[Resolvido!] Problema no Explorer

DemonFuuck · Setembro 16, 2009

Olaa pessoas, ja postei isto em outro forum mas ja faz 10 dias e nao tive nenhuma respostas, então vim aqui ver se alguém me ajuda heh XDDDDD

É o Seguinte, ta dando uns erros mirabolantes aqui

AHAHUAHU

QUando eu vo no Desktop "geralmente eu só faço isso ja com o msn aberto"

Vou no desktop pra ir nos meus documentos, ou minhas musicas, [ os links de pastas ]

Sempre q clico duas vezes em alguma pasta, da erro no explorer, fecha, e da erro no msn tbm, aparece q o windows live plataform sei la do q encontrou um problema, dai fecha os dois, o msn e o explorer...

Diréto isso, E tem outra coisa q vem me encomodando, um tal de service.exe... tem vez q ele aparece em SYSTEM e tem vez q aparece com o Nome do Usuário ???

E ele está sobrecarregando a memória diréto... até travar...

Ai o log do Hijack ^^

Thankss povo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:05:08, on 16/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\csrss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

F:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\slserv.exe

F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

F:\WINDOWS\system32\wuauclt.exe

F:\WINDOWS\system32\taskmgr.exe

F:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

F:\WINDOWS\system32\ctfmon.exe

D:\AntiMerdas\Spybot - Search & Destroy\SpybotSD.exe

F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

F:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

F:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

F:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In SSV Helper - {EFF6FAA0-12ED-47D5-94DE-0519FBDE92AC} - F:\WINDOWS\java\jre1.6.0\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VMSnap3] F:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Domino] F:\WINDOWS\Domino.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDog303] F:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251740173250

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{19F1E59C-0533-4466-AB20-0444A41F5418}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{19F1E59C-0533-4466-AB20-0444A41F5418}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6308 bytes

PedroN · Setembro 16, 2009

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

• Faça a instalação dando um duplo clique em "mbam-setup.exe";

• Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

• Marque "Verificação Completa" e depois clique em Verificar;

• Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

• Se algo for detectado, veja se tudo está marcado e clique em "Remover";

• O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

• Copie e cole o conteúdo desse log na sua próxima resposta.

- Gere novo log do HijackThis e cole na sua resposta.

DemonFuuck · Setembro 16, 2009

Olá, antes de ver oque você tinha postado eu tinha executado o malwarebytes no scan rapido

e encontro alguma coisa, eu puis pra remover

ai o log...

Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2727

Windows 5.1.2600 Service Pack 3

16/9/2009 01:21:40

mbam-log-2009-09-16 (01-21-40).txt

Tipo de Verificação: Rápida

Objetos verificados: 102957

Tempo decorrido: 5 minute(s), 44 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

F:\Documents and Settings\Victor\Favoritos\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.

Aqui o log da verificação completa q eu fiz depois de ler oque você postou...

Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2727

Windows 5.1.2600 Service Pack 3

16/9/2009 17:35:43

mbam-log-2009-09-16 (17-35-43).txt

Tipo de Verificação: Completa (C:\|D:\|F:\|)

Objetos verificados: 77527

Tempo decorrido: 1 hour(s), 9 minute(s), 25 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Aqui o do Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:02, on 16/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\csrss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

F:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\slserv.exe

F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\alg.exe

F:\WINDOWS\VMSnap3.EXE

F:\WINDOWS\Domino.EXE

F:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

F:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe

F:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

F:\WINDOWS\explorer.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

F:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

F:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

F:\WINDOWS\system32\wbem\wmiprvse.exe

F:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 1949 bytes

Mesmo removendo a ifecção que o malwarebytes encontrou... continua o problema...

ontem também rodei do spybot search and destroy, ele encontrou umas coisas, removi, mas ainda continua o erro heh XDDDDD

PedroN · Setembro 18, 2009

Faça o download do ComboFix de um destes locais:

Link 1.

Link 2.

Link 3.

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Dê um duplo clique no ComboFix.exe & siga as instruções.

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

Clique em Sim, para continuar a varredura de malware.

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

DemonFuuck · Setembro 18, 2009

Opa, Valew pela atenção ai ^^

Log do ComboFix:

ComboFix 09-09-17.04 - Victor 18/09/2009 12:18.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.185 [GMT -3:00]

Executando de: c:\victor documentos\Downloads\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

Os seguintes arquivos/ficheiros foram desabilitados durante a execução:

f:\windows\java\jre1.6.0\bin\jvm.dll

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

f:\windows\system32\install.exe

f:\windows\system32\msssc.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))

.

2009-09-18 14:44 . 2008-04-13 18:45 60032 -c--a-w- f:\windows\system32\dllcache\usbaudio.sys

2009-09-18 14:44 . 2008-04-13 18:45 60032 ----a-w- f:\windows\system32\drivers\USBAUDIO.sys

2009-09-18 14:43 . 2008-04-13 18:45 32128 -c--a-w- f:\windows\system32\dllcache\usbccgp.sys

2009-09-18 14:43 . 2008-04-13 18:45 32128 ----a-w- f:\windows\system32\drivers\usbccgp.sys

2009-09-18 05:23 . 2009-09-18 05:23 -------- d-----w- f:\arquivos de programas\QuickTime

2009-09-18 05:09 . 2007-08-27 13:53 107864 ----a-w- f:\windows\system32\tsccvid.dll

2009-09-18 05:09 . 2009-09-18 05:24 -------- d-----w- f:\windows\system32\QuickTime

2009-09-18 05:08 . 2009-09-18 05:08 -------- d-----w- f:\arquivos de programas\Arquivos comuns\TechSmith Shared

2009-09-16 16:24 . 2009-09-16 16:24 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\Malwarebytes

2009-09-16 03:45 . 2009-09-16 04:12 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-13 06:22 . 2009-09-13 06:22 -------- d-----w- f:\windows\system32\XPSViewer

2009-09-13 06:22 . 2009-09-13 06:22 -------- d-----w- f:\arquivos de programas\MSBuild

2009-09-13 06:22 . 2009-09-13 06:22 -------- d-----w- f:\arquivos de programas\Reference Assemblies

2009-09-13 06:21 . 2008-07-06 12:06 89088 -c----w- f:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-13 06:21 . 2008-07-06 12:06 575488 -c----w- f:\windows\system32\dllcache\xpsshhdr.dll

2009-09-13 06:21 . 2008-07-06 12:06 575488 ------w- f:\windows\system32\xpsshhdr.dll

2009-09-13 06:21 . 2008-07-06 12:06 117760 ------w- f:\windows\system32\prntvpt.dll

2009-09-13 06:21 . 2008-07-06 10:50 597504 -c----w- f:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-13 06:21 . 2008-07-06 12:06 1676288 -c----w- f:\windows\system32\dllcache\xpssvcs.dll

2009-09-13 06:21 . 2008-07-06 12:06 1676288 ------w- f:\windows\system32\xpssvcs.dll

2009-09-12 10:07 . 2008-05-30 17:19 507400 ----a-w- f:\windows\system32\XAudio2_1.dll

2009-09-12 09:09 . 2009-09-12 09:10 -------- d-----w- f:\windows\Logs

2009-09-12 08:50 . 2009-09-12 09:00 -------- d-----w- f:\windows\system32\URTTemp

2009-09-10 17:13 . 2009-09-10 17:13 -------- d-----w- f:\arquivos de programas\Trend Micro

2009-09-09 03:02 . 2009-06-21 21:48 153088 -c----w- f:\windows\system32\dllcache\triedit.dll

2009-09-07 19:00 . 2009-09-07 19:00 -------- d-----w- f:\arquivos de programas\Windows Media Connect 2

2009-09-07 18:57 . 2009-09-07 18:58 -------- d-----w- f:\windows\system32\drivers\UMDF

2009-09-07 18:57 . 2009-09-07 18:57 -------- d-----w- f:\windows\system32\LogFiles

2009-09-06 18:20 . 2009-09-06 18:20 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\ManyCam

2009-09-06 04:17 . 2009-09-06 04:17 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\TuneUp Software

2009-09-05 22:54 . 2009-09-05 23:27 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Drumsite

2009-09-05 04:26 . 2009-09-05 04:27 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\ManyCam

2009-09-04 20:18 . 2009-09-04 20:18 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\Foxit Software

2009-09-04 03:32 . 2009-09-18 05:09 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\TechSmith

2009-09-03 17:30 . 2009-09-03 17:30 -------- d-----w- f:\windows\ShellNew

2009-09-03 17:03 . 2009-09-03 17:03 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\Foxit Software

2009-09-02 20:54 . 2009-09-18 01:51 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Soulseek

2009-09-02 20:53 . 2009-09-02 20:53 -------- d-----w- f:\arquivos de programas\SoulseekNS

2009-09-02 17:11 . 2009-09-02 17:11 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\Media Player Classic

2009-09-02 17:11 . 2009-09-02 17:11 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\DivX

2009-09-02 05:40 . 2009-09-02 05:40 -------- d-----w- f:\arquivos de programas\Arquivos comuns\xing shared

2009-09-02 05:39 . 2009-09-02 05:39 499712 ----a-w- f:\windows\system32\msvcp71.dll

2009-09-02 05:39 . 2009-09-02 05:39 -------- d-----w- f:\arquivos de programas\Real

2009-09-02 05:39 . 2009-09-02 05:40 -------- d-----w- f:\arquivos de programas\Arquivos comuns\Real

2009-09-01 21:23 . 2009-09-01 21:23 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\Malwarebytes

2009-09-01 21:23 . 2009-08-03 16:36 38160 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys

2009-09-01 21:23 . 2009-09-01 21:23 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-01 21:23 . 2009-08-03 16:36 19096 ----a-w- f:\windows\system32\drivers\mbam.sys

2009-09-01 21:22 . 2009-09-18 14:45 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\wsInspector

2009-09-01 20:46 . 2009-09-01 20:46 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\Media Player Classic

2009-09-01 20:36 . 2008-09-16 19:23 168448 ----a-w- f:\windows\system32\unrar.dll

2009-09-01 20:36 . 2009-05-29 21:37 205824 ----a-w- f:\windows\system32\xvidvfw.dll

2009-09-01 20:36 . 2009-05-29 21:31 881664 ----a-w- f:\windows\system32\xvidcore.dll

2009-09-01 20:36 . 2004-01-25 16:18 217088 ----a-w- f:\windows\system32\yv12vfw.dll

2009-09-01 20:36 . 2009-05-01 21:02 90112 ----a-w- f:\windows\system32\dpl100.dll

2009-09-01 20:36 . 2008-11-06 16:37 3596288 ----a-w- f:\windows\system32\qt-dx331.dll

2009-09-01 20:36 . 2009-05-01 21:02 685056 ----a-w- f:\windows\system32\divx.dll

2009-09-01 20:36 . 2009-06-02 16:11 85504 ----a-w- f:\windows\system32\ff_vfw.dll

2009-09-01 20:36 . 2009-09-02 05:39 348160 ----a-w- f:\windows\system32\msvcr71.dll

2009-09-01 20:12 . 2009-09-01 20:12 -------- d-sh--w- f:\documents and settings\Victor\IECompatCache

2009-09-01 20:11 . 2009-09-01 20:11 -------- d-sh--w- f:\documents and settings\Victor\PrivacIE

2009-09-01 19:04 . 2009-07-03 16:59 55296 -c----w- f:\windows\system32\dllcache\msfeedsbs.dll

2009-09-01 19:04 . 2009-07-03 16:59 246272 -c----w- f:\windows\system32\dllcache\ieproxy.dll

2009-09-01 19:04 . 2009-07-03 16:59 12800 -c----w- f:\windows\system32\dllcache\xpshims.dll

2009-09-01 19:04 . 2009-07-03 16:59 1985536 -c----w- f:\windows\system32\dllcache\iertutil.dll

2009-09-01 19:04 . 2009-07-03 16:59 594432 -c----w- f:\windows\system32\dllcache\msfeeds.dll

2009-09-01 13:47 . 2008-10-16 17:06 268648 ----a-w- f:\windows\system32\mucltui.dll

2009-09-01 13:45 . 2009-09-01 13:45 -------- d-sh--w- f:\documents and settings\Iracema\IETldCache

2009-09-01 04:16 . 2009-09-01 04:16 -------- d-sh--w- f:\documents and settings\Victor\IETldCache

2009-09-01 03:33 . 2009-09-14 21:31 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\uTorrent

2009-09-01 03:29 . 2009-03-30 13:33 96104 ----a-w- f:\windows\system32\drivers\avipbb.sys

2009-09-01 03:29 . 2009-02-13 15:29 22360 ----a-w- f:\windows\system32\drivers\avgntmgr.sys

2009-09-01 03:29 . 2009-02-13 15:17 45416 ----a-w- f:\windows\system32\drivers\avgntdd.sys

2009-09-01 03:29 . 2009-09-01 03:29 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-01 02:41 . 2009-09-01 02:41 -------- d-----w- f:\windows\nvidia icons

2009-09-01 02:41 . 2009-09-01 02:41 -------- d-----w- f:\windows\nview

2009-09-01 02:41 . 2008-05-03 01:46 442368 ----a-w- f:\windows\system32\nvudisp.exe

2009-09-01 02:40 . 2008-04-30 20:27 442368 ----a-w- f:\windows\system32\NVUNINST.EXE

2009-09-01 02:26 . 2009-09-09 06:07 -------- d-----w- f:\windows\ie8updates

2009-09-01 02:26 . 2009-08-07 08:48 100352 -c----w- f:\windows\system32\dllcache\iecompat.dll

2009-09-01 02:25 . 2009-09-01 02:26 -------- dc-h--w- f:\windows\ie8

2009-08-31 20:47 . 2008-04-14 02:20 54784 -c--a-w- f:\windows\system32\dllcache\vfwwdm32.dll

2009-08-31 20:47 . 2008-04-14 02:20 54784 ----a-w- f:\windows\system32\vfwwdm32.dll

2009-08-31 16:36 . 2008-09-04 17:16 1106944 -c----w- f:\windows\system32\dllcache\msxml3.dll

2009-08-31 16:36 . 2009-06-22 06:48 726528 -c--a-w- f:\windows\system32\dllcache\jscript.dll

2009-08-31 16:36 . 2009-03-08 07:33 420352 -c--a-w- f:\windows\system32\dllcache\vbscript.dll

2009-08-31 16:36 . 2008-05-09 10:55 90112 -c----w- f:\windows\system32\dllcache\wshext.dll

2009-08-31 16:36 . 2008-05-09 10:55 180224 -c----w- f:\windows\system32\dllcache\scrobj.dll

2009-08-31 16:36 . 2008-05-09 10:55 172032 -c----w- f:\windows\system32\dllcache\scrrun.dll

2009-08-31 16:36 . 2008-05-09 08:45 135168 -c----w- f:\windows\system32\dllcache\cscript.exe

2009-08-31 16:36 . 2008-05-08 11:24 155648 -c----w- f:\windows\system32\dllcache\wscript.exe

2009-08-31 16:01 . 2009-09-01 04:16 -------- d-----w- f:\windows\system32\pt-br

2009-08-31 16:01 . 2009-08-31 16:01 -------- d-----w- f:\windows\l2schemas

2009-08-31 16:01 . 2009-08-31 16:01 -------- d-----w- f:\windows\system32\bits

2009-08-31 16:00 . 2009-08-31 16:00 0 ----a-w- f:\windows\nsreg.dat

2009-08-31 15:55 . 2009-08-31 16:04 -------- d-----w- f:\windows\ServicePackFiles

2009-08-31 15:40 . 2004-08-04 03:36 701440 ------w- f:\windows\system32\drivers\ati2mtag.sys

2009-08-31 15:18 . 2009-09-02 05:29 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-08-31 15:05 . 2008-06-14 17:34 272384 -c----w- f:\windows\system32\dllcache\bthport.sys

2009-08-31 14:57 . 2009-02-09 11:25 2193280 -c----w- f:\windows\system32\dllcache\ntoskrnl.exe

2009-08-31 14:57 . 2009-02-06 10:10 227840 -c----w- f:\windows\system32\dllcache\wmiprvse.exe

2009-08-31 14:57 . 2009-03-06 14:20 286208 -c----w- f:\windows\system32\dllcache\pdh.dll

2009-08-31 14:57 . 2009-02-09 11:25 111104 -c----w- f:\windows\system32\dllcache\services.exe

2009-08-31 14:57 . 2009-02-09 10:53 683520 -c----w- f:\windows\system32\dllcache\advapi32.dll

2009-08-31 14:57 . 2009-02-09 10:53 473600 -c----w- f:\windows\system32\dllcache\fastprox.dll

2009-08-31 14:57 . 2009-02-09 10:53 401408 -c----w- f:\windows\system32\dllcache\rpcss.dll

2009-08-31 14:57 . 2009-06-25 08:27 732672 -c----w- f:\windows\system32\dllcache\lsasrv.dll

2009-08-31 14:57 . 2009-02-09 11:25 2149376 -c----w- f:\windows\system32\dllcache\ntkrnlmp.exe

2009-08-31 14:57 . 2009-02-09 10:53 730624 -c----w- f:\windows\system32\dllcache\ntdll.dll

2009-08-31 14:57 . 2009-02-09 10:53 453120 -c----w- f:\windows\system32\dllcache\wmiprvsd.dll

2009-08-31 14:57 . 2009-02-09 11:25 2028032 -c----w- f:\windows\system32\dllcache\ntkrpamp.exe

2009-08-31 14:55 . 2008-05-08 14:02 203136 -c----w- f:\windows\system32\dllcache\rmcast.sys

2009-08-31 14:55 . 2008-10-24 11:21 455296 -c----w- f:\windows\system32\dllcache\mrxsmb.sys

2009-08-31 14:55 . 2008-12-11 10:57 333952 -c----w- f:\windows\system32\dllcache\srv.sys

2009-08-31 14:55 . 2008-05-01 14:36 331776 -c----w- f:\windows\system32\dllcache\msadce.dll

2009-08-31 14:55 . 2009-07-10 13:27 1315328 -c----w- f:\windows\system32\dllcache\msoe.dll

2009-08-31 14:55 . 2008-04-11 19:05 691712 -c----w- f:\windows\system32\dllcache\inetcomm.dll

2009-08-31 14:53 . 2008-10-15 16:36 337408 -c----w- f:\windows\system32\dllcache\netapi32.dll

2009-08-31 14:52 . 2008-04-21 21:15 216064 -c----w- f:\windows\system32\dllcache\wordpad.exe

2009-08-31 14:51 . 2009-08-31 14:51 -------- d-sh--w- f:\documents and settings\Victor\UserData

2009-08-31 14:47 . 2009-09-09 06:17 -------- d--h--w- f:\windows\$hf_mig$

2009-08-31 13:45 . 2009-08-31 13:45 -------- d-sh--w- f:\documents and settings\Iracema\UserData

2009-08-31 13:24 . 2009-09-17 11:45 -------- d-----w- f:\documents and settings\Iracema\Tracing

2009-08-31 08:20 . 2009-09-18 15:04 -------- d-----w- f:\documents and settings\Victor\Tracing

2009-08-31 08:19 . 2009-09-09 13:54 -------- d-----w- f:\arquivos de programas\Microsoft Silverlight

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-13 06:27 . 2001-10-28 15:07 82770 ----a-w- f:\windows\system32\perfc016.dat

2009-09-13 06:27 . 2001-10-28 15:07 476876 ----a-w- f:\windows\system32\perfh016.dat

2009-09-06 04:50 . 2009-08-31 07:09 -------- d--h--w- f:\arquivos de programas\InstallShield Installation Information

2009-09-04 20:44 . 2009-09-12 10:08 515416 ----a-w- f:\windows\system32\XAudio2_5.dll

2009-09-04 20:44 . 2009-09-12 10:08 238936 ----a-w- f:\windows\system32\xactengine3_5.dll

2009-09-04 20:44 . 2009-09-12 10:08 69464 ----a-w- f:\windows\system32\XAPOFX1_3.dll

2009-09-04 20:29 . 2009-09-12 10:08 235344 ----a-w- f:\windows\system32\d3dx11_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 453456 ----a-w- f:\windows\system32\d3dx10_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 1974616 ----a-w- f:\windows\system32\D3DCompiler_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 5501792 ----a-w- f:\windows\system32\d3dcsx_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 1892184 ----a-w- f:\windows\system32\D3DX9_42.dll

2009-08-31 20:37 . 2009-08-31 20:37 -------- d-----w- f:\arquivos de programas\Vimicro

2009-08-31 20:37 . 2009-08-31 07:09 -------- d-----w- f:\arquivos de programas\Arquivos comuns\InstallShield

2009-08-31 07:09 . 2009-08-31 07:09 -------- d-----w- f:\arquivos de programas\Analog Devices

2009-08-31 07:00 . 2009-08-31 07:00 -------- d-----w- f:\arquivos de programas\microsoft frontpage

2009-08-31 06:58 . 2009-08-31 06:58 -------- d-----w- f:\arquivos de programas\Serviços on-line

2009-08-31 06:57 . 2009-08-31 06:57 -------- d-----w- f:\arquivos de programas\Arquivos comuns\Serviços

2009-08-31 06:56 . 2009-08-31 06:56 21844 ----a-w- f:\windows\system32\emptyregdb.dat

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- f:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2004-08-04 03:45 119808 ----a-w- f:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 15:06 81920 ----a-w- f:\windows\system32\fontsub.dll

2009-07-28 19:33 . 2009-08-18 03:29 55656 ----a-w- f:\windows\system32\drivers\avgntflt.sys

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- f:\windows\system32\sirenacm.dll

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- f:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- f:\windows\system32\wmpdxm.dll

2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- f:\windows\WLXPGSS.SCR

2009-07-03 16:59 . 2004-08-04 03:45 915456 ----a-w- f:\windows\system32\wininet.dll

2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- f:\windows\system32\ieencode.dll

2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- f:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- f:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- f:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- f:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- f:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- f:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- f:\windows\system32\drivers\ksecdd.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFF6FAA0-12ED-47D5-94DE-0519FBDE92AC}]

2009-08-31 22:39 487424 ----a-w- f:\windows\java\jre1.6.0\bin\jp2ssv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ManyCam"="c:\arquivos de programas\ManyCam 2.4\ManyCam.exe" [2009-04-17 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMSnap3"="f:\windows\VMSnap3.EXE" [2006-08-30 49152]

"Domino"="f:\windows\Domino.EXE" [2006-06-28 49152]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"TkBellExe"="f:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-09-02 198160]

"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"f:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Games\\Cs 1.6\\hl.exe"=

"c:\\Arquivos de programas\\SoulseekNS\\slsk.exe"=

R0 m5289;m5289;f:\windows\system32\drivers\m5289.sys [31/8/2009 04:09 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;f:\windows\system32\drivers\AGPKX.SYS [31/8/2009 04:09 44928]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/8/2009 00:29 108289]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;f:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632]

R3 ULI5261;ULi Based Ethernet NT Driver;f:\windows\system32\drivers\ULILAN.SYS [31/8/2009 04:09 28160]

R3 vmfilter303;vmfilter303;f:\windows\system32\drivers\vmfilter303.sys [31/8/2009 17:37 428160]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [24/8/2009 19:41 92928]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"f:\windows\system32\rundll32.exe" "f:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-18 f:\windows\Tasks\User_Feed_Synchronization-{2B61E552-82AF-4D44-BA17-8E5C4570BD53}.job

- f:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

TCP: {19F1E59C-0533-4466-AB20-0444A41F5418} = 200.204.0.10 200.204.0.138

FF - ProfilePath - f:\documents and settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\ufc4i1j4.default\

FF - component: f:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nptidfusionplugin.dll

FF - plugin: f:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-BigDog303 - f:\windows\VM303_STI.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-18 12:22

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = f:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(632)

f:\windows\java\jre1.6.0\bin\jvm.dll

- - - - - - - > 'lsass.exe'(688)

f:\windows\java\jre1.6.0\bin\jvm.dll

- - - - - - - > 'csrss.exe'(608)

f:\windows\java\jre1.6.0\bin\jvm.dll

.

Tempo para conclusão: 2009-09-18 12:23

ComboFix-quarantined-files.txt 2009-09-18 15:23

Pré-execução: 4.489.043.968 bytes disponíveis

Pós execução: 4.660.293.632 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

292 --- E O F --- 2009-09-14 06:09

Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:42, on 18/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\csrss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\VMSnap3.EXE

F:\WINDOWS\Domino.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

F:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\alg.exe

F:\WINDOWS\system32\wscntfy.exe

F:\WINDOWS\system32\wuauclt.exe

F:\WINDOWS\system32\notepad.exe

F:\WINDOWS\explorer.exe

F:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

F:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

F:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In SSV Helper - {EFF6FAA0-12ED-47D5-94DE-0519FBDE92AC} - F:\WINDOWS\java\jre1.6.0\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VMSnap3] F:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Domino] F:\WINDOWS\Domino.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251740173250

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{19F1E59C-0533-4466-AB20-0444A41F5418}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{19F1E59C-0533-4466-AB20-0444A41F5418}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6192 bytes

PedroN · Setembro 18, 2009

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFF6FAA0-12ED-47D5-94DE-0519FBDE92AC}]

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste-o junto com o novo log do hijackthis

Como está o PC?

DemonFuuck · Setembro 20, 2009

ComboFix 09-09-17.04 - Victor 19/09/2009 18:13.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.199 [GMT -3:00]

Executando de: f:\documents and settings\Victor\Desktop\ComboFix.exe

Comandos utilizados :: f:\documents and settings\Victor\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-19 to 2009-09-19 ))))))))))))))))))))))))))))

.

2009-09-18 15:33 . 2009-09-18 15:33 -------- d-----w- f:\arquivos de programas\TeaTimer (Spybot - Search & Destroy)

2009-09-18 15:33 . 2009-09-18 15:33 -------- d-----w- f:\arquivos de programas\SDHelper (Spybot - Search & Destroy)

2009-09-18 15:33 . 2009-09-18 15:33 -------- d-----w- f:\arquivos de programas\Misc. Support Library (Spybot - Search & Destroy)

2009-09-18 15:33 . 2009-09-18 15:33 -------- d-----w- f:\arquivos de programas\File Scanner Library (Spybot - Search & Destroy)

2009-09-18 14:44 . 2008-04-13 18:45 60032 -c--a-w- f:\windows\system32\dllcache\usbaudio.sys

2009-09-18 14:44 . 2008-04-13 18:45 60032 ----a-w- f:\windows\system32\drivers\USBAUDIO.sys

2009-09-18 14:43 . 2008-04-13 18:45 32128 -c--a-w- f:\windows\system32\dllcache\usbccgp.sys

2009-09-18 14:43 . 2008-04-13 18:45 32128 ----a-w- f:\windows\system32\drivers\usbccgp.sys

2009-09-18 05:23 . 2009-09-18 05:23 -------- d-----w- f:\arquivos de programas\QuickTime

2009-09-18 05:09 . 2007-08-27 13:53 107864 ----a-w- f:\windows\system32\tsccvid.dll

2009-09-18 05:09 . 2009-09-18 05:24 -------- d-----w- f:\windows\system32\QuickTime

2009-09-18 05:08 . 2009-09-18 05:08 -------- d-----w- f:\arquivos de programas\Arquivos comuns\TechSmith Shared

2009-09-16 16:24 . 2009-09-16 16:24 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\Malwarebytes

2009-09-16 03:45 . 2009-09-16 04:12 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-13 06:22 . 2009-09-13 06:22 -------- d-----w- f:\windows\system32\XPSViewer

2009-09-13 06:22 . 2009-09-13 06:22 -------- d-----w- f:\arquivos de programas\MSBuild

2009-09-13 06:22 . 2009-09-13 06:22 -------- d-----w- f:\arquivos de programas\Reference Assemblies

2009-09-13 06:21 . 2008-07-06 12:06 89088 -c----w- f:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-13 06:21 . 2008-07-06 12:06 575488 -c----w- f:\windows\system32\dllcache\xpsshhdr.dll

2009-09-13 06:21 . 2008-07-06 12:06 575488 ------w- f:\windows\system32\xpsshhdr.dll

2009-09-13 06:21 . 2008-07-06 12:06 117760 ------w- f:\windows\system32\prntvpt.dll

2009-09-13 06:21 . 2008-07-06 10:50 597504 -c----w- f:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-13 06:21 . 2008-07-06 12:06 1676288 -c----w- f:\windows\system32\dllcache\xpssvcs.dll

2009-09-13 06:21 . 2008-07-06 12:06 1676288 ------w- f:\windows\system32\xpssvcs.dll

2009-09-12 10:07 . 2008-05-30 17:19 507400 ----a-w- f:\windows\system32\XAudio2_1.dll

2009-09-12 09:09 . 2009-09-12 09:10 -------- d-----w- f:\windows\Logs

2009-09-12 08:50 . 2009-09-12 09:00 -------- d-----w- f:\windows\system32\URTTemp

2009-09-10 17:13 . 2009-09-10 17:13 -------- d-----w- f:\arquivos de programas\Trend Micro

2009-09-09 03:02 . 2009-06-21 21:48 153088 -c----w- f:\windows\system32\dllcache\triedit.dll

2009-09-07 19:00 . 2009-09-07 19:00 -------- d-----w- f:\arquivos de programas\Windows Media Connect 2

2009-09-07 18:57 . 2009-09-07 18:58 -------- d-----w- f:\windows\system32\drivers\UMDF

2009-09-07 18:57 . 2009-09-07 18:57 -------- d-----w- f:\windows\system32\LogFiles

2009-09-06 18:20 . 2009-09-06 18:20 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\ManyCam

2009-09-06 04:17 . 2009-09-06 04:17 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\TuneUp Software

2009-09-05 22:54 . 2009-09-05 23:27 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Drumsite

2009-09-05 04:26 . 2009-09-05 04:27 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\ManyCam

2009-09-04 20:18 . 2009-09-04 20:18 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\Foxit Software

2009-09-04 03:32 . 2009-09-18 05:09 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\TechSmith

2009-09-03 17:30 . 2009-09-03 17:30 -------- d-----w- f:\windows\ShellNew

2009-09-03 17:03 . 2009-09-03 17:03 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\Foxit Software

2009-09-02 20:54 . 2009-09-18 01:51 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Soulseek

2009-09-02 20:53 . 2009-09-02 20:53 -------- d-----w- f:\arquivos de programas\SoulseekNS

2009-09-02 17:11 . 2009-09-02 17:11 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\Media Player Classic

2009-09-02 17:11 . 2009-09-02 17:11 -------- d-----w- f:\documents and settings\Iracema\Dados de aplicativos\DivX

2009-09-02 05:40 . 2009-09-02 05:40 -------- d-----w- f:\arquivos de programas\Arquivos comuns\xing shared

2009-09-02 05:39 . 2009-09-02 05:39 499712 ----a-w- f:\windows\system32\msvcp71.dll

2009-09-02 05:39 . 2009-09-02 05:39 -------- d-----w- f:\arquivos de programas\Real

2009-09-02 05:39 . 2009-09-02 05:40 -------- d-----w- f:\arquivos de programas\Arquivos comuns\Real

2009-09-01 21:23 . 2009-09-01 21:23 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\Malwarebytes

2009-09-01 21:23 . 2009-08-03 16:36 38160 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys

2009-09-01 21:23 . 2009-09-01 21:23 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-01 21:23 . 2009-08-03 16:36 19096 ----a-w- f:\windows\system32\drivers\mbam.sys

2009-09-01 21:22 . 2009-09-18 14:45 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\wsInspector

2009-09-01 20:46 . 2009-09-01 20:46 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\Media Player Classic

2009-09-01 20:36 . 2008-09-16 19:23 168448 ----a-w- f:\windows\system32\unrar.dll

2009-09-01 20:36 . 2009-05-29 21:37 205824 ----a-w- f:\windows\system32\xvidvfw.dll

2009-09-01 20:36 . 2009-05-29 21:31 881664 ----a-w- f:\windows\system32\xvidcore.dll

2009-09-01 20:36 . 2004-01-25 16:18 217088 ----a-w- f:\windows\system32\yv12vfw.dll

2009-09-01 20:36 . 2009-05-01 21:02 90112 ----a-w- f:\windows\system32\dpl100.dll

2009-09-01 20:36 . 2008-11-06 16:37 3596288 ----a-w- f:\windows\system32\qt-dx331.dll

2009-09-01 20:36 . 2009-05-01 21:02 685056 ----a-w- f:\windows\system32\divx.dll

2009-09-01 20:36 . 2009-06-02 16:11 85504 ----a-w- f:\windows\system32\ff_vfw.dll

2009-09-01 20:36 . 2009-09-02 05:39 348160 ----a-w- f:\windows\system32\msvcr71.dll

2009-09-01 20:12 . 2009-09-01 20:12 -------- d-sh--w- f:\documents and settings\Victor\IECompatCache

2009-09-01 20:11 . 2009-09-01 20:11 -------- d-sh--w- f:\documents and settings\Victor\PrivacIE

2009-09-01 19:04 . 2009-07-03 16:59 55296 -c----w- f:\windows\system32\dllcache\msfeedsbs.dll

2009-09-01 19:04 . 2009-07-03 16:59 246272 -c----w- f:\windows\system32\dllcache\ieproxy.dll

2009-09-01 19:04 . 2009-07-03 16:59 12800 -c----w- f:\windows\system32\dllcache\xpshims.dll

2009-09-01 19:04 . 2009-07-03 16:59 1985536 -c----w- f:\windows\system32\dllcache\iertutil.dll

2009-09-01 19:04 . 2009-07-03 16:59 594432 -c----w- f:\windows\system32\dllcache\msfeeds.dll

2009-09-01 13:47 . 2008-10-16 17:06 268648 ----a-w- f:\windows\system32\mucltui.dll

2009-09-01 13:45 . 2009-09-01 13:45 -------- d-sh--w- f:\documents and settings\Iracema\IETldCache

2009-09-01 04:16 . 2009-09-01 04:16 -------- d-sh--w- f:\documents and settings\Victor\IETldCache

2009-09-01 03:33 . 2009-09-14 21:31 -------- d-----w- f:\documents and settings\Victor\Dados de aplicativos\uTorrent

2009-09-01 03:29 . 2009-03-30 13:33 96104 ----a-w- f:\windows\system32\drivers\avipbb.sys

2009-09-01 03:29 . 2009-02-13 15:29 22360 ----a-w- f:\windows\system32\drivers\avgntmgr.sys

2009-09-01 03:29 . 2009-02-13 15:17 45416 ----a-w- f:\windows\system32\drivers\avgntdd.sys

2009-09-01 03:29 . 2009-09-01 03:29 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-01 02:41 . 2009-09-01 02:41 -------- d-----w- f:\windows\nvidia icons

2009-09-01 02:41 . 2009-09-01 02:41 -------- d-----w- f:\windows\nview

2009-09-01 02:41 . 2008-05-03 01:46 442368 ----a-w- f:\windows\system32\nvudisp.exe

2009-09-01 02:40 . 2008-04-30 20:27 442368 ----a-w- f:\windows\system32\NVUNINST.EXE

2009-09-01 02:26 . 2009-09-09 06:07 -------- d-----w- f:\windows\ie8updates

2009-09-01 02:26 . 2009-08-07 08:48 100352 -c----w- f:\windows\system32\dllcache\iecompat.dll

2009-09-01 02:25 . 2009-09-01 02:26 -------- dc-h--w- f:\windows\ie8

2009-08-31 20:47 . 2008-04-14 02:20 54784 -c--a-w- f:\windows\system32\dllcache\vfwwdm32.dll

2009-08-31 20:47 . 2008-04-14 02:20 54784 ----a-w- f:\windows\system32\vfwwdm32.dll

2009-08-31 16:36 . 2008-09-04 17:16 1106944 -c----w- f:\windows\system32\dllcache\msxml3.dll

2009-08-31 16:36 . 2009-06-22 06:48 726528 -c--a-w- f:\windows\system32\dllcache\jscript.dll

2009-08-31 16:36 . 2009-03-08 07:33 420352 -c--a-w- f:\windows\system32\dllcache\vbscript.dll

2009-08-31 16:36 . 2008-05-09 10:55 90112 -c----w- f:\windows\system32\dllcache\wshext.dll

2009-08-31 16:36 . 2008-05-09 10:55 180224 -c----w- f:\windows\system32\dllcache\scrobj.dll

2009-08-31 16:36 . 2008-05-09 10:55 172032 -c----w- f:\windows\system32\dllcache\scrrun.dll

2009-08-31 16:36 . 2008-05-09 08:45 135168 -c----w- f:\windows\system32\dllcache\cscript.exe

2009-08-31 16:36 . 2008-05-08 11:24 155648 -c----w- f:\windows\system32\dllcache\wscript.exe

2009-08-31 16:01 . 2009-09-01 04:16 -------- d-----w- f:\windows\system32\pt-br

2009-08-31 16:01 . 2009-08-31 16:01 -------- d-----w- f:\windows\l2schemas

2009-08-31 16:01 . 2009-08-31 16:01 -------- d-----w- f:\windows\system32\bits

2009-08-31 16:00 . 2009-08-31 16:00 0 ----a-w- f:\windows\nsreg.dat

2009-08-31 15:55 . 2009-08-31 16:04 -------- d-----w- f:\windows\ServicePackFiles

2009-08-31 15:40 . 2004-08-04 03:36 701440 ------w- f:\windows\system32\drivers\ati2mtag.sys

2009-08-31 15:18 . 2009-09-02 05:29 -------- d-----w- f:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-08-31 15:05 . 2008-06-14 17:34 272384 -c----w- f:\windows\system32\dllcache\bthport.sys

2009-08-31 14:57 . 2009-02-09 11:25 2193280 -c----w- f:\windows\system32\dllcache\ntoskrnl.exe

2009-08-31 14:57 . 2009-02-06 10:10 227840 -c----w- f:\windows\system32\dllcache\wmiprvse.exe

2009-08-31 14:57 . 2009-03-06 14:20 286208 -c----w- f:\windows\system32\dllcache\pdh.dll

2009-08-31 14:57 . 2009-02-09 11:25 111104 -c----w- f:\windows\system32\dllcache\services.exe

2009-08-31 14:57 . 2009-02-09 10:53 683520 -c----w- f:\windows\system32\dllcache\advapi32.dll

2009-08-31 14:57 . 2009-02-09 10:53 473600 -c----w- f:\windows\system32\dllcache\fastprox.dll

2009-08-31 14:57 . 2009-02-09 10:53 401408 -c----w- f:\windows\system32\dllcache\rpcss.dll

2009-08-31 14:57 . 2009-06-25 08:27 732672 -c----w- f:\windows\system32\dllcache\lsasrv.dll

2009-08-31 14:57 . 2009-02-09 11:25 2149376 -c----w- f:\windows\system32\dllcache\ntkrnlmp.exe

2009-08-31 14:57 . 2009-02-09 10:53 730624 -c----w- f:\windows\system32\dllcache\ntdll.dll

2009-08-31 14:57 . 2009-02-09 10:53 453120 -c----w- f:\windows\system32\dllcache\wmiprvsd.dll

2009-08-31 14:57 . 2009-02-09 11:25 2028032 -c----w- f:\windows\system32\dllcache\ntkrpamp.exe

2009-08-31 14:55 . 2008-05-08 14:02 203136 -c----w- f:\windows\system32\dllcache\rmcast.sys

2009-08-31 14:55 . 2008-10-24 11:21 455296 -c----w- f:\windows\system32\dllcache\mrxsmb.sys

2009-08-31 14:55 . 2008-12-11 10:57 333952 -c----w- f:\windows\system32\dllcache\srv.sys

2009-08-31 14:55 . 2008-05-01 14:36 331776 -c----w- f:\windows\system32\dllcache\msadce.dll

2009-08-31 14:55 . 2009-07-10 13:27 1315328 -c----w- f:\windows\system32\dllcache\msoe.dll

2009-08-31 14:55 . 2008-04-11 19:05 691712 -c----w- f:\windows\system32\dllcache\inetcomm.dll

2009-08-31 14:53 . 2008-10-15 16:36 337408 -c----w- f:\windows\system32\dllcache\netapi32.dll

2009-08-31 14:52 . 2008-04-21 21:15 216064 -c----w- f:\windows\system32\dllcache\wordpad.exe

2009-08-31 14:51 . 2009-08-31 14:51 -------- d-sh--w- f:\documents and settings\Victor\UserData

2009-08-31 14:47 . 2009-09-09 06:17 -------- d--h--w- f:\windows\$hf_mig$

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-13 06:27 . 2001-10-28 15:07 82770 ----a-w- f:\windows\system32\perfc016.dat

2009-09-13 06:27 . 2001-10-28 15:07 476876 ----a-w- f:\windows\system32\perfh016.dat

2009-09-06 04:50 . 2009-08-31 07:09 -------- d--h--w- f:\arquivos de programas\InstallShield Installation Information

2009-09-04 20:44 . 2009-09-12 10:08 515416 ----a-w- f:\windows\system32\XAudio2_5.dll

2009-09-04 20:44 . 2009-09-12 10:08 238936 ----a-w- f:\windows\system32\xactengine3_5.dll

2009-09-04 20:44 . 2009-09-12 10:08 69464 ----a-w- f:\windows\system32\XAPOFX1_3.dll

2009-09-04 20:29 . 2009-09-12 10:08 235344 ----a-w- f:\windows\system32\d3dx11_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 453456 ----a-w- f:\windows\system32\d3dx10_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 1974616 ----a-w- f:\windows\system32\D3DCompiler_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 5501792 ----a-w- f:\windows\system32\d3dcsx_42.dll

2009-09-04 20:29 . 2009-09-12 10:08 1892184 ----a-w- f:\windows\system32\D3DX9_42.dll

2009-08-31 20:37 . 2009-08-31 20:37 -------- d-----w- f:\arquivos de programas\Vimicro

2009-08-31 20:37 . 2009-08-31 07:09 -------- d-----w- f:\arquivos de programas\Arquivos comuns\InstallShield

2009-08-31 07:09 . 2009-08-31 07:09 -------- d-----w- f:\arquivos de programas\Analog Devices

2009-08-31 07:00 . 2009-08-31 07:00 -------- d-----w- f:\arquivos de programas\microsoft frontpage

2009-08-31 06:58 . 2009-08-31 06:58 -------- d-----w- f:\arquivos de programas\Serviços on-line

2009-08-31 06:57 . 2009-08-31 06:57 -------- d-----w- f:\arquivos de programas\Arquivos comuns\Serviços

2009-08-31 06:56 . 2009-08-31 06:56 21844 ----a-w- f:\windows\system32\emptyregdb.dat

2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- f:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2004-08-04 03:45 119808 ----a-w- f:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 15:06 81920 ----a-w- f:\windows\system32\fontsub.dll

2009-07-28 19:33 . 2009-08-18 03:29 55656 ----a-w- f:\windows\system32\drivers\avgntflt.sys

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- f:\windows\system32\sirenacm.dll

2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- f:\windows\system32\atl.dll

2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- f:\windows\system32\wmpdxm.dll

2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- f:\windows\WLXPGSS.SCR

2009-07-03 16:59 . 2004-08-04 03:45 915456 ------w- f:\windows\system32\wininet.dll

2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- f:\windows\system32\ieencode.dll

2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- f:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- f:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- f:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- f:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- f:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- f:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- f:\windows\system32\drivers\ksecdd.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-09-18_15.22.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-12-02 01:54 . 2006-12-01 20:54 626688 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

- 2006-12-02 01:54 . 2006-12-02 01:54 626688 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

- 2006-12-02 01:54 . 2006-12-02 01:54 548864 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 01:54 . 2006-12-01 20:54 548864 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 01:54 . 2006-12-01 20:54 479232 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

- 2006-12-02 01:54 . 2006-12-02 01:54 479232 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ManyCam"="c:\arquivos de programas\ManyCam 2.4\ManyCam.exe" [2009-04-17 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMSnap3"="f:\windows\VMSnap3.EXE" [2006-08-30 49152]

"Domino"="f:\windows\Domino.EXE" [2006-06-28 49152]

"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-03 13529088]

"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-03 86016]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"TkBellExe"="f:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-09-02 198160]

"BigDog303"="f:\windows\VM303_STI.EXE" [bU]

"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2008-05-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"f:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"d:\\Games\\Cs 1.6\\hl.exe"=

"c:\\Arquivos de programas\\SoulseekNS\\slsk.exe"=

R0 m5289;m5289;f:\windows\system32\drivers\m5289.sys [31/8/2009 04:09 51840]

R0 uliagpkx;ULi AGP Bus Filter Driver;f:\windows\system32\drivers\AGPKX.SYS [31/8/2009 04:09 44928]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [18/8/2009 00:29 108289]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;f:\windows\system32\drivers\ManyCam.sys [14/1/2008 07:06 21632]

R3 ULI5261;ULi Based Ethernet NT Driver;f:\windows\system32\drivers\ULILAN.SYS [31/8/2009 04:09 28160]

R3 vmfilter303;vmfilter303;f:\windows\system32\drivers\vmfilter303.sys [31/8/2009 17:37 428160]

S3 ddsxeiservice;ddsxeiservice2;c:\arquivos de programas\sXe Injected\ddsxei.sys [24/8/2009 19:41 92928]

--- =Outros Serviços/Drivers Na Memória ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"f:\windows\system32\rundll32.exe" "f:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-09-19 f:\windows\Tasks\User_Feed_Synchronization-{2B61E552-82AF-4D44-BA17-8E5C4570BD53}.job

- f:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - f:\documents and settings\Victor\Dados de aplicativos\Mozilla\Firefox\Profiles\ufc4i1j4.default\

FF - component: f:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\nptidfusionplugin.dll

FF - plugin: f:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-19 18:16

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog303 = f:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(632)

f:\windows\java\jre1.6.0\bin\jvm.dll

- - - - - - - > 'lsass.exe'(688)

f:\windows\java\jre1.6.0\bin\jvm.dll

- - - - - - - > 'explorer.exe'(660)

f:\windows\system32\WININET.dll

f:\windows\system32\webcheck.dll

f:\windows\system32\WPDShServiceObj.dll

f:\windows\system32\PortableDeviceTypes.dll

f:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(608)

f:\windows\java\jre1.6.0\bin\jvm.dll

.

Tempo para conclusão: 2009-09-19 18:17

ComboFix-quarantined-files.txt 2009-09-19 21:17

ComboFix2.txt 2009-09-19 21:05

ComboFix3.txt 2009-09-18 15:23

Pré-execução: 4.540.923.904 bytes disponíveis

Pós execução: 4.531.105.792 bytes disponíveis

292 --- E O F --- 2009-09-14 06:09

hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:47, on 20/9/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

F:\WINDOWS\system32\nvsvc32.exe

F:\WINDOWS\system32\slserv.exe

F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\VMSnap3.EXE

F:\WINDOWS\Domino.EXE

F:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

F:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

F:\WINDOWS\system32\NOTEPAD.EXE

F:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VMSnap3] F:\WINDOWS\VMSnap3.EXE

O4 - HKLM\..\Run: [Domino] F:\WINDOWS\Domino.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "F:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDog303] F:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

O4 - HKCU\..\Run: [ManyCam] "C:\Arquivos de programas\ManyCam 2.4\ManyCam.exe"

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251740173250

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{19F1E59C-0533-4466-AB20-0444A41F5418}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{19F1E59C-0533-4466-AB20-0444A41F5418}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - F:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6052 bytes

Obrigadoo, parou os problemas, só não sei o services.exe pq ele da a doida do nada rs... mas não é a todo momento :D mas deve estar certo agora sim, até agora ele não apareceu no User em vez de system...

valew valew =]

PedroN · Setembro 21, 2009

Acesse este site: http://www.kaspersky.com/virusscanner

Clique em

Siga as instruções de configuração do verificador conforme imagem abaixo.

poste o log do scan aqui mesmo no tópico

DemonFuuck · Setembro 22, 2009

Aquii :D

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report

Tuesday, September 22, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, September 22, 2009 08:13:06

Records in database: 2868567

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

F:\

H:\

Scan statistics:

Objects scanned: 88023

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:56:07

No threats found. Scanned area is clean.

Selected area has been scanned.

PedroN · Setembro 22, 2009

O log está limpo.

Vá em iniciar > executar > digite "combofix /u" sem aspas.

E aguarde a desinstalação do programa combofix.

Abraços

DemonFuuck · Setembro 26, 2009

O log está limpo.

Vá em iniciar > executar > digite "combofix /u" sem aspas.

E aguarde a desinstalação do programa combofix.

Abraços

OKay, muito obrigado *-*.

parou todos os problemas mesmo valew :D

resolvido :D

PedroN · Setembro 28, 2009

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido!] Problema no Explorer

Recommended Posts

DemonFuuck 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

DemonFuuck 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

DemonFuuck 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

DemonFuuck 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

DemonFuuck 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

DemonFuuck 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura

Ajuda com Extends e envio para o banco

PHP+Codeginiter - Orientação para Impressão

Fóruns

Tempo Real

Informação importante