008 12:37 85408]

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2/4/2008 12:37 83344]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

 

2009-07-14 c:\windows\Tasks\User_Feed_Synchronization-{CA683917-B656-44F2-9D5E-06FFC81B47C9}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-15 08:10

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\wininet.dll

.

Tempo para conclusão: 2009-07-15 8:11

ComboFix-quarantined-files.txt 2009-07-15 11:11

 

Pré-execução: 16 pasta(s) 36.587.884.544 bytes disponíveis

Pós execução: 16 pasta(s) 36.722.860.032 bytes disponíveis

 

160 --- E O F --- 2009-07-14 10:43

[MGuitar 11]

Selecione e copie o texto abaixo. Cole no bloco de notas do PC e salve no desktop como CFScript.txt

 

File::

c:\windows\system32\REN25.tmp

c:\windows\system32\REN24.tmp

Folder::

C:\rsit

C:\SDFix

C:\MSNCleaner

 

KillAll::

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

● Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

[leandro aislan 0]

ComboFix 09-07-19.04 - Asafer 20/07/2009 8:00.8.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1492 [GMT -3:00]

Executando de: c:\documents and settings\Asafer\Desktop\Segurança\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Asafer\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

* Criado um novo ponto de restauração

 

FILE ::

"c:\windows\system32\REN24.tmp"

"c:\windows\system32\REN25.tmp"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\MSNCleaner

c:\msncleaner\MSNCleaner_02_07-8_58_04.txt

C:\rsit

c:\rsit\info.txt

c:\rsit\log.txt

C:\SDFix

c:\sdfix\Add_DBFix_RunOnce_key.inf

c:\sdfix\apps\assosfix.reg

c:\sdfix\apps\Cghtme.exe

c:\sdfix\apps\cliptext.exe

c:\sdfix\apps\DBFix.inf

c:\sdfix\apps\download.exe

c:\sdfix\apps\dummy.sys

c:\sdfix\apps\Enable_Command_Prompt.inf

c:\sdfix\apps\Enable_Command_Prompt.reg

c:\sdfix\apps\ERDNT.E_E

c:\sdfix\apps\ERDNTDOS.LOC

c:\sdfix\apps\ERDNTWIN.LOC

c:\sdfix\apps\ERUNT.EXE

c:\sdfix\apps\ERUNT.LOC

c:\sdfix\apps\fix.reg

c:\sdfix\apps\FixBeep.reg

c:\sdfix\apps\FixBH.reg

c:\sdfix\apps\FixComponents.reg

c:\sdfix\apps\FIXCU.reg

c:\sdfix\apps\FIXLM.reg

c:\sdfix\apps\FixPath.exe

c:\sdfix\apps\FixRedir.reg

c:\sdfix\apps\FixSchedule.reg

c:\sdfix\apps\FixWebCheck.reg

c:\sdfix\apps\fixXP.reg

c:\sdfix\apps\FixXPsp2.reg

c:\sdfix\apps\grep.exe

c:\sdfix\apps\HaxdFix.reg

c:\sdfix\apps\HPFix.reg

c:\sdfix\apps\HPFix2.reg

c:\sdfix\apps\HPFix3.reg

c:\sdfix\apps\HPFix4.reg

c:\sdfix\apps\HPFix5.reg

c:\sdfix\apps\HPFix6.reg

c:\sdfix\apps\HPFix7.reg

c:\sdfix\apps\HPFix8.reg

c:\sdfix\apps\HPFix9.reg

c:\sdfix\apps\Installed.txt

c:\sdfix\apps\isadmin.exe

c:\sdfix\apps\leg2.txt

c:\sdfix\apps\legacy.txt

c:\sdfix\apps\legacybk.txt

c:\sdfix\apps\locate.com

c:\sdfix\apps\LS.exe

c:\sdfix\apps\MD5File.exe

c:\sdfix\apps\moveex.exe

c:\sdfix\apps\MyGcpvFix.reg

c:\sdfix\apps\MyGkFix2.reg

c:\sdfix\apps\Process.exe

c:\sdfix\apps\procs.exe

c:\sdfix\apps\psservice.exe

c:\sdfix\apps\Rem.txt

c:\sdfix\apps\Rem2.txt

c:\sdfix\apps\Replace\regedit.exe

c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT

c:\sdfix\apps\Replace\w2k\beep.sys

c:\sdfix\apps\Replace\w2k\command.com

c:\sdfix\apps\Replace\w2k\command.PIF

c:\sdfix\apps\Replace\w2k\CONFIG.NT

c:\sdfix\apps\Replace\w2k\null.sys

c:\sdfix\apps\Replace\xp\AUTOEXEC.NT

c:\sdfix\apps\Replace\xp\beep.sys

c:\sdfix\apps\Replace\xp\command.com

c:\sdfix\apps\Replace\xp\command.PIF

c:\sdfix\apps\Replace\xp\CONFIG.NT

c:\sdfix\apps\Replace\xp\null.sys

c:\sdfix\apps\Reset_AppInit_DLLs.reg

c:\sdfix\apps\RestartIt!.exe

c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg

c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg

c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg

c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg

c:\sdfix\apps\Restore_SecurityCenter.reg

c:\sdfix\apps\Restore_SharedAccess.reg

c:\sdfix\apps\sc.exe

c:\sdfix\apps\sed.exe

c:\sdfix\apps\SF.exe

c:\sdfix\apps\shutdown.exe

c:\sdfix\apps\srv2.txt

c:\sdfix\apps\srv2bk.txt

c:\sdfix\apps\svc.txt

c:\sdfix\apps\svcbk.txt

c:\sdfix\apps\Swreg.exe

c:\sdfix\apps\swsc.exe

c:\sdfix\apps\UnRAR.exe

c:\sdfix\apps\unzip.exe

c:\sdfix\apps\vfind.exe

c:\sdfix\apps\WINMSG.EXE

c:\sdfix\apps\winsec.reg

c:\sdfix\apps\zip.exe

c:\sdfix\backups\backupreg.zip

c:\sdfix\backups\catchme.log

c:\sdfix\backups\HOSTS

c:\sdfix\catchme.exe

c:\sdfix\DBFix.bat

c:\sdfix\dummy.sys

c:\sdfix\Report.txt

c:\sdfix\RunThis.bat

c:\sdfix\SDFIX_ReadMe_Online.url

c:\sdfix\W2K_VirusAlert_Repair.inf

c:\sdfix\XP_VirusAlert_Repair.inf

c:\windows\system32\REN24.tmp

c:\windows\system32\REN25.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-20 to 2009-07-20 ))))))))))))))))))))))))))))

.

 

2009-07-13 14:06 . 2009-07-13 14:06 -------- d-----w- C:\3840

2009-07-09 11:14 . 2009-07-09 11:18 -------- d-----w- c:\documents and settings\Asafer\DoctorWeb

2009-07-06 20:51 . 2009-07-06 20:51 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-07-06 20:50 . 2009-07-06 20:50 -------- d-----w- c:\windows\ERUNT

2009-06-22 16:35 . 2009-06-22 16:35 -------- d-----w- c:\arquivos de programas\Programas SPED

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-20 11:06 . 2009-05-07 17:06 -------- d-----w- c:\documents and settings\Asafer\Dados de aplicativos\Skype

2009-07-17 19:39 . 2007-05-29 19:25 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center

2009-07-17 10:44 . 2007-06-13 14:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-07-15 10:46 . 2009-05-07 17:56 -------- d-----w- c:\arquivos de programas\LogMeIn

2009-07-13 14:09 . 2007-06-04 10:56 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2009-07-13 11:02 . 2007-06-13 14:09 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-07-09 20:53 . 2009-05-27 11:22 1984508 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-07-09 20:53 . 2009-05-27 11:22 169252896 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-07-02 11:18 . 2008-09-17 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:39 . 2001-10-28 15:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 22:19 . 2009-02-02 16:30 27056 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-06-08 19:20 . 2009-06-08 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-06-08 19:17 . 2009-06-08 19:17 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-06-03 19:10 . 2004-08-04 03:45 1295872 ----a-w- c:\windows\system32\quartz.dll

2009-05-28 18:05 . 2009-05-28 18:05 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-28 18:05 . 2009-05-28 18:05 -------- d-----w- c:\arquivos de programas\Java

2009-05-25 19:53 . 2008-09-12 10:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-05-25 14:24 . 2009-05-25 14:24 2967799 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-13 17:23 . 2009-05-13 17:23 28271376 ----a-w- C:\3840_ptb_win2k_xp.exe

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-27 10:34 . 2009-04-20 12:24 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-04-27 10:34 . 2009-04-20 12:24 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-06-19 16:33 . 2009-05-07 17:09 134648 ----a-w- c:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-15_11.10.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-20 11:04 . 2009-07-20 11:04 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat

+ 2009-06-16 14:39 . 2009-06-16 14:39 81920 c:\windows\system32\dllcache\fontsub.dll

+ 2007-05-29 00:14 . 2009-07-20 11:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-05-29 00:14 . 2009-07-15 10:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-05-29 00:14 . 2009-07-15 10:46 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2007-05-29 00:14 . 2009-07-20 11:04 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2007-05-29 00:14 . 2009-07-15 10:46 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2007-05-29 00:14 . 2009-07-20 11:04 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2007-05-29 00:22 . 2009-07-15 15:02 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-06-16 14:39 . 2009-06-16 14:39 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2007-05-29 00:22 . 2009-07-15 15:02 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2007-05-29 00:22 . 2009-07-15 15:02 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2007-05-29 00:22 . 2009-06-12 15:06 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-05-07 05:11 . 2009-06-03 19:10 1295872 c:\windows\system32\dllcache\quartz.dll

+ 2009-06-30 14:30 . 2009-06-30 14:30 5520384 c:\windows\Installer\ea7d02.msp

+ 2007-05-29 14:02 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2007-08-17 23120680]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"SoundMAXPnP"="c:\arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]

"LogMeIn GUI"="c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-28 148888]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2009-06-18 21:00 302368 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 23:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\nxclient.exe"=

"c:\\Arquivos de programas\\NX Client for Windows\\bin\\nxssh.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/4/2009 09:24 108289]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [13/6/2007 11:09 53320]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [24/7/2008 18:46 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [7/5/2009 14:56 47640]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2/2/2009 13:30 27056]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [9/8/2007 07:39 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [9/8/2007 07:39 85696]

S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [2/4/2008 12:37 58288]

S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [2/4/2008 12:37 8336]

S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [2/4/2008 12:37 94064]

S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [2/4/2008 12:37 85408]

S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [2/4/2008 12:37 83344]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-07-20 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

 

2009-07-20 c:\windows\Tasks\User_Feed_Synchronization-{CA683917-B656-44F2-9D5E-06FFC81B47C9}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.terra.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - component: c:\documents and settings\Asafer\Dados de aplicativos\Mozilla\Firefox\Profiles\7tszqf0e.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-20 08:05

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(700)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\wininet.dll

 

- - - - - - - > 'explorer.exe'(2768)

c:\windows\system32\WININET.dll

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

c:\windows\system32\PortableDeviceApi.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

c:\arquivos de programas\LogMeIn\x86\LMIGuardian.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-20 8:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-20 11:10

ComboFix2.txt 2009-07-15 11:11

 

Pré-execução: 16 pasta(s) 36.473.323.520 bytes disponíveis

Pós execução: 13 pasta(s) 36.642.643.968 bytes disponíveis

 

332 --- E O F --- 2009-07-17 11:08

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:13:48, on 20/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Asafer\Meus documentos\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8418 bytes