[Resolvido!] paginas que abrem sozinhas

[vagasil 0]

Já a algum tempo estão aparecendo paginas indesejadas quando acesso a internet, e por possuir o antivírus Panda Internet Security 2009, consultei o suporte técnico deles e apesar de várias tentativas em que meu PC foi verificado com ferramentas como Spybot, Ad-Aware, RegSeeker e outras tantas, o problema continua. Não sei mais o que fazer, mas desisti de consultar o suporte da Panda e resolvi tentar solucionar o problema com ajuda deste fórum, pois sou leigo e já vi que em alguns casos a situação foi resolvida? Segue o arquivo gerado pelo HijackThis. Espero ajuda. Obrigado.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:59:01, on 4/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsImSvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PskSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\pavsrv51.exe

c:\arquivos de programas\panda security\panda internet security 2009\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\WebProxy.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PavBckPT.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\psimreal.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Walter\Meus documentos\Meus arquivos recebidos\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\Inicio.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Deaf anti locks long] C:\Documents and Settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [platformthe] C:\DOCUME~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251299429375

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\pavsrv51.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PskSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\TPSrv.exe

 

--

End of file - 8777 bytes

[DigRam 144]

Bom Dia! vagasil

 

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

 

 

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

 

 

<@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena.

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[vagasil 0]

Antes de mais nada obrigado pela atenção.

Embora tenha dado um aviso do Panda(script bloqueado), após o procedimento resultou em um arquivo do Lop que segue:

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( s b 05/09/2009| 0:23 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\Walter\Cookies\walter@www.adserver5[1].txt

Deletado! - C:\DOCUME~1\Walter\Cookies\walter@advertising.marketnetwork[1].txt

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[07/05/2009|21:18] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

 

[03/09/2009|11:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\{83C91755-2546-441D-AC40-9A6B4B860800}

[06/07/2009|23:33] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[16/07/2009|17:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Backup

[26/08/2009|17:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

[04/08/2009|09:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[07/05/2009|22:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[16/07/2009|17:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Panda Security

[04/08/2009|10:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Program Eq Deaf Anti

[03/09/2009|11:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[15/08/2009|10:33] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[13/07/2009|18:48] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Ubisoft

[07/05/2009|22:17] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

 

[07/05/2009|21:18] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[07/05/2009|21:18] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[07/05/2009|21:18] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[18/07/2009|14:10] C:\DOCUME~1\Walter\DADOSD~1\Adobe

[07/07/2009|21:01] C:\DOCUME~1\Walter\DADOSD~1\Ahead

[20/07/2009|18:04] C:\DOCUME~1\Walter\DADOSD~1\Help

[07/05/2009|21:22] C:\DOCUME~1\Walter\DADOSD~1\Identities

[13/08/2009|20:25] C:\DOCUME~1\Walter\DADOSD~1\longlinkcash

[07/05/2009|22:19] C:\DOCUME~1\Walter\DADOSD~1\Macromedia

[28/07/2009|20:32] C:\DOCUME~1\Walter\DADOSD~1\Media Player Classic

[26/08/2009|16:36] C:\DOCUME~1\Walter\DADOSD~1\Microsoft

[07/07/2009|20:02] C:\DOCUME~1\Walter\DADOSD~1\Mozilla

[16/07/2009|17:17] C:\DOCUME~1\Walter\DADOSD~1\Panda Security

[14/07/2009|21:13] C:\DOCUME~1\Walter\DADOSD~1\SecuROM

[25/08/2009|15:59] C:\DOCUME~1\Walter\DADOSD~1\TeamViewer

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[02/09/2009 17:16][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[05/09/2009 00:15][--a------] C:\WINDOWS\tasks\OGALogon.job

[05/09/2009 00:15][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 14:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[14/07/2009|19:55] C:\Arquivos de programas\Activision

[06/07/2009|23:32] C:\Arquivos de programas\Adobe

[13/07/2009|18:31] C:\Arquivos de programas\AGEIA Technologies

[01/08/2009|11:57] C:\Arquivos de programas\Ares

[26/07/2009|10:09] C:\Arquivos de programas\Arquivos comuns

[07/05/2009|22:18] C:\Arquivos de programas\call_5

[14/07/2009|21:29] C:\Arquivos de programas\Codemasters

[14/07/2009|22:00] C:\Arquivos de programas\CyberLink

[07/07/2009|20:14] C:\Arquivos de programas\damnation

[07/07/2009|10:29] C:\Arquivos de programas\D-Tools

[14/07/2009|20:58] C:\Arquivos de programas\Electronic Arts

[07/05/2009|21:30] C:\Arquivos de programas\IDT

[27/08/2009|12:26] C:\Arquivos de programas\InstallShield Installation Information

[26/08/2009|17:14] C:\Arquivos de programas\Internet Explorer

[06/07/2009|23:21] C:\Arquivos de programas\K-Lite Codec Pack

[03/09/2009|11:02] C:\Arquivos de programas\Lavasoft

[13/08/2009|20:25] C:\Arquivos de programas\longlinkcash

[27/08/2009|14:43] C:\Arquivos de programas\Marcos Velasco Security

[14/07/2009|19:45] C:\Arquivos de programas\Medal of Honor Airborne

[26/08/2009|12:43] C:\Arquivos de programas\Messenger

[27/08/2009|15:10] C:\Arquivos de programas\Messenger Plus! Live

[26/07/2009|10:29] C:\Arquivos de programas\Microsoft

[07/05/2009|21:19] C:\Arquivos de programas\microsoft frontpage

[06/07/2009|22:52] C:\Arquivos de programas\Microsoft Office

[06/07/2009|22:52] C:\Arquivos de programas\Microsoft Visual Studio

[06/07/2009|22:54] C:\Arquivos de programas\Microsoft Works

[06/07/2009|22:52] C:\Arquivos de programas\Microsoft.NET

[26/08/2009|12:41] C:\Arquivos de programas\Movie Maker

[04/09/2009|20:17] C:\Arquivos de programas\Mozilla Firefox

[26/08/2009|16:41] C:\Arquivos de programas\MSBuild

[07/05/2009|21:16] C:\Arquivos de programas\MSN Gaming Zone

[13/07/2009|15:51] C:\Arquivos de programas\MSXML 4.0

[07/05/2009|22:10] C:\Arquivos de programas\Nero

[26/08/2009|12:39] C:\Arquivos de programas\NetMeeting

[26/08/2009|16:45] C:\Arquivos de programas\Outlook Express

[27/08/2009|12:14] C:\Arquivos de programas\Panda Security

[25/07/2009|16:19] C:\Arquivos de programas\QuickTime

[26/08/2009|16:41] C:\Arquivos de programas\Reference Assemblies

[07/05/2009|21:17] C:\Arquivos de programas\Servi‡os on-line

[03/09/2009|11:02] C:\Arquivos de programas\Spybot - Search & Destroy

[27/08/2009|12:45] C:\Arquivos de programas\Ubisoft

[07/05/2009|21:22] C:\Arquivos de programas\Uninstall Information

[03/09/2009|11:02] C:\Arquivos de programas\Unlocker

[14/07/2009|21:49] C:\Arquivos de programas\Valve

[26/07/2009|10:40] C:\Arquivos de programas\Windows Live

[26/07/2009|10:29] C:\Arquivos de programas\Windows Live SkyDrive

[13/07/2009|18:31] C:\Arquivos de programas\Windows Media Connect 2

[26/08/2009|12:39] C:\Arquivos de programas\Windows Media Player

[26/08/2009|12:39] C:\Arquivos de programas\Windows NT

[07/05/2009|21:17] C:\Arquivos de programas\WindowsUpdate

[27/08/2009|14:40] C:\Arquivos de programas\WinRAR

[07/05/2009|21:19] C:\Arquivos de programas\xerox

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[06/07/2009|23:32] C:\Arquivos de programas\Arquivos comuns\Adobe

[07/05/2009|22:10] C:\Arquivos de programas\Arquivos comuns\Ahead

[06/07/2009|22:52] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[07/05/2009|21:53] C:\Arquivos de programas\Arquivos comuns\InstallShield

[26/07/2009|10:29] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[07/05/2009|21:17] C:\Arquivos de programas\Arquivos comuns\MSSoap

[07/05/2009|18:12] C:\Arquivos de programas\Arquivos comuns\ODBC

[16/07/2009|17:13] C:\Arquivos de programas\Arquivos comuns\Panda Security

[07/05/2009|21:17] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[07/05/2009|18:12] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[26/08/2009|12:39] C:\Arquivos de programas\Arquivos comuns\System

[26/07/2009|10:09] C:\Arquivos de programas\Arquivos comuns\Windows Live

[14/07/2009|19:50] C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

 

--------------------\\ Process

 

( 46 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-05 00:24:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Walter\Desktop\Minijogos\ATARI\Roms - 503\Crackpot.bin

C:\DOCUME~1\Walter\Desktop\Minijogos\Informativos de minijogos\Informativos e seriais diversos\Seriais e cracks.doc

C:\DOCUME~1\Walter\Meus documentos\Jogos\jogos\Renegado\crack

C:\DOCUME~1\Walter\Meus documentos\Jogos\jogos\Renegado\crack2

C:\DOCUME~1\Walter\Meus documentos\Jogos\jogos\Renegado\crack\game.exe

C:\DOCUME~1\Walter\Meus documentos\Jogos\jogos\Renegado\crack2\game.exe

C:\DOCUME~1\Walter\Meus documentos\Meus arquivos recebidos\Call_Of_Juarez_Bound_In_Blood_(Crack_+_Serials).torrent

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\01 - Vibe Tribe - Wise Cracks.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\02 - Vibe Tribe - Dream Catcher.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\03 - Vibe Tribe - Carousel.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\04 - Vibe Tribe - Three Quarters.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\05 - Vibe Tribe - LFObia.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\06 - Vibe Tribe - The Brain.B.Q.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\07 - Vibe Tribe - Bad Habbits.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\08 - Vibe Tribe - Pulse.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\09 - Vibe Tribe - Memories.mp3

C:\DOCUME~1\Walter\Meus documentos\My Shared Folder\e-music\Vibe Tribe - Wise Cracks\10 - X-Noize - The Sperminator (Vibe Tribe Rmx).mp3

C:\DOCUME~1\Walter\Recent\Call_Of_Juarez_Bound_In_Blood_(Crack_+_Serials).lnk

C:\DOCUME~1\Walter\Recent\Crack e serial.lnk

C:\DOCUME~1\Walter\Recent\Crack.lnk

C:\DOCUME~1\Walter\Recent\DamnationCrack_TheKMaker.com.lnk

 

 

[F:96][D:8]-> C:\DOCUME~1\Walter\CONFIG~1\Temp

[F:92][D:0]-> C:\DOCUME~1\Walter\Cookies

[F:7627][D:23]-> C:\DOCUME~1\Walter\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - s b 05/09/2009| 0:25 - Option : [2]

 

--------------------\\ Verificação completa em 0:25:31

 

 

O arquivo do Hijacthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:30:02, on 5/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsCtrls.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsImSvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PskSvc.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

c:\arquivos de programas\panda security\panda internet security 2009\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\WebProxy.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PavBckPT.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Walter\Meus documentos\Meus arquivos recebidos\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\Inicio.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Deaf anti locks long] C:\Documents and Settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [platformthe] C:\DOCUME~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251299429375

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\pavsrv51.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\PskSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Arquivos de programas\Panda Security\Panda Internet Security 2009\TPSrv.exe

 

--

End of file - 8395 bytes

[DigRam 144]

Bom Dia! vagasil

 

<!> Desabilite seu antivírus ou firewall,e repita o scan com o Lop S&D.

<!> Poste seu relatório.

<><><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[vagasil 0]

Seguem os arquivos:

 

ComboFix 09-09-04.01 - Walter 05/09/2009 1:03.1.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1551 [GMT -3:00]

Executando de: c:\documents and settings\Walter\Meus documentos\Meus arquivos recebidos\ComboFix.exe

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\1b01423.msi

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))

.

 

2009-09-05 03:21 . 2009-09-05 03:53 -------- d-----w- C:\Lop SD

2009-09-03 13:52 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Unlocker

2009-08-28 14:52 . 2009-08-28 14:52 -------- d-----w- C:\LinhaDefensiva

2009-08-27 17:43 . 2009-08-27 17:43 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-08-27 13:55 . 2009-09-03 14:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-27 13:55 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-26 19:41 . 2009-08-26 19:41 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-26 19:41 . 2009-08-26 19:41 -------- d-----w- c:\arquivos de programas\MSBuild

2009-08-26 19:41 . 2009-08-26 19:41 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-08-26 19:40 . 2009-08-26 19:40 -------- d-----w- C:\1c4d6337081a178ada8b98ab4d

2009-08-26 19:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-26 19:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-26 19:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-26 19:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-26 19:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-26 19:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-26 19:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-26 19:04 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-26 17:58 . 2009-09-03 14:02 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-08-26 17:58 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Lavasoft

2009-08-26 17:58 . 2009-08-26 20:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-08-26 17:08 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-08-26 17:08 . 2008-05-09 10:55 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll

2009-08-26 17:08 . 2008-05-09 10:55 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

2009-08-26 17:08 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-08-26 17:08 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-08-26 17:08 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-08-26 17:08 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-08-26 15:53 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-08-26 15:41 . 2009-08-26 15:41 -------- d-----w- c:\windows\system32\bits

2009-08-26 15:41 . 2009-08-26 15:41 -------- d-----w- c:\windows\l2schemas

2009-08-26 15:39 . 2009-08-26 15:41 -------- d-----w- c:\windows\ServicePackFiles

2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\TeamViewer

2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\documents and settings\Walter\temp

2009-08-15 13:32 . 2009-08-15 13:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-08-13 23:25 . 2009-08-13 23:25 -------- d-----w- c:\arquivos de programas\longlinkcash

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-05 03:50 . 2009-09-05 03:50 0 ----a-w- c:\windows\RAVTC.TMP

2009-09-05 03:19 . 2001-10-28 17:07 82712 ----a-w- c:\windows\system32\perfc016.dat

2009-09-05 03:19 . 2001-10-28 17:07 476436 ----a-w- c:\windows\system32\perfh016.dat

2009-08-28 23:46 . 2009-07-06 01:34 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-28 23:45 . 2009-07-06 01:33 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-27 18:10 . 2009-07-26 13:39 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-08-27 15:45 . 2009-07-13 21:41 -------- d-----w- c:\arquivos de programas\Ubisoft

2009-08-27 15:26 . 2009-05-08 00:29 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-08-27 15:14 . 2009-07-16 20:17 -------- d-----w- c:\arquivos de programas\Panda Security

2009-08-13 23:25 . 2009-07-26 13:40 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\longlinkcash

2009-08-05 09:00 . 2004-08-04 02:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 13:02 . 2009-07-26 13:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Program Eq Deaf Anti

2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-08-01 14:57 . 2009-08-01 14:57 -------- d-----w- c:\arquivos de programas\Ares

2009-08-01 14:57 . 2009-08-01 14:56 2374583 ----a-w- c:\arquivos de programas\aresregular211_installer.exe

2009-07-29 04:36 . 2004-08-04 02:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 17:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-28 23:32 . 2009-07-28 23:32 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\Media Player Classic

2009-07-26 13:40 . 2009-07-26 13:28 -------- d-----w- c:\arquivos de programas\Windows Live

2009-07-26 13:29 . 2009-07-26 13:29 -------- d-----w- c:\arquivos de programas\Microsoft

2009-07-26 13:29 . 2009-07-26 13:29 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-07-26 13:09 . 2009-07-26 13:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-07-25 19:19 . 2009-07-25 19:19 -------- d-----w- c:\arquivos de programas\QuickTime

2009-07-17 19:03 . 2004-08-04 02:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-16 20:17 . 2009-07-16 20:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Backup

2009-07-16 20:13 . 2009-07-16 20:13 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Panda Security

2009-07-15 01:00 . 2009-05-08 00:53 -------- d-----w- c:\arquivos de programas\CyberLink

2009-07-15 00:49 . 2009-07-15 00:47 -------- d-----w- c:\arquivos de programas\Valve

2009-07-15 00:29 . 2009-07-07 13:12 -------- d-----w- c:\arquivos de programas\Codemasters

2009-07-15 00:13 . 2009-07-15 00:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-15 00:13 . 2009-07-15 00:13 -------- d--h--r- c:\documents and settings\Walter\Dados de aplicativos\SecuROM

2009-07-15 00:04 . 2009-07-06 01:34 22328 ----a-w- c:\documents and settings\Walter\Dados de aplicativos\PnkBstrK.sys

2009-07-15 00:04 . 2009-07-06 01:33 669184 ----a-w- c:\windows\system32\pbsvc.exe

2009-07-15 00:04 . 2009-07-06 01:33 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-07-14 23:58 . 2009-07-14 23:58 -------- d-----w- c:\arquivos de programas\Electronic Arts

2009-07-14 22:55 . 2009-07-06 01:22 -------- d-----w- c:\arquivos de programas\Activision

2009-07-14 22:50 . 2009-07-07 13:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-07-14 22:45 . 2009-07-14 22:42 -------- d---a-w- c:\arquivos de programas\Medal of Honor Airborne

2009-07-14 02:43 . 2004-08-04 02:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 21:48 . 2009-07-13 21:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft

2009-07-13 21:31 . 2009-07-07 02:12 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-07-13 21:31 . 2009-07-07 13:27 -------- d-----w- c:\arquivos de programas\AGEIA Technologies

2009-07-13 18:51 . 2009-07-13 18:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-07-08 00:01 . 2009-05-08 01:19 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\Ahead

2009-07-07 23:14 . 2009-07-07 13:30 -------- d-----w- c:\arquivos de programas\damnation

2009-07-07 23:02 . 2009-07-07 23:02 0 ----a-w- c:\windows\nsreg.dat

2009-07-07 13:29 . 2009-07-07 13:29 -------- d-----w- c:\arquivos de programas\D-Tools

2009-06-29 15:58 . 2004-08-04 02:45 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 02:45 78336 ------w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 02:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:27 . 2004-08-04 02:45 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 02:45 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 02:45 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 02:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 02:45 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 02:45 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 00:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-15 10:44 . 2004-08-04 02:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2004-08-04 02:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2004-08-04 02:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2009-05-08 00:15 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 02:45 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"platformthe"="c:\docume~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe" [2009-08-13 499712]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\arquivos de programas\IDT\WDM\sttray.exe" [2008-07-21 442433]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-07-25 413696]

"Deaf anti locks long"="c:\documents and settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe" [2009-09-05 733184]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Codemasters\\Damnation\\Binaries\\DamnGame.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [16/7/2009 17:14 28544]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [7/7/2009 19:41 41144]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [7/7/2009 19:41 179640]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/5/2009 21:40 38176]

R4 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [16/7/2009 17:17 197888]

R4 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\Drivers\WNMFLT.SYS --> c:\windows\system32\Drivers\WNMFLT.SYS [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-05 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Walter\Dados de aplicativos\Mozilla\Firefox\Profiles\48swl8f0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-05 01:05

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1068)

c:\windows\SYSTEM32\avldr.dll

.

Tempo para conclusão: 2009-09-05 1:06

ComboFix-quarantined-files.txt 2009-09-05 04:06

 

Pré-execução: 8 pasta(s) 234.153.996.288 bytes disponíveis

Pós execução: 8 pasta(s) 234.223.005.696 bytes disponíveis

 

197 --- E O F --- 2009-08-27 12:36

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:10:58, on 5/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Panda Security\PavShld\pavprsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Walter\Meus documentos\Meus arquivos recebidos\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Deaf anti locks long] C:\Documents and Settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe

O4 - HKCU\..\Run: [platformthe] C:\DOCUME~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251299429375

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

 

--

End of file - 5732 bytes

[DigRam 144]

Bom Dia! vagasil

 

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no desktop,com o nome: CFScript.txt

 

File::

C:\Documents and Settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe

C:\DOCUME~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe

Folder::

C:\Documents and Settings\All Users\Dados de aplicativos\Program Eq Deaf Anti

C:\DOCUME~1\Walter\DADOSD~1\LONGLI~1

C:\LinhaDefensiva

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"platformthe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Deaf anti locks long"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000000

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[vagasil 0]

Seguem os arquivos:

ComboFix 09-09-04.02 - Walter 05/09/2009 9:53.2.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1676 [GMT -3:00]

Executando de: c:\documents and settings\Walter\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Walter\Desktop\CFScript.txt.txt

 

FILE ::

"c:\docume~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe"

"c:\documents and settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\Walter\DADOSD~1\LONGLI~1

c:\docume~1\Walter\DADOSD~1\LONGLI~1\bikeballglobal.exe

c:\docume~1\Walter\DADOSD~1\LONGLI~1\BowsCool.exe

c:\docume~1\Walter\DADOSD~1\LONGLI~1\pwfhbyqv.exe

c:\documents and settings\All Users\Dados de aplicativos\Program Eq Deaf Anti

c:\documents and settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.dat

c:\documents and settings\All Users\Dados de aplicativos\Program Eq Deaf Anti\Mfcd Stop.exe

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\QUA\backup.reg

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-appdata

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-md5

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-reg

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\reflist\reg-proxy

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\2009-08-28.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-05 to 2009-09-05 ))))))))))))))))))))))))))))

.

 

2009-09-05 03:21 . 2009-09-05 03:53 -------- d-----w- C:\Lop SD

2009-09-03 13:52 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Unlocker

2009-08-27 17:43 . 2009-08-27 17:43 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-08-27 13:55 . 2009-09-03 14:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-08-27 13:55 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-08-26 19:41 . 2009-08-26 19:41 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-26 19:41 . 2009-08-26 19:41 -------- d-----w- c:\arquivos de programas\MSBuild

2009-08-26 19:41 . 2009-08-26 19:41 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-08-26 19:40 . 2009-08-26 19:40 -------- d-----w- C:\1c4d6337081a178ada8b98ab4d

2009-08-26 19:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-26 19:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-26 19:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-26 19:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-26 19:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-26 19:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-26 19:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-26 19:04 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-26 17:58 . 2009-09-03 14:02 -------- dc-h--w- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-08-26 17:58 . 2009-09-03 14:02 -------- d-----w- c:\arquivos de programas\Lavasoft

2009-08-26 17:58 . 2009-08-26 20:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-08-26 17:08 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2009-08-26 17:08 . 2008-05-09 10:55 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll

2009-08-26 17:08 . 2008-05-09 10:55 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

2009-08-26 17:08 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2009-08-26 17:08 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2009-08-26 17:08 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2009-08-26 17:08 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2009-08-26 15:53 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-08-26 15:41 . 2009-08-26 15:41 -------- d-----w- c:\windows\system32\bits

2009-08-26 15:41 . 2009-08-26 15:41 -------- d-----w- c:\windows\l2schemas

2009-08-26 15:39 . 2009-08-26 15:41 -------- d-----w- c:\windows\ServicePackFiles

2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\TeamViewer

2009-08-25 18:59 . 2009-08-25 18:59 -------- d-----w- c:\documents and settings\Walter\temp

2009-08-15 13:32 . 2009-08-15 13:33 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-08-13 23:25 . 2009-08-13 23:25 -------- d-----w- c:\arquivos de programas\longlinkcash

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-05 12:43 . 2001-10-28 17:07 82712 ----a-w- c:\windows\system32\perfc016.dat

2009-09-05 12:43 . 2001-10-28 17:07 476436 ----a-w- c:\windows\system32\perfh016.dat

2009-09-05 12:39 . 2009-07-16 20:17 -------- d-----w- c:\arquivos de programas\Panda Security

2009-09-05 12:39 . 2009-05-08 00:29 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-08-28 23:46 . 2009-07-06 01:34 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-28 23:45 . 2009-07-06 01:33 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-27 18:10 . 2009-07-26 13:39 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-08-27 15:45 . 2009-07-13 21:41 -------- d-----w- c:\arquivos de programas\Ubisoft

2009-08-05 09:00 . 2004-08-04 02:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 18:07 . 2009-08-03 18:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 18:07 . 2009-08-03 18:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 18:07 . 2009-08-03 18:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-08-01 14:57 . 2009-08-01 14:57 -------- d-----w- c:\arquivos de programas\Ares

2009-08-01 14:57 . 2009-08-01 14:56 2374583 ----a-w- c:\arquivos de programas\aresregular211_installer.exe

2009-07-29 04:36 . 2004-08-04 02:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 17:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-28 23:32 . 2009-07-28 23:32 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\Media Player Classic

2009-07-26 13:40 . 2009-07-26 13:28 -------- d-----w- c:\arquivos de programas\Windows Live

2009-07-26 13:29 . 2009-07-26 13:29 -------- d-----w- c:\arquivos de programas\Microsoft

2009-07-26 13:29 . 2009-07-26 13:29 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-07-26 13:09 . 2009-07-26 13:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-07-25 19:19 . 2009-07-25 19:19 -------- d-----w- c:\arquivos de programas\QuickTime

2009-07-17 19:03 . 2004-08-04 02:45 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-16 20:17 . 2009-07-16 20:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Backup

2009-07-15 01:00 . 2009-05-08 00:53 -------- d-----w- c:\arquivos de programas\CyberLink

2009-07-15 00:49 . 2009-07-15 00:47 -------- d-----w- c:\arquivos de programas\Valve

2009-07-15 00:29 . 2009-07-07 13:12 -------- d-----w- c:\arquivos de programas\Codemasters

2009-07-15 00:13 . 2009-07-15 00:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-15 00:13 . 2009-07-15 00:13 -------- d--h--r- c:\documents and settings\Walter\Dados de aplicativos\SecuROM

2009-07-15 00:04 . 2009-07-06 01:34 22328 ----a-w- c:\documents and settings\Walter\Dados de aplicativos\PnkBstrK.sys

2009-07-15 00:04 . 2009-07-06 01:33 669184 ----a-w- c:\windows\system32\pbsvc.exe

2009-07-15 00:04 . 2009-07-06 01:33 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-07-14 23:58 . 2009-07-14 23:58 -------- d-----w- c:\arquivos de programas\Electronic Arts

2009-07-14 22:55 . 2009-07-06 01:22 -------- d-----w- c:\arquivos de programas\Activision

2009-07-14 22:50 . 2009-07-07 13:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-07-14 22:45 . 2009-07-14 22:42 -------- d---a-w- c:\arquivos de programas\Medal of Honor Airborne

2009-07-14 02:43 . 2004-08-04 02:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 21:48 . 2009-07-13 21:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ubisoft

2009-07-13 21:31 . 2009-07-07 02:12 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-07-13 21:31 . 2009-07-07 13:27 -------- d-----w- c:\arquivos de programas\AGEIA Technologies

2009-07-13 18:51 . 2009-07-13 18:51 -------- d-----w- c:\arquivos de programas\MSXML 4.0

2009-07-08 00:01 . 2009-05-08 01:19 -------- d-----w- c:\documents and settings\Walter\Dados de aplicativos\Ahead

2009-07-07 23:14 . 2009-07-07 13:30 -------- d-----w- c:\arquivos de programas\damnation

2009-07-07 23:02 . 2009-07-07 23:02 0 ----a-w- c:\windows\nsreg.dat

2009-07-07 13:29 . 2009-07-07 13:29 -------- d-----w- c:\arquivos de programas\D-Tools

2009-06-29 15:58 . 2004-08-04 02:45 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2004-08-04 02:45 78336 ------w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2004-08-04 02:45 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:27 . 2004-08-04 02:45 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 02:45 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 02:45 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 02:45 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 02:45 732672 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 02:45 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 00:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-15 10:44 . 2004-08-04 02:45 77824 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 10:44 . 2004-08-04 02:45 81408 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:14 . 2004-08-04 02:45 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 12:21 . 2009-05-08 00:15 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:15 . 2004-08-04 02:45 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-09-05_04.05.40 )))))))))))))))))))))))))))))))))))))))))

.

- 2001-10-28 17:07 . 2009-09-05 03:19 71002 c:\windows\system32\perfc009.dat

+ 2001-10-28 17:07 . 2009-09-05 12:43 71002 c:\windows\system32\perfc009.dat

+ 2001-10-28 17:07 . 2009-09-05 12:43 440684 c:\windows\system32\perfh009.dat

- 2001-10-28 17:07 . 2009-09-05 03:19 440684 c:\windows\system32\perfh009.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\arquivos de programas\IDT\WDM\sttray.exe" [2008-07-21 442433]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]

"DAEMON Tools-1033"="c:\arquivos de programas\D-Tools\daemon.exe" [2004-08-22 81920]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-07-25 413696]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

Adobe Reader Synchronizer.lnk - c:\arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Codemasters\\Damnation\\Binaries\\DamnGame.exe"=

"c:\\Arquivos de programas\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [16/7/2009 17:14 28544]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/5/2009 21:40 38176]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-05 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.uol.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Walter\Dados de aplicativos\Mozilla\Firefox\Profiles\48swl8f0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-05 09:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Òw*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-09-05 9:56

ComboFix-quarantined-files.txt 2009-09-05 12:56

ComboFix2.txt 2009-09-05 04:06

 

Pré-execução: 8 pasta(s) 234.209.468.416 bytes disponíveis

Pós execução: 7 pasta(s) 234.182.520.832 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

271 --- E O F --- 2009-08-27 12:36

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:59:00, on 5/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Walter\Meus documentos\Meus arquivos recebidos\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251299429375

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\arquivos de programas\idt\xpv_5902_012208\wdm\STacSV.exe

 

--

End of file - 5177 bytes

[DigRam 144]

Bom Dia! vagasil

 

<@> Baixe: < > CCleaner

<@> Salve-o no Desktop!

<@> Com a opção < Limpador >,já selecionada,clique em Analisar. --> Aguarde o progresso!

<@> Terminando,clique em Executar Cleaner.

<@> Na janela que surgir,dê o Ok. --> Aguarde o progresso!

<@> Selecionando a opção Registro,clique em Procurar erros.

<@> Terminando,clique em Corrigir erros selecionados...

<@> Na pergunta,clique em Sim!

<@> Nomeie os backups e clique em Salvar.

<@> Por alguns dias,estando tudo Ok,poderá deletar esse arquivo backup. ( .reg )

<@> Na janela que aparecer,clique em: "Corrigir todos os erros selecionados"

<@> Clique em Ok --> Fechar.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><>

<!> Seu log está limpo!

<!> Tudo Ok?

 

Abraços!

[vagasil 0]

Perfeito. Depois do procedimento as paginas finalmente nao mais apareceram. Obrigado pela atenção e fica minha admiração, não somente pela sabedoria(que demonstrou ter de sobra sobre o assunto), mas pela maneira com que a distribui(atencioso, eficaz e espontaneo)

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.