[Resolvido!] Log HiJackThis

[igorhard 0]

Boa tarde sou Getulio Igor, e estou precisando de uma ajuda, pois não tenho nenhum conhecimento destes erros os quais estou estão acontecendo, eu queria apenas uma ajuda util, e não queria pertubar ninguem.

Falei com Antonio Sobrinho, que gentil mente falou que postasse aqui o log do hijachthis, este a baixo, espero que alguem possa me ajudar, ou me indicar um link do imasters que me ajude muito obrigado.

Deus te abençoe!

 

 

 

############################

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:33, on 16/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\OneTouchAccess.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Grupo Ávila

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD174BDF-5321-48E5-913C-CC05611E2FC3}: NameServer = 200.227.128.21 200.227.128.20

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 6286 bytes

[igorhard 0]

Este segundo log, fiz seguindo as instruções que encontrei no forum, a partir do C: criei uma pasta hijack e ele criou este log. por favor, preciso de ajuda!

Obrigado.

 

Regrads

/Getulio Igor

###############################

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:57:32, on 16/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Grupo Ávila

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 5473 bytes

[DigRam 144]

Bom Dia! igorhard

 

<@> Baixe: < FixPolicies > ( ...by Bill Castner )

<@> Salve-o no Desktop!

<@> Esteja logado como Administrador.

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies,que foi criada.

<@> Duplo-clique em Fix_policies.cmd.

<@> Surgirá,por breve momento,uma caixa preta.

<><><><><><><><><><>

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Desabilite seu anti-vírus ou Firewall.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

 

 

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

 

 

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<><><><><><><><><><>

<@> Baixe: < > Malwarebytes

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2009-xx-xx (00-00-00).txt <--

<><><><><><><><><><>

<@> Baixe: < DDS > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall.

<@> Estando desconectado,execute a ferramenta! --> Duplo clique em .

<@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <--

<@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim.

<@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <--

<@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan.

<@> Outra janela,finalmente,abrir-se-à! --> Clique em OK.

<@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os!

 

Abraços!

[igorhard 0]

ROGER THAT!

estarei dando inicio a explicação do tópico agora muito obrigado por sua atenção.

/Getulio Igor

 

ROGER THAT!

estarei dando inicio a explicação do tópico agora muito obrigado por sua atenção.

/Getulio Igor

 

 

_________________________________

LOG:

 

 

-- Changelog Lop S&D --

 

 

==================================

Maj/Upd : 19/12/2008 ( v 4.2.5-0 )

==================================

 

# Switch /w (WhiteList) [Thanks to Rorschach112]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\NetPumper.exe]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Bags regs"=-

"style cool 2 city"=-

"GreatLog"=-

 

%Temp%\LightCertGen.exe

%Temp%\sta*.exe

°°°°°°°°°°°°°°°°°°°

[DigRam 144]

Boa Tarde! igorhard

 

<@> O relatório postado do Lop S&D,está incorreto! ( Changelog Lop S&D )

<@> Ps: Busque o relatório correto,que encontra-se no PC.

<@> Ps: Não esqueça de postar os outros logs!

 

Abraços!

[igorhard 0]

DDS (Ver_09-07-30.01) - NTFSx86

Run by Administrador at 13:54:30,00 on 17/09/2009

Internet Explorer: 7.0.5730.11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.561 [GMT -3:00]

 

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uWindow Title = Grupo Ávila

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://www.google.com.br

uSearch Bar = hxxp://www.google.com/ie_rsearch.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie_rsearch.html

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\arquivos de programas\java\jre1.6.0_06\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\arquivos de programas\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

uRun: [NokiaPCSuiteTray] "c:\arquivos de programas\nokia\nokia pc suite\LaunchApplication.exe" -startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunOnce: [Malwarebytes' Anti-Malware] c:\arquivos de programas\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)

mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

 

============= SERVICES / DRIVERS ===============

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]

R2 ekrn;Eset Service;c:\arquivos de programas\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]

S2 gupdate1ca2cf22c892a58;Google Update Service (gupdate1ca2cf22c892a58);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-9-3 133104]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-4-14 3584]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-4-14 14336]

S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys [2009-9-1 16128]

S3 ViaUsbModemDriver;Nokia 1508 Modem Driver;c:\windows\system32\drivers\ViaUsbModem.sys [2009-9-1 20096]

 

=============== Created Last 30 ================

 

2009-09-17 12:45 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-09-17 12:45 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 12:45 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-09-17 12:45 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-17 12:45 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-17 12:17 501,736 a------- C:\LopSD.exe

2009-09-17 12:17 <DIR> --d----- C:\Lop SD

2009-09-17 08:54 268,648 a------- c:\windows\system32\mucltui.dll

2009-09-17 08:54 208,744 a------- c:\windows\system32\muweb.dll

2009-09-17 08:54 27,496 a------- c:\windows\system32\mucltui.dll.mui

2009-09-16 18:52 <DIR> --d----- C:\hijack

2009-09-16 15:14 <DIR> --d----- c:\documents and settings\administrador\Tracing

2009-09-16 15:11 <DIR> --d----- c:\arquivos de programas\Microsoft

2009-09-16 15:11 <DIR> --d----- c:\arquivos de programas\Windows Live SkyDrive

2009-09-16 14:07 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Windows Live

2009-09-15 18:46 <DIR> --d----- C:\5db8a5a7cf940bbb801c20bcf896

2009-09-14 10:18 <DIR> --d----- c:\windows\system32\PreInstall

2009-09-14 08:45 <DIR> --d----- c:\windows\system32\wbem\Repository

2009-09-13 14:14 180,224 -------- c:\windows\system32\dllcache\scrobj.dll

2009-09-13 14:13 172,032 -------- c:\windows\system32\dllcache\scrrun.dll

2009-09-13 14:13 430,080 -------- c:\windows\system32\dllcache\vbscript.dll

2009-09-13 14:13 155,648 -------- c:\windows\system32\dllcache\wscript.exe

2009-09-13 14:13 135,168 -------- c:\windows\system32\dllcache\cscript.exe

2009-09-13 14:13 90,112 -------- c:\windows\system32\dllcache\wshext.dll

2009-09-13 14:12 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2009-09-13 13:13 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll

2009-09-13 12:24 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx

2009-09-13 12:19 333,952 -------- c:\windows\system32\dllcache\srv.sys

2009-09-13 12:18 331,776 -------- c:\windows\system32\dllcache\msadce.dll

2009-09-13 12:11 765,952 -------- c:\windows\system32\dllcache\vgx.dll

2009-09-13 11:53 247,326 -------- c:\windows\system32\dllcache\strmdll.dll

2009-09-13 11:39 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb

2009-09-13 11:39 216,064 -------- c:\windows\system32\dllcache\wordpad.exe

2009-09-13 11:39 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll

2009-09-13 11:12 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys

2009-09-13 10:53 337,408 -------- c:\windows\system32\dllcache\netapi32.dll

2009-09-13 01:26 512,000 -------- c:\windows\system32\dllcache\jscript.dll

2009-09-12 22:49 203,136 -------- c:\windows\system32\dllcache\rmcast.sys

2009-09-12 22:16 286,720 -------- c:\windows\system32\dllcache\gdi32.dll

2009-09-12 12:45 272,384 -------- c:\windows\system32\drivers\bthport.sys

2009-09-12 12:45 272,384 -------- c:\windows\system32\dllcache\bthport.sys

2009-09-12 12:40 153,088 -------- c:\windows\system32\dllcache\triedit.dll

2009-09-12 00:25 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-09-06 07:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2009-09-06 07:56 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-09-06 07:45 1,419,232 a------- c:\windows\system32\wdfcoinstaller01005.dll

2009-09-06 07:45 23,680 a------- c:\windows\system32\drivers\motmodem.sys

2009-09-05 20:20 <DIR> --d----- c:\arquivos de programas\Motorola

2009-09-05 20:20 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Motorola Shared

2009-09-04 17:37 <DIR> --d----- c:\arquivos de programas\eMule

2009-09-01 20:18 <DIR> --d----- c:\documents and settings\administrador\Contacts

2009-09-01 19:48 20,096 a------- c:\windows\system32\drivers\ViaUsbModem.sys

2009-09-01 19:48 16,128 a------- c:\windows\system32\drivers\ViaUsbEts.sys

2009-09-01 19:44 <DIR> --d----- c:\windows\system32\appmgmt

2009-09-01 19:15 <DIR> --d----- c:\docume~1\admini~1\dadosd~1\Nokia(CDMA)

2009-09-01 19:14 32,128 a------- c:\windows\system32\drivers\usbccgp.sys

2009-09-01 19:14 <DIR> --d----- c:\arquivos de programas\Nokia

2009-09-01 07:31 69 a------- c:\windows\NeroDigital.ini

2009-09-01 07:16 12,288 a------- c:\windows\system32\drivers\mouhid.sys

2009-09-01 07:15 10,368 a------- c:\windows\system32\drivers\hidusb.sys

2009-08-28 01:46 <DIR> --dsh--- C:\found.000

2009-08-20 14:43 <DIR> --d----- c:\windows\pss

2009-08-20 00:09 <DIR> --d----- C:\spoolerlogs

 

==================== Find3M ====================

 

2009-09-15 01:28 474,400 a------- c:\windows\system32\perfh016.dat

2009-09-15 01:28 79,944 a------- c:\windows\system32\perfc016.dat

2009-09-12 14:21 90,112 a------- c:\windows\DUMP31ae.tmp

2009-09-10 09:58 90,112 a------- c:\windows\DUMP2b07.tmp

2009-08-23 10:12 90,112 a------- c:\windows\DUMP229b.tmp

2009-08-22 13:07 90,112 a------- c:\windows\DUMP3393.tmp

2009-08-21 19:38 90,112 a------- c:\windows\DUMP2450.tmp

2009-08-20 04:56 90,112 a------- c:\windows\DUMP276d.tmp

2009-08-09 14:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-08-05 06:00 205,312 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 06:00 205,312 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-29 01:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-07-29 01:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-07-29 01:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-07-29 01:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll

2009-07-23 15:42 21,844 a------- c:\windows\system32\emptyregdb.dat

2009-07-17 16:03 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 16:03 58,880 -------- c:\windows\system32\dllcache\atl.dll

 

============= FINISH: 13:54:56,71 ===============

[igorhard 0]

#2

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-07-30.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 23/07/2009 15:47:07

System Uptime: 17/09/2009 8:40:36 (5 hours ago)

 

Motherboard: Foxconn | | 661 7MJ

Processor: Intel® Celeron® CPU 2.80GHz | Socket 775 | 2800/133mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 26,702 GiB free.

D: is CDROM ()

E: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID:

Description: Modem PCI

Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\3&61AAA01&0&40

Manufacturer:

Name: Modem PCI

PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\3&61AAA01&0&40

Service:

 

==== System Restore Points ===================

 

RP1: 15/09/2009 19:26:48 - Ponto de verificação do sistema

RP2: 16/09/2009 21:51:19 - Ponto de verificação do sistema

 

==== Installed Programs ======================

 

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371-v2)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB973815)

Chinese (Simplified) Language Support

Chinese (Traditional) Language Support

DVD Shrink 3.2

eMule

ESET NOD32 Antivirus

Ferramenta de Carregamento do Windows Live

Google Chrome

Google Earth

Google Talk (remove only)

Google Update Helper

Google Updater

Heretic game (remove only)

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB915865)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB970653-v3)

Java 6 Update 6

K-Lite Mega Codec Pack 3.8.5

Korean Language Support

L&H Power Translator Pro 7.0

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Language Pack - ptb

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Global IME for Chinese (Simplified)

Microsoft Global IME for Chinese (Traditional)

Microsoft Global IME for Chinese (Traditional) ChangJie

Microsoft Global IME for Korean

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Professional Edição 2003

Microsoft Visual C++ 2005 Redistributable

MSVCRT

Nero 8 Lite 8.2.8.0

NOD32 v3.0.642 FiX1.2 by TemDono (31 dias restantes para sempre

Nokia PC Suite

Novo Dicionário Aurélio

Orbit Downloader

Pacote de Compatibilidade para o sistema Office 2007

Realtek AC'97 Audio

Segoe UI

Shockwave Player

SiS 900 PCI Fast Ethernet Adapter Driver

WebFldrs XP

Winamp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

 

==== End Of File ===========================

[DigRam 144]

Boa Tarde! igorhard

 

<!> O relatório Lop S&D,ainda,veio incorreto. Ps: O mesmo foi removido!

<!> Eis o caminho do relatório: C:\Lop SD\LopR_1.txt <--

<!> Ps: Não adianta executá-lo novamente,pois será sobreescrito.

<!> Poste o relatório do Malwarebytes: mbam-log-2009-xx-xx (00-00-00).txt <--

<!> Poste,também,HijackThis atualizado e informe o que está ocorrendo com o computador.

 

Abraços!

[igorhard 0]

#LopR_1

 

 

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.80GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Administrador ( Administrator )

BOOT : Normal boot

Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:37 Go (Free:26 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 17/09/2009|18:41 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\nsi53B.tmp

Deletado! - C:\Arquivos de programas\Orbitdownloader\addons

Deletado! - C:\Arquivos de programas\Orbitdownloader\banurl.ini

Deletado! - C:\Arquivos de programas\Orbitdownloader\changelog.txt

Deletado! - C:\Arquivos de programas\Orbitdownloader\download.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\Grab.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\GrabDll.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\idht.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\Lang.ini

Deletado! - C:\Arquivos de programas\Orbitdownloader\language

Deletado! - C:\Arquivos de programas\Orbitdownloader\libeay32.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\magic.mgc

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\saction.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\siteinfo.ini

Deletado! - C:\Arquivos de programas\Orbitdownloader\ssleay32.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader\unins000.dat

Deletado! - C:\Arquivos de programas\Orbitdownloader\unins000.exe

Deletado! - C:\Arquivos de programas\Orbitdownloader\update

Deletado! - C:\Arquivos de programas\Orbitdownloader\winfile.dll

Deletado! - C:\Arquivos de programas\Orbitdownloader

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[01/09/2009|23:05] C:\DOCUME~1\ADMINI~1\DADOSD~1\Adobe

[08/08/2009|20:26] C:\DOCUME~1\ADMINI~1\DADOSD~1\CyberLink

[04/09/2009|00:45] C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

[23/07/2009|16:15] C:\DOCUME~1\ADMINI~1\DADOSD~1\Identities

[01/09/2009|20:14] C:\DOCUME~1\ADMINI~1\DADOSD~1\Macromedia

[17/09/2009|12:45] C:\DOCUME~1\ADMINI~1\DADOSD~1\Malwarebytes

[09/08/2009|09:33] C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic

[06/09/2009|11:49] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

[31/08/2009|09:48] C:\DOCUME~1\ADMINI~1\DADOSD~1\Nero

[01/09/2009|19:15] C:\DOCUME~1\ADMINI~1\DADOSD~1\Nokia

[01/09/2009|19:15] C:\DOCUME~1\ADMINI~1\DADOSD~1\Nokia(CDMA)

[14/09/2009|14:17] C:\DOCUME~1\ADMINI~1\DADOSD~1\Orbit

[02/09/2009|07:47] C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

[03/09/2009|17:45] C:\DOCUME~1\ADMINI~1\DADOSD~1\Winamp

[05/09/2009|20:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\WinRAR

 

[08/08/2009|20:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[23/07/2009|16:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[23/07/2009|16:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\ESET

[03/09/2009|20:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google Updater

[17/09/2009|12:45] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes

[16/09/2009|15:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[23/07/2009|16:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[02/09/2009|00:15] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NOS

[23/07/2009|16:04] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

 

[14/09/2009|08:44] C:\DOCUME~1\CONVID~1\DADOSD~1\Microsoft

 

[14/09/2009|15:26] C:\DOCUME~1\CONVID~1.USU\DADOSD~1\Identities

[17/09/2009|16:20] C:\DOCUME~1\CONVID~1.USU\DADOSD~1\Malwarebytes

[14/09/2009|15:26] C:\DOCUME~1\CONVID~1.USU\DADOSD~1\Microsoft

 

[23/07/2009|15:46] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[23/07/2009|15:48] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[23/07/2009|15:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[17/09/2009 17:58][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[09/09/2009 07:58][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[05/09/2009 22:45][--a------] C:\WINDOWS\tasks\Google Software Updater.job

[17/09/2009 17:32][--ah-----] C:\WINDOWS\tasks\SA.DAT

[14/04/2008 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[16/09/2009|14:07] C:\Arquivos de programas\Arquivos comuns

[23/07/2009|16:38] C:\Arquivos de programas\CHANGJIE

[23/07/2009|15:42] C:\Arquivos de programas\ComPlus Applications

[23/07/2009|16:26] C:\Arquivos de programas\DVD Shrink

[04/09/2009|17:38] C:\Arquivos de programas\eMule

[23/07/2009|16:14] C:\Arquivos de programas\ESET

[23/07/2009|16:06] C:\Arquivos de programas\Foxit

[03/09/2009|21:08] C:\Arquivos de programas\Google

[31/08/2009|20:32] C:\Arquivos de programas\Heretic

[17/09/2009|17:07] C:\Arquivos de programas\Internet Explorer

[23/07/2009|16:08] C:\Arquivos de programas\Java

[23/07/2009|16:04] C:\Arquivos de programas\K-Lite Codec Pack

[23/07/2009|16:38] C:\Arquivos de programas\KOIME

[23/07/2009|16:36] C:\Arquivos de programas\LHSP

[17/09/2009|16:46] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[23/07/2009|16:06] C:\Arquivos de programas\Messenger

[16/09/2009|15:11] C:\Arquivos de programas\Microsoft

[23/07/2009|16:32] C:\Arquivos de programas\Microsoft Office

[23/07/2009|16:29] C:\Arquivos de programas\Microsoft Visual Studio

[23/07/2009|16:29] C:\Arquivos de programas\Microsoft Works

[23/07/2009|16:29] C:\Arquivos de programas\Microsoft.NET

[05/09/2009|20:20] C:\Arquivos de programas\Motorola

[23/07/2009|15:43] C:\Arquivos de programas\Movie Maker

[23/07/2009|15:56] C:\Arquivos de programas\MSBuild

[23/07/2009|16:32] C:\Arquivos de programas\MSECache

[23/07/2009|15:41] C:\Arquivos de programas\MSN Gaming Zone

[23/07/2009|16:03] C:\Arquivos de programas\My Company Name

[23/07/2009|16:05] C:\Arquivos de programas\Nero

[23/07/2009|15:44] C:\Arquivos de programas\NetMeeting

[01/09/2009|19:47] C:\Arquivos de programas\Nokia

[01/09/2009|22:46] C:\Arquivos de programas\NOS

[14/09/2009|17:39] C:\Arquivos de programas\Outlook Express

[23/07/2009|16:07] C:\Arquivos de programas\portables

[23/07/2009|16:34] C:\Arquivos de programas\Positivo

[23/07/2009|15:56] C:\Arquivos de programas\Reference Assemblies

[23/07/2009|16:38] C:\Arquivos de programas\SCIME

[23/07/2009|15:44] C:\Arquivos de programas\Servi‡os on-line

[23/07/2009|16:38] C:\Arquivos de programas\TCIME

[23/07/2009|16:15] C:\Arquivos de programas\Uninstall Information

[03/09/2009|09:31] C:\Arquivos de programas\Winamp

[16/09/2009|15:11] C:\Arquivos de programas\Windows Live

[16/09/2009|15:11] C:\Arquivos de programas\Windows Live SkyDrive

[23/07/2009|15:41] C:\Arquivos de programas\Windows Media Connect 2

[23/07/2009|15:46] C:\Arquivos de programas\Windows Media Player

[23/07/2009|15:41] C:\Arquivos de programas\Windows NT

[23/07/2009|15:44] C:\Arquivos de programas\WindowsUpdate

[23/07/2009|16:04] C:\Arquivos de programas\WinRAR

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[23/07/2009|16:29] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[23/07/2009|16:33] C:\Arquivos de programas\Arquivos comuns\InstallShield

[23/07/2009|16:08] C:\Arquivos de programas\Arquivos comuns\Java

[23/07/2009|16:36] C:\Arquivos de programas\Arquivos comuns\L&H Shared

[16/09/2009|15:11] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[05/09/2009|20:20] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[23/07/2009|15:44] C:\Arquivos de programas\Arquivos comuns\MSSoap

[23/07/2009|16:05] C:\Arquivos de programas\Arquivos comuns\Nero

[23/07/2009|12:31] C:\Arquivos de programas\Arquivos comuns\ODBC

[23/07/2009|15:44] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[23/07/2009|12:31] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[23/07/2009|16:29] C:\Arquivos de programas\Arquivos comuns\System

[16/09/2009|14:07] C:\Arquivos de programas\Arquivos comuns\Windows Live

 

--------------------\\ Process

 

( 29 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-17 18:46:02

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[F:1007][D:74]-> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp

[F:171][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies

[F:1858][D:18]-> C:\DOCUME~1\ADMINI~1\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 17/09/2009|18:47 - Option : [2]

 

#mbam-log-2009-09-17 (19-19-22).txt

 

 

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2816

Windows 5.1.2600 Service Pack 3

 

17/09/2009 19:19:22

mbam-log-2009-09-17 (19-19-22).txt

 

Tipo de Verificação: Completa (A:\|C:\|D:\|E:\|)

Objetos verificados: 131212

Tempo decorrido: 28 minute(s), 16 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[igorhard 0]

#hijackthis Atualizado.

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:21:29, on 17/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Grupo Ávila

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 5585 bytes

[igorhard 0]

Bem tratando de alterações no micro,

O menu de iniciar foi alterado,

Apareceu umas pastas a mais no C: tipo "foun.000" "RECYCLER"

Alguns arquivos com "sqm"

 

Queria saber como eu faço para voltar o menu de iniciar antigo, por que não esta disponível no menu de restauração do sistema, o mês de agosto, eu ia restaurar para o mês que o pc chegou aqui.

 

Com uma semana apareceu uma mensagem, este pc sera "desligado em 60 segundos"

 

E agora estou tentando tirar este erro, tirei "print screen" da area de trabalho.

[DigRam 144]

Bem tratando de alterações no micro,

O menu de iniciar foi alterado,

Apareceu umas pastas a mais no C: tipo "foun.000" "RECYCLER"

Alguns arquivos com "sqm"

 

Queria saber como eu faço para voltar o menu de iniciar antigo, por que não esta disponível no menu de restauração do sistema, o mês de agosto, eu ia restaurar para o mês que o pc chegou aqui.

 

Com uma semana apareceu uma mensagem, este pc sera "desligado em 60 segundos"

 

E agora estou tentando tirar este erro, tirei "print screen" da area de trabalho.

<><><><><><><><><>

Opa! igorhard

 

<!> O menu Iniciar foi alterado após a utilização de qual ferramenta?

<><><><><><><><><>

<@> Baixe: < McAfee Avert Stinger >

<@> Salve-o em Arquivos de programas!

<@> Clique em Add,e adicione as demais unidades de disco que possua. ( Por exemplo, a unidade D:\ )

<@> Em seguida,clique em "Preferences",para configurar seu scan.

<@> Marque,abaixo,as opções:

 

Boot sectors

Repair <-- Por default,encontra-se marcada!

Scan self extracting executables

Check files for MIME contente

Check files for UUEncoded content

Scan inside compressed files

Scan subdirectories

Report applications

Scan all files

 

<@> Ps: Muitas caixas estarão marcadas,bastando completar algumas.

<@> Ps: Ajuste a sensibilidade para "Very Low" --> OK.

<@> Clique em "Scan now".

<@> Aguarde o término do Scan.

<@> Clique em File --> Save report to file --> OK.

<@> Poste: c:\arquivos de programas\stinger 1001624.txt <--

<><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[igorhard 0]

Desculpa a demora me enrolei todo!

Quase não consigo voltar, hehehe reiniciei sem desmarcar as opções BOOT.INI =(

e os logs do combofix não tive bom êxito na execução =(

por tanto!!!

Regrads

/Getulio Igor

#################

 

McAfee® Stinger Version 10.0.1.624 built on Jul 6 2009

 

Copyright © 2009 McAfee, Inc. All Rights Reserved.

 

Virus data file v1000 created on Jul 6 2009.

 

Ready to scan for 897 viruses, trojans and variants.

 

 

 

Scan initiated on Fri Sep 18 10:25:53 2009

 

Number of clean files: 88712

 

#hijackthis atualizado.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:42:19, on 18/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Grupo Ávila

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD174BDF-5321-48E5-913C-CC05611E2FC3}: NameServer = 200.227.128.21 200.227.128.20

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 5622 bytes

[igorhard 0]

Neste exato momento, estou baixando novamente o Combofix, e dando inicio a seqüencia dada por você professor DigRam.

Muitíssimo obrigado por por sua paciência e atenção.

 

Baixar novamente,

Renomear antes de salvar,

Entrar no modo de segurança e executar as explicações, e logo posto o resultado!

 

/Getulio Igor.

[igorhard 0]

#COMBOFIX LOG:

 

ComboFix 09-09-17.04 - Administrador 18/09/2009 15:02.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.695 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\desktop\kombo.exe

Comandos utilizados :: /killall

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* AV residente está ativo

 

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\ADMINI~1\CONFIG~1\Temp\install_flash_player.exe

c:\windows\Installer\839b51.msp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))

.

 

2009-09-18 18:08 . 2009-09-18 18:08 -------- d-----w- c:\windows\system32\wbem\snmp

2009-09-18 18:08 . 2009-09-18 18:08 -------- d-----w- c:\windows\system32\xircom

2009-09-18 18:08 . 2009-09-18 18:08 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-18 17:26 . 2008-07-04 19:47 20096 ----a-w- c:\windows\system32\drivers\ViaUsbModem.sys

2009-09-18 17:10 . 2009-09-18 17:10 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-18 14:08 . 2009-09-18 17:09 -------- d-----w- C:\ComboFix(2)

2009-09-18 12:24 . 2009-09-18 12:29 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-09-18 12:19 . 2009-09-18 17:10 -------- d-----w- c:\arquivos de programas\HP

2009-09-18 12:14 . 2009-09-18 12:24 126123 ----a-w- c:\windows\HPHins12.dat

2009-09-18 12:14 . 2006-06-12 22:21 14916 ------w- c:\windows\hphmdl12.dat

2009-09-17 21:32 . 2009-09-17 21:47 -------- d-----w- C:\Lop SD

2009-09-17 21:31 . 2009-09-17 21:31 501736 ----a-w- C:\LopSD.exe

2009-09-17 19:20 . 2009-09-17 19:20 -------- d-----w- c:\documents and settings\Convidado.USUARIO\Dados de aplicativos\Malwarebytes

2009-09-17 15:45 . 2009-09-17 15:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-09-17 15:45 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 15:45 . 2009-09-17 15:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-17 15:45 . 2009-09-17 19:46 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-17 15:45 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-17 11:54 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-09-17 11:54 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-09-16 21:52 . 2009-09-18 17:42 -------- d-----w- C:\hijack

2009-09-16 18:14 . 2009-09-18 16:21 -------- d-----w- c:\documents and settings\Administrador\Tracing

2009-09-16 18:11 . 2009-09-16 18:11 -------- d-----w- c:\arquivos de programas\Microsoft

2009-09-16 18:11 . 2009-09-16 18:11 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-16 18:10 . 2009-09-16 18:11 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-16 17:07 . 2009-09-16 17:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-15 21:46 . 2009-09-15 21:46 -------- d-----w- C:\5db8a5a7cf940bbb801c20bcf896

2009-09-13 17:14 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll

2009-09-13 17:13 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll

2009-09-13 17:13 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll

2009-09-13 17:13 . 2008-05-09 10:55 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

2009-09-13 17:13 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe

2009-09-13 17:13 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe

2009-09-13 17:12 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-09-13 16:13 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll

2009-09-13 15:19 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2009-09-13 15:18 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2009-09-13 15:11 . 2008-05-27 17:25 765952 ------w- c:\windows\system32\dllcache\vgx.dll

2009-09-13 14:53 . 2008-10-03 10:04 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

2009-09-13 14:39 . 2008-04-21 21:15 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-09-13 14:39 . 2008-09-04 17:16 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll

2009-09-13 14:12 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2009-09-13 13:53 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-09-13 04:26 . 2009-08-13 15:21 512000 ------w- c:\windows\system32\dllcache\jscript.dll

2009-09-13 01:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2009-09-13 01:16 . 2008-10-23 12:37 286720 ------w- c:\windows\system32\dllcache\gdi32.dll

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Configurações locais

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Favoritos

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-s---w- c:\documents and settings\Convidado

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Modelos

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Meus documentos

2009-09-12 15:45 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-09-12 15:45 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2009-09-12 15:40 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2009-09-06 10:45 . 2007-06-18 17:18 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys

2009-09-06 10:45 . 2006-11-13 17:45 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll

2009-09-05 23:20 . 2009-09-05 23:20 -------- d-----w- c:\arquivos de programas\Motorola

2009-09-05 23:20 . 2009-09-05 23:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2009-09-04 20:37 . 2009-09-04 20:38 -------- d-----w- c:\arquivos de programas\eMule

2009-09-03 23:39 . 2009-09-03 23:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-09-02 01:46 . 2009-09-02 03:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-09-02 01:46 . 2009-09-02 01:46 -------- d-----w- c:\arquivos de programas\NOS

2009-09-02 00:45 . 2009-09-04 00:08 -------- d-----w- c:\arquivos de programas\Google

2009-09-01 23:18 . 2009-09-01 23:18 -------- d-----w- c:\documents and settings\Administrador\Contacts

2009-09-01 22:15 . 2009-09-01 22:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia(CDMA)

2009-09-01 22:15 . 2009-09-01 22:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia

2009-09-01 22:14 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-09-01 22:14 . 2009-09-18 17:02 -------- d-----w- c:\arquivos de programas\Nokia

2009-09-01 10:16 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-09-01 10:15 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2009-08-31 12:48 . 2009-08-31 12:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nero

2009-08-28 04:46 . 2009-08-28 04:46 -------- d-----w- C:\found.000

2009-08-20 03:09 . 2009-08-20 03:09 -------- d-----w- C:\spoolerlogs

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-18 15:18 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22bb.tmp

2009-09-18 15:05 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP225c.tmp

2009-09-18 14:55 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22ea.tmp

2009-09-18 14:32 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP228b.tmp

2009-09-18 14:31 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22ab.tmp

2009-09-18 14:24 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP220e.tmp

2009-09-18 14:22 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22ba.tmp

2009-09-18 14:21 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22e9.tmp

2009-09-18 13:48 . 2009-09-18 13:48 17 ----a-w- c:\arquivos de programas\stinger.opt

2009-09-18 13:46 . 2009-09-18 13:46 297 ----a-w- c:\arquivos de programas\stinger.txt

2009-09-15 04:28 . 2008-04-14 11:00 79944 ----a-w- c:\windows\system32\perfc016.dat

2009-09-15 04:28 . 2008-04-14 11:00 474400 ----a-w- c:\windows\system32\perfh016.dat

2009-09-14 17:17 . 2009-07-23 19:27 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-09-12 17:21 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP31ae.tmp

2009-09-10 12:58 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP2b07.tmp

2009-09-06 10:56 . 2009-09-06 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2009-09-06 10:56 . 2009-09-06 10:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-09-03 20:45 . 2009-09-03 12:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-09-03 12:31 . 2009-09-03 12:30 -------- d-----w- c:\arquivos de programas\Winamp

2009-08-31 23:32 . 2009-08-11 21:04 -------- d-----w- c:\arquivos de programas\Heretic

2009-08-23 13:12 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP229b.tmp

2009-08-22 16:07 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP3393.tmp

2009-08-21 22:38 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP2450.tmp

2009-08-20 07:56 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP276d.tmp

2009-08-09 12:33 . 2009-08-08 23:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-08-08 23:26 . 2009-08-08 23:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink

2009-08-08 23:25 . 2009-08-08 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-08-05 09:00 . 2008-04-14 11:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2008-04-14 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:36 . 2008-04-14 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\CHANGJIE

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\TCIME

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\SCIME

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\KOIME

2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\L&H Shared

2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w- c:\arquivos de programas\LHSP

2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\arquivos de programas\Positivo

2009-07-23 19:33 . 2009-07-23 19:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-07-23 19:32 . 2009-07-23 19:32 -------- d-----w- c:\arquivos de programas\MSECache

2009-07-23 19:29 . 2009-07-23 19:29 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-07-23 19:29 . 2009-07-23 19:29 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-07-23 19:26 . 2009-07-23 19:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-07-23 19:26 . 2009-07-23 19:26 -------- d-----w- c:\arquivos de programas\DVD Shrink

2009-07-23 19:14 . 2009-07-23 19:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-07-23 19:14 . 2009-07-23 19:14 -------- d-----w- c:\arquivos de programas\ESET

2009-07-23 19:08 . 2009-07-23 19:08 -------- d-----w- c:\arquivos de programas\Java

2009-07-23 19:08 . 2009-07-23 19:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-07-23 19:07 . 2009-07-23 19:07 -------- d-----w- c:\arquivos de programas\portables

2009-07-23 19:06 . 2009-07-23 19:06 -------- d---a-w- c:\arquivos de programas\Foxit

2009-07-23 19:05 . 2009-07-23 19:05 -------- d-----w- c:\arquivos de programas\Nero

2009-07-23 19:05 . 2009-07-23 19:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-07-23 19:05 . 2009-07-23 19:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-07-23 19:04 . 2009-07-23 19:04 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-07-23 19:03 . 2009-07-23 19:03 -------- d-----w- c:\arquivos de programas\My Company Name

2009-07-23 18:56 . 2009-07-23 18:56 -------- d-----w- c:\arquivos de programas\MSBuild

2009-07-23 18:56 . 2009-07-23 18:56 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-07-23 18:44 . 2009-07-23 18:44 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-07-23 18:44 . 2009-07-23 18:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-07-23 18:42 . 2009-07-23 18:42 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-23 18:41 . 2009-07-23 18:41 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-07-23 15:38 . 2009-09-14 18:25 0 ----a-w- c:\documents and settings\Convidado.USUARIO\vga1FD.tmp

2009-07-23 15:38 . 2009-09-14 18:25 0 ----a-w- c:\documents and settings\Convidado.USUARIO\vga1FC.tmp

2009-07-23 15:38 . 2009-09-12 23:38 0 ----a-w- c:\documents and settings\Convidado\vga1FD.tmp

2009-07-23 15:38 . 2009-09-12 23:38 0 ----a-w- c:\documents and settings\Convidado\vga1FC.tmp

2009-07-23 15:38 . 2009-07-23 18:47 0 ----a-w- c:\windows\system32\config\systemprofile\vga1FD.tmp

2009-07-23 15:38 . 2009-07-23 18:47 0 ----a-w- c:\windows\system32\config\systemprofile\vga1FC.tmp

2009-07-23 15:38 . 2009-07-23 15:38 0 ----a-w- c:\documents and settings\Default User\vga1FD.tmp

2009-07-23 15:38 . 2009-07-23 15:38 0 ----a-w- c:\documents and settings\Default User\vga1FC.tmp

2009-07-17 19:03 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2008-06-25 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 15:58 . 2008-06-25 18:52 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2008-06-25 18:52 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2008-06-25 18:52 17408 ----a-w- c:\windows\system32\corpol.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaPCSuiteTray"="c:\arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" [2008-07-10 2093056]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia PC Suite\\GetConnected.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 11:11 33800]

R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11:08 472320]

S2 gupdate1ca2cf22c892a58;Google Update Service (gupdate1ca2cf22c892a58);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [03/09/2009 20:56 133104]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [14/04/2008 8:00 3584]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [14/04/2008 8:00 14336]

S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys --> c:\windows\system32\drivers\ViaUsbEts.sys [?]

S3 ViaUsbModemDriver;Nokia 1508 Modem Driver;c:\windows\system32\drivers\ViaUsbModem.sys [18/09/2009 14:26 20096]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-03 23:56]

 

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-03 23:56]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

.

- - - - ORFÃOS REMOVIDOS - - - -

 

AddRemove-Heretic - c:\arquivos de programas\Heretic\uninst.exe

AddRemove-Orbit_is1 - c:\arquivos de programas\Orbitdownloader\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-18 15:09

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3512)

c:\windows\system32\WININET.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\arquivos de programas\Microsoft Office\OFFICE11\msohev.dll

c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroDigitalExt.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-18 15:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-18 18:13

 

Pré-execução: 10 pasta(s) 27.597.615.104 bytes disponíveis

Pós execução: 13 pasta(s) 28.482.912.256 bytes disponíveis

 

282 --- E O F --- 2009-09-17 20:07

 

 

 

 

 

 

 

 

 

*********************************

 

#HIJACKTHIS LOG ATUALIZADO,

*********************************

Após ter dado certo verificação de ComboFix.exe.

 

Regrads

/Getulio Igor

 

 

#############

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:17:31, on 18/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\OneTouchAccess.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD174BDF-5321-48E5-913C-CC05611E2FC3}: NameServer = 200.227.128.21 200.227.128.20

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 5274 bytes

[DigRam 144]

Boa Tarde! igorhard

 

<@> Baixe: < FixPolicies > ( ...by Bill Castner )

<@> Salve-o no Desktop!

<@> Esteja logado como Administrador.

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies,que foi criada.

<@> Duplo-clique em Fix_policies.cmd.

<@> Surgirá,por breve momento,uma caixa preta.

<><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no desktop,com o nome: CFScript.txt

 

RegLock::

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Folder::

C:\found.000

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[igorhard 0]

ComboFix 09-09-17.04 - Administrador 18/09/2009 16:28.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.618 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\kombo.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\found.000

c:\found.000\dir0000.chk\abreviaturas.zip

c:\found.000\dir0000.chk\anotacoes.gif

c:\found.000\dir0000.chk\avancada.swf

c:\found.000\dir0000.chk\biografia.htm

c:\found.000\dir0000.chk\biografia_files\botaoImprimir.gif

c:\found.000\dir0000.chk\biografia_files\estilos(1).css

c:\found.000\dir0000.chk\biografia_files\estilos.css

c:\found.000\dir0000.chk\biografia_files\fotoBiografia01.jpg

c:\found.000\dir0000.chk\biografia_files\fotoBiografia02.jpg

c:\found.000\dir0000.chk\biografia_files\fotoBiografia03.jpg

c:\found.000\dir0000.chk\biografia_files\spacer.gif

c:\found.000\dir0000.chk\biografia_files\style.css

c:\found.000\dir0000.chk\botoes_naveg.htm

c:\found.000\dir0000.chk\buscar.htm

c:\found.000\dir0000.chk\buscasanteriores.htm

c:\found.000\dir0000.chk\buscasanteriores_arquivos\image001.gif

c:\found.000\dir0000.chk\completo.gif

c:\found.000\dir0000.chk\conf-gerais.gif

c:\found.000\dir0000.chk\conf-lista.gif

c:\found.000\dir0000.chk\conf-verbete.gif

c:\found.000\dir0000.chk\configuracoes.htm

c:\found.000\dir0000.chk\configuracoes_arquivos\image001.gif

c:\found.000\dir0000.chk\creditos.htm

c:\found.000\dir0000.chk\creditos_files\estilos(1).css

c:\found.000\dir0000.chk\creditos_files\estilos.css

c:\found.000\dir0000.chk\creditos_files\spacer.gif

c:\found.000\dir0000.chk\creditos_files\style.css

c:\found.000\dir0000.chk\dedeira.gif

c:\found.000\dir0000.chk\desinstalar.htm

c:\found.000\dir0000.chk\dic_result.gif

c:\found.000\dir0000.chk\dicionario.gif

c:\found.000\dir0000.chk\dicionario_resultados.htm

c:\found.000\dir0000.chk\dicionario_resultados_arquivos\image001.gif

c:\found.000\dir0000.chk\dicionario_resultados_arquivos\image002.gif

c:\found.000\dir0000.chk\estilos.css

c:\found.000\dir0000.chk\fabrosauro.swf

c:\found.000\dir0000.chk\filtro.gif

c:\found.000\dir0000.chk\filtros2.gif

c:\found.000\dir0000.chk\filtros3.gif

c:\found.000\dir0000.chk\historico.gif

c:\found.000\dir0000.chk\imagem-dicionario.gif

c:\found.000\dir0000.chk\imagem-verbete.gif

c:\found.000\dir0000.chk\imagem completa.bmp

c:\found.000\dir0000.chk\imagemComoUsar.gif

c:\found.000\dir0000.chk\imagens\biografia2.jpg

c:\found.000\dir0000.chk\imagens\buscar.gif

c:\found.000\dir0000.chk\imagens\creditos2.jpg

c:\found.000\dir0000.chk\imagens\filelist.xml

c:\found.000\dir0000.chk\imagens\image001.jpg

c:\found.000\dir0000.chk\imagens\image002.jpg

c:\found.000\dir0000.chk\imagens\image003.jpg

c:\found.000\dir0000.chk\imagens\image004.png

c:\found.000\dir0000.chk\imagens\image005.jpg

c:\found.000\dir0000.chk\imagens\image006.png

c:\found.000\dir0000.chk\imagens\image007.jpg

c:\found.000\dir0000.chk\imagens\image008.png

c:\found.000\dir0000.chk\imagens\image009.jpg

c:\found.000\dir0000.chk\imagens\image010.png

c:\found.000\dir0000.chk\imagens\image011.jpg

c:\found.000\dir0000.chk\imagens\image012.png

c:\found.000\dir0000.chk\imagens\image013.jpg

c:\found.000\dir0000.chk\imagens\image014.png

c:\found.000\dir0000.chk\imagens\image015.jpg

c:\found.000\dir0000.chk\imagens\image016.png

c:\found.000\dir0000.chk\imagens\image017.jpg

c:\found.000\dir0000.chk\imagens\image018.png

c:\found.000\dir0000.chk\imagens\image019.jpg

c:\found.000\dir0000.chk\imagens\image020.png

c:\found.000\dir0000.chk\imagens\image021.jpg

c:\found.000\dir0000.chk\imagens\image022.png

c:\found.000\dir0000.chk\imagens\image023.jpg

c:\found.000\dir0000.chk\imagens\image024.png

c:\found.000\dir0000.chk\imagens\image025.jpg

c:\found.000\dir0000.chk\imagens\image026.png

c:\found.000\dir0000.chk\imagens\image027.jpg

c:\found.000\dir0000.chk\imagens\image028.png

c:\found.000\dir0000.chk\imagens\image029.jpg

c:\found.000\dir0000.chk\imagens\image030.png

c:\found.000\dir0000.chk\imagens\image031.jpg

c:\found.000\dir0000.chk\imagens\image032.png

c:\found.000\dir0000.chk\imagens\image033.jpg

c:\found.000\dir0000.chk\imagens\image034.png

c:\found.000\dir0000.chk\imagens\image035.jpg

c:\found.000\dir0000.chk\imagens\image036.png

c:\found.000\dir0000.chk\imagens\image037.jpg

c:\found.000\dir0000.chk\imagens\image038.png

c:\found.000\dir0000.chk\imagens\image039.jpg

c:\found.000\dir0000.chk\imagens\image040.png

c:\found.000\dir0000.chk\imagens\image041.jpg

c:\found.000\dir0000.chk\imagens\image042.png

c:\found.000\dir0000.chk\imagens\image043.jpg

c:\found.000\dir0000.chk\imagens\image044.png

c:\found.000\dir0000.chk\imagens\image045.jpg

c:\found.000\dir0000.chk\imagens\image046.gif

c:\found.000\dir0000.chk\imagens\image047.gif

c:\found.000\dir0000.chk\imagens\image048.gif

c:\found.000\dir0000.chk\imagens\image049.gif

c:\found.000\dir0000.chk\imagens\image050.gif

c:\found.000\dir0000.chk\imagens\imagem_verbete.gif

c:\found.000\dir0000.chk\imagens\principal2_01.jpg

c:\found.000\dir0000.chk\imagens\principal2_02.jpg

c:\found.000\dir0000.chk\imagens\principal2_03.jpg

c:\found.000\dir0000.chk\imagens\principal2_04.jpg

c:\found.000\dir0000.chk\imagens\principal2_05.jpg

c:\found.000\dir0000.chk\imagens\principal2_06.jpg

c:\found.000\dir0000.chk\imagens\principal2_07.jpg

c:\found.000\dir0000.chk\imagens\principal2_08.jpg

c:\found.000\dir0000.chk\imagens\principal2_09.jpg

c:\found.000\dir0000.chk\imagens\principal2_10.jpg

c:\found.000\dir0000.chk\imagens\professor2.jpg

c:\found.000\dir0000.chk\imagens\separadorLaranja1.gif

c:\found.000\dir0000.chk\imagens\separadorLaranjaB.gif

c:\found.000\dir0000.chk\imagens\separadorVertical.gif

c:\found.000\dir0000.chk\imagens\setaPqLaranja.gif

c:\found.000\dir0000.chk\imagens\spacer.gif

c:\found.000\dir0000.chk\imagens\usar2.jpg

c:\found.000\dir0000.chk\imagens\verbete2.jpg

c:\found.000\dir0000.chk\inserirnota.htm

c:\found.000\dir0000.chk\manual.htm

c:\found.000\dir0000.chk\manual_arquivos\fabrossauro.htm

c:\found.000\dir0000.chk\manual_arquivos\fabrossauro.swf

c:\found.000\dir0000.chk\manual_arquivos\palavra.htm

c:\found.000\dir0000.chk\manual_arquivos\palavra.swf

c:\found.000\dir0000.chk\manual_arquivos\vssver.scc

c:\found.000\dir0000.chk\navegacao.gif

c:\found.000\dir0000.chk\p-initexto.gif

c:\found.000\dir0000.chk\paginainicial.gif

c:\found.000\dir0000.chk\pavancada.gif

c:\found.000\dir0000.chk\pesquisa.gif

c:\found.000\dir0000.chk\pesquisaalfabetica.htm

c:\found.000\dir0000.chk\pesquisaalfabetica_arquivos\filelist.xml

c:\found.000\dir0000.chk\pesquisaalfabetica_arquivos\image001.gif

c:\found.000\dir0000.chk\pesquisaavancada.htm

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\filelist.xml

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image001.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image002.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image003.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image004.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image005.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image006.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image007.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image008.gif

c:\found.000\dir0000.chk\pesquisaavancada_arquivos\image009.gif

c:\found.000\dir0000.chk\pesquisadigitacao.htm

c:\found.000\dir0000.chk\popAvancadaAnimacao.htm

c:\found.000\dir0000.chk\popFabrosauroAnimacao.htm

c:\found.000\dir0000.chk\popSecretariaAnimacao.htm

c:\found.000\dir0000.chk\popVerbete.htm

c:\found.000\dir0000.chk\principal.htm

c:\found.000\dir0000.chk\principal.jpg

c:\found.000\dir0000.chk\professor.htm

c:\found.000\dir0000.chk\professor\acepcoes.htm

c:\found.000\dir0000.chk\professor\avancada.htm

c:\found.000\dir0000.chk\professor\introducao.htm

c:\found.000\dir0000.chk\professor\macro.htm

c:\found.000\dir0000.chk\professor\verbete.htm

c:\found.000\dir0000.chk\proxant.gif

c:\found.000\dir0000.chk\pselecao.gif

c:\found.000\dir0000.chk\reduzido.gif

c:\found.000\dir0000.chk\secretaria.swf

c:\found.000\dir0000.chk\titulos\biografia.gif

c:\found.000\dir0000.chk\titulos\como_usar.gif

c:\found.000\dir0000.chk\titulos\creditos.gif

c:\found.000\dir0000.chk\titulos\professor.gif

c:\found.000\dir0000.chk\titulos\verbete.gif

c:\found.000\dir0000.chk\verbete.gif

c:\found.000\dir0000.chk\verbete.htm

c:\found.000\dir0000.chk\verbete.swf

c:\found.000\dir0000.chk\verbete\abonacao.htm

c:\found.000\dir0000.chk\verbete\achega.htm

c:\found.000\dir0000.chk\verbete\cabecaVerbete.htm

c:\found.000\dir0000.chk\verbete\categoriaGramatical.htm

c:\found.000\dir0000.chk\verbete\default.htm

c:\found.000\dir0000.chk\verbete\definicao.htm

c:\found.000\dir0000.chk\verbete\etimologia.htm

c:\found.000\dir0000.chk\verbete\exemplo.htm

c:\found.000\dir0000.chk\verbete\imagens\branco.gif

c:\found.000\dir0000.chk\verbete\imagens\bulletTriangulo.gif

c:\found.000\dir0000.chk\verbete\imagens\estilos.css

c:\found.000\dir0000.chk\verbete\imagens\quadrado.gif

c:\found.000\dir0000.chk\verbete\imagens\separadorLaranjaB.gif

c:\found.000\dir0000.chk\verbete\imagens\separadorVertical.gif

c:\found.000\dir0000.chk\verbete\imagens\setaAzul.gif

c:\found.000\dir0000.chk\verbete\imagens\spacer.gif

c:\found.000\dir0000.chk\verbete\imagens\style.css

c:\found.000\dir0000.chk\verbete\imagens\triangulo.gif

c:\found.000\dir0000.chk\verbete\indice.htm

c:\found.000\dir0000.chk\verbete\locucao.htm

c:\found.000\dir0000.chk\verbete\numeroDefinicao.htm

c:\found.000\dir0000.chk\verbete\ortoepia.htm

c:\found.000\dir0000.chk\verbete\regencia.htm

c:\found.000\dir0000.chk\verbete\remissiva.htm

c:\found.000\dir0000.chk\verbete\rubrica.htm

c:\found.000\dir0000.chk\verbete\verbete.htm

c:\found.000\dir0000.chk\verbetessugeridos.htm

c:\found.000\dir0000.chk\word.htm

c:\found.000\dir0001.chk\a.htm

c:\found.000\dir0001.chk\b.htm

c:\found.000\dir0001.chk\c.htm

c:\found.000\dir0001.chk\d.htm

c:\found.000\dir0001.chk\e.htm

c:\found.000\dir0001.chk\f.htm

c:\found.000\dir0001.chk\g.htm

c:\found.000\dir0001.chk\h.htm

c:\found.000\dir0001.chk\i.htm

c:\found.000\dir0001.chk\imagens\bullet.gif

c:\found.000\dir0001.chk\imagens\bulletTriangulo.gif

c:\found.000\dir0001.chk\imagens\estilos.css

c:\found.000\dir0001.chk\imagens\pontilhadoLaranjaB.gif

c:\found.000\dir0001.chk\imagens\quadrado.gif

c:\found.000\dir0001.chk\imagens\separadorLaranjaA.gif

c:\found.000\dir0001.chk\imagens\setaAzul.gif

c:\found.000\dir0001.chk\imagens\setaPqLaranja.gif

c:\found.000\dir0001.chk\imagens\style.css

c:\found.000\dir0001.chk\imagens\triangulo.gif

c:\found.000\dir0001.chk\j.htm

c:\found.000\dir0001.chk\l.htm

c:\found.000\dir0001.chk\m.htm

c:\found.000\dir0001.chk\n.htm

c:\found.000\dir0001.chk\o.htm

c:\found.000\dir0001.chk\p.htm

c:\found.000\dir0001.chk\q.htm

c:\found.000\dir0001.chk\r.htm

c:\found.000\dir0001.chk\s.htm

c:\found.000\dir0001.chk\sinaisConvencionais.htm

c:\found.000\dir0001.chk\t.htm

c:\found.000\dir0001.chk\u.htm

c:\found.000\dir0001.chk\v.htm

c:\found.000\dir0001.chk\z.htm

c:\found.000\file0000.chk

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))

.

 

2009-09-18 18:08 . 2009-09-18 18:08 -------- d-----w- c:\windows\system32\wbem\snmp

2009-09-18 18:08 . 2009-09-18 18:08 -------- d-----w- c:\windows\system32\xircom

2009-09-18 18:08 . 2009-09-18 18:08 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-18 17:26 . 2008-07-04 19:47 20096 ----a-w- c:\windows\system32\drivers\ViaUsbModem.sys

2009-09-18 17:10 . 2009-09-18 17:10 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-18 14:08 . 2009-09-18 17:09 -------- d-----w- C:\ComboFix(2)

2009-09-18 12:24 . 2009-09-18 12:29 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2009-09-18 12:19 . 2009-09-18 17:10 -------- d-----w- c:\arquivos de programas\HP

2009-09-18 12:14 . 2009-09-18 12:24 126123 ----a-w- c:\windows\HPHins12.dat

2009-09-18 12:14 . 2006-06-12 22:21 14916 ------w- c:\windows\hphmdl12.dat

2009-09-17 21:32 . 2009-09-17 21:47 -------- d-----w- C:\Lop SD

2009-09-17 21:31 . 2009-09-17 21:31 501736 ----a-w- C:\LopSD.exe

2009-09-17 19:20 . 2009-09-17 19:20 -------- d-----w- c:\documents and settings\Convidado.USUARIO\Dados de aplicativos\Malwarebytes

2009-09-17 15:45 . 2009-09-17 15:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-09-17 15:45 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 15:45 . 2009-09-17 15:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-17 15:45 . 2009-09-17 19:46 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-17 15:45 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-17 11:54 . 2008-10-16 17:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-09-17 11:54 . 2008-10-16 17:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-09-16 21:52 . 2009-09-18 18:17 -------- d-----w- C:\hijack

2009-09-16 18:14 . 2009-09-18 18:09 -------- d-----w- c:\documents and settings\Administrador\Tracing

2009-09-16 18:11 . 2009-09-16 18:11 -------- d-----w- c:\arquivos de programas\Microsoft

2009-09-16 18:11 . 2009-09-16 18:11 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-09-16 18:10 . 2009-09-16 18:11 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-16 17:07 . 2009-09-16 17:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-15 21:46 . 2009-09-15 21:46 -------- d-----w- C:\5db8a5a7cf940bbb801c20bcf896

2009-09-13 17:14 . 2008-05-09 10:55 180224 ------w- c:\windows\system32\dllcache\scrobj.dll

2009-09-13 17:13 . 2008-05-09 10:55 172032 ------w- c:\windows\system32\dllcache\scrrun.dll

2009-09-13 17:13 . 2008-05-09 10:55 90112 ------w- c:\windows\system32\dllcache\wshext.dll

2009-09-13 17:13 . 2008-05-09 10:55 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

2009-09-13 17:13 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe

2009-09-13 17:13 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe

2009-09-13 17:12 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-09-13 16:13 . 2008-04-11 19:05 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll

2009-09-13 15:19 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys

2009-09-13 15:18 . 2008-05-01 14:36 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2009-09-13 15:11 . 2008-05-27 17:25 765952 ------w- c:\windows\system32\dllcache\vgx.dll

2009-09-13 14:53 . 2008-10-03 10:04 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

2009-09-13 14:39 . 2008-04-21 21:15 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2009-09-13 14:39 . 2008-09-04 17:16 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll

2009-09-13 14:12 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2009-09-13 13:53 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-09-13 04:26 . 2009-08-13 15:21 512000 ------w- c:\windows\system32\dllcache\jscript.dll

2009-09-13 01:49 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys

2009-09-13 01:16 . 2008-10-23 12:37 286720 ------w- c:\windows\system32\dllcache\gdi32.dll

2009-09-12 23:38 . 2009-09-18 18:14 -------- d-----w- c:\documents and settings\Convidado\Configurações locais

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Dados de aplicativos

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Favoritos

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-s---w- c:\documents and settings\Convidado

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Modelos

2009-09-12 23:38 . 2009-09-14 11:44 -------- d-----w- c:\documents and settings\Convidado\Meus documentos

2009-09-12 15:45 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys

2009-09-12 15:45 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2009-09-12 15:40 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2009-09-06 10:45 . 2007-06-18 17:18 23680 ----a-w- c:\windows\system32\drivers\motmodem.sys

2009-09-06 10:45 . 2006-11-13 17:45 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll

2009-09-05 23:20 . 2009-09-05 23:20 -------- d-----w- c:\arquivos de programas\Motorola

2009-09-05 23:20 . 2009-09-05 23:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Motorola Shared

2009-09-04 20:37 . 2009-09-04 20:38 -------- d-----w- c:\arquivos de programas\eMule

2009-09-03 23:39 . 2009-09-03 23:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Google Updater

2009-09-02 01:46 . 2009-09-02 03:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-09-02 01:46 . 2009-09-02 01:46 -------- d-----w- c:\arquivos de programas\NOS

2009-09-02 00:45 . 2009-09-04 00:08 -------- d-----w- c:\arquivos de programas\Google

2009-09-01 23:18 . 2009-09-01 23:18 -------- d-----w- c:\documents and settings\Administrador\Contacts

2009-09-01 22:15 . 2009-09-01 22:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia(CDMA)

2009-09-01 22:15 . 2009-09-01 22:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nokia

2009-09-01 22:14 . 2008-04-13 14:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-09-01 22:14 . 2009-09-18 17:02 -------- d-----w- c:\arquivos de programas\Nokia

2009-09-01 10:16 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-09-01 10:15 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2009-08-31 12:48 . 2009-08-31 12:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Nero

2009-08-20 03:09 . 2009-08-20 03:09 -------- d-----w- C:\spoolerlogs

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-18 15:18 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22bb.tmp

2009-09-18 15:05 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP225c.tmp

2009-09-18 14:55 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22ea.tmp

2009-09-18 14:32 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP228b.tmp

2009-09-18 14:31 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22ab.tmp

2009-09-18 14:24 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP220e.tmp

2009-09-18 14:22 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22ba.tmp

2009-09-18 14:21 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP22e9.tmp

2009-09-18 13:48 . 2009-09-18 13:48 17 ----a-w- c:\arquivos de programas\stinger.opt

2009-09-18 13:46 . 2009-09-18 13:46 297 ----a-w- c:\arquivos de programas\stinger.txt

2009-09-15 04:28 . 2008-04-14 11:00 79944 ----a-w- c:\windows\system32\perfc016.dat

2009-09-15 04:28 . 2008-04-14 11:00 474400 ----a-w- c:\windows\system32\perfh016.dat

2009-09-14 17:17 . 2009-07-23 19:27 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-09-12 17:21 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP31ae.tmp

2009-09-10 12:58 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP2b07.tmp

2009-09-06 10:56 . 2009-09-06 10:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2009-09-06 10:56 . 2009-09-06 10:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-09-03 20:45 . 2009-09-03 12:30 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Winamp

2009-09-03 12:31 . 2009-09-03 12:30 -------- d-----w- c:\arquivos de programas\Winamp

2009-08-31 23:32 . 2009-08-11 21:04 -------- d-----w- c:\arquivos de programas\Heretic

2009-08-23 13:12 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP229b.tmp

2009-08-22 16:07 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP3393.tmp

2009-08-21 22:38 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP2450.tmp

2009-08-20 07:56 . 2009-07-23 14:45 90112 ----a-w- c:\windows\DUMP276d.tmp

2009-08-09 12:33 . 2009-08-08 23:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2009-08-08 23:26 . 2009-08-08 23:26 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink

2009-08-08 23:25 . 2009-08-08 23:25 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink

2009-08-05 09:00 . 2008-04-14 11:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2008-04-14 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-29 04:36 . 2008-04-14 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\CHANGJIE

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\TCIME

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\SCIME

2009-07-23 19:38 . 2009-07-23 19:38 -------- d-----w- c:\arquivos de programas\KOIME

2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\L&H Shared

2009-07-23 19:36 . 2009-07-23 19:36 -------- d-----w- c:\arquivos de programas\LHSP

2009-07-23 19:34 . 2009-07-23 19:34 -------- d-----w- c:\arquivos de programas\Positivo

2009-07-23 19:33 . 2009-07-23 19:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-07-23 19:32 . 2009-07-23 19:32 -------- d-----w- c:\arquivos de programas\MSECache

2009-07-23 19:29 . 2009-07-23 19:29 -------- d-----w- c:\arquivos de programas\Microsoft Works

2009-07-23 19:29 . 2009-07-23 19:29 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-07-23 19:26 . 2009-07-23 19:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-07-23 19:26 . 2009-07-23 19:26 -------- d-----w- c:\arquivos de programas\DVD Shrink

2009-07-23 19:14 . 2009-07-23 19:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-07-23 19:14 . 2009-07-23 19:14 -------- d-----w- c:\arquivos de programas\ESET

2009-07-23 19:08 . 2009-07-23 19:08 -------- d-----w- c:\arquivos de programas\Java

2009-07-23 19:08 . 2009-07-23 19:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2009-07-23 19:07 . 2009-07-23 19:07 -------- d-----w- c:\arquivos de programas\portables

2009-07-23 19:06 . 2009-07-23 19:06 -------- d---a-w- c:\arquivos de programas\Foxit

2009-07-23 19:05 . 2009-07-23 19:05 -------- d-----w- c:\arquivos de programas\Nero

2009-07-23 19:05 . 2009-07-23 19:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero

2009-07-23 19:05 . 2009-07-23 19:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero

2009-07-23 19:04 . 2009-07-23 19:04 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-07-23 19:03 . 2009-07-23 19:03 -------- d-----w- c:\arquivos de programas\My Company Name

2009-07-23 18:56 . 2009-07-23 18:56 -------- d-----w- c:\arquivos de programas\MSBuild

2009-07-23 18:56 . 2009-07-23 18:56 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-07-23 18:44 . 2009-07-23 18:44 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-07-23 18:44 . 2009-07-23 18:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-07-23 18:42 . 2009-07-23 18:42 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-23 18:41 . 2009-07-23 18:41 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-07-23 15:38 . 2009-09-14 18:25 0 ----a-w- c:\documents and settings\Convidado.USUARIO\vga1FD.tmp

2009-07-23 15:38 . 2009-09-14 18:25 0 ----a-w- c:\documents and settings\Convidado.USUARIO\vga1FC.tmp

2009-07-23 15:38 . 2009-09-12 23:38 0 ----a-w- c:\documents and settings\Convidado\vga1FD.tmp

2009-07-23 15:38 . 2009-09-12 23:38 0 ----a-w- c:\documents and settings\Convidado\vga1FC.tmp

2009-07-23 15:38 . 2009-07-23 18:47 0 ----a-w- c:\windows\system32\config\systemprofile\vga1FD.tmp

2009-07-23 15:38 . 2009-07-23 18:47 0 ----a-w- c:\windows\system32\config\systemprofile\vga1FC.tmp

2009-07-23 15:38 . 2009-07-23 15:38 0 ----a-w- c:\documents and settings\Default User\vga1FD.tmp

2009-07-23 15:38 . 2009-07-23 15:38 0 ----a-w- c:\documents and settings\Default User\vga1FC.tmp

2009-07-17 19:03 . 2008-04-14 11:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 02:43 . 2008-06-25 18:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-06-29 15:58 . 2008-06-25 18:52 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 15:58 . 2008-06-25 18:52 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 15:58 . 2008-06-25 18:52 17408 ----a-w- c:\windows\system32\corpol.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaPCSuiteTray"="c:\arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" [2008-07-10 2093056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia PC Suite\\GetConnected.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20/02/2008 11:11 33800]

R2 ekrn;Eset Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11:08 472320]

S2 gupdate1ca2cf22c892a58;Google Update Service (gupdate1ca2cf22c892a58);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [03/09/2009 20:56 133104]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [14/04/2008 8:00 3584]

S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [14/04/2008 8:00 14336]

S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;c:\windows\system32\drivers\ViaUsbEts.sys --> c:\windows\system32\drivers\ViaUsbEts.sys [?]

S3 ViaUsbModemDriver;Nokia 1508 Modem Driver;c:\windows\system32\drivers\ViaUsbModem.sys [18/09/2009 14:26 20096]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-18 c:\windows\Tasks\Google Software Updater.job

- c:\arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-03 23:39]

 

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-03 23:56]

 

2009-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-03 23:56]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-18 16:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2009-09-18 16:35

ComboFix-quarantined-files.txt 2009-09-18 19:35

ComboFix2.txt 2009-09-18 18:14

 

Pré-execução: 12 pasta(s) 27.998.117.888 bytes disponíveis

Pós execução: 12 pasta(s) 28.405.637.120 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

474 --- E O F --- 2009-09-17 20:07

 

#hijackthis atualizado.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:40:27, on 18/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\taskmgr.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD174BDF-5321-48E5-913C-CC05611E2FC3}: NameServer = 200.227.128.21 200.227.128.20

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 4828 bytes

[DigRam 144]

Bom Dia! igorhard

 

<@> Abra o HijackThis --> Clique: Do a system scan only

 

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

 

<@> Marque,àcima,estas entradas!

<@> Clique em Fix checked --> Sim!

<><><><><><><><><><><>

<@> Baixe: < PureRa 1.3 > ( ...by Paul McLain & Fred de Vries )

<@> Salve-o no desktop! <-- Tire-o do zip!

<@> Execute: PureRa.exe --> Clique em Clean.

<@> Á direita,marque a opção: "Check All"

 

< >

 

<@> Clique no botão Clean Selected --> Aguarde!

<@> Terminando ( Finished ),clique em Exit.

<@> Poste o relatório: PureRa.txt <--

<><><><><><><><><><><>

<@> Faça um escaneamento online em: < Panda ActiveScan 2.0 >

<@> Ps: Utilize o navegador Firefox ou Internet Explorer.

<@> Faça o registro gratuito,para que tenhas a opção na desinfecção de arquivos.

<@> Clique em "Registar-se".

<@> Terminando,clique em "Enviar".

<@> Na janela de boas vindas,escolha a "Análise rápida" --> Clique em "Analisar agora".

<@> Se esta é a primeira vez que utiliza o ActiveScan 2.0,com o Mozilla Firefox,será pedido a instalação de um plugin.

<@> Portanto,para que o ActiveScan 2.0 funcione,é necessário transferir e instalar essa extensão.

<@> Aguarde,também,a atualização do ActiveScan 2.0.

<@> Terminando,podes dar início ao scan.

<@> Ao final da verificação,clique em "Disinfect". <-- Caso esteja habilitada!

<@> Clique,à seguir,em "Export to" para que tenhamos o relatório. <-- Salve-o no desktop!

<@> Poste: ActiveScan.txt <--

 

Abraços!

[igorhard 0]

Agora mesmo! Muito obrigado professor.

Regrads

/Getulio Igor

 

ActiveScan 2.0.

 

Congratulations!

 

Today you are not infected.

---------------------------

 

Não apareceu nenhum opção o explorer pulou logo para uma jenela com um rosto, e deu esta mensagem acima, que o Pc não estava "INFECTED". posto somente o log do hijackthis atualizado?

---------------------------

E o PureRa.exe não funcionou de jeito nenhum deu um erro quando abriu uma janela do "DOS" o qual eu tirei um print screen.

Estou perdido não consegui executar as ferramentas as quais fui instruído por DigRam.

Muito obrigado por sua atenção professor, estou no aguardo.

Postarei agora mesmo hijackthis atualizado.

 

Regrads

/Getulio Igor

 

#HiJackThis atualizado,

porem passei o antivirus NOD32

e tem algumas linhas azuis destacadas das demais, será sutil a postagem das?

____________________________________________________________________________

NOD32 --> C:\Documents and Settings\Administrador\ntuser.dat - error opening

----------------------------------------------------------------------------

Tem mais linhas que apresentam o mesmo "error opening"

Se quiser eu posto.

Grato.

/igorhard

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:49:54, on 20/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite\GetConnected.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Google\Google Talk\googletalk.exe

C:\Arquivos de programas\Winamp\winamp.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O4 - HKCU\..\Run: [NokiaPCSuiteTray] "C:\Arquivos de programas\Nokia\Nokia PC Suite\LaunchApplication.exe" -startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD174BDF-5321-48E5-913C-CC05611E2FC3}: NameServer = 200.227.128.21 200.227.128.20

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Update Service (gupdate1ca2cf22c892a58) (gupdate1ca2cf22c892a58) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

 

--

End of file - 4829 bytes

[DigRam 144]

Boa Tarde! igorhard

 

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

 

Abraços!