Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jefinho_cabral

[Arquivado] Analise do Log

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

jefinho_cabral    0

jefinho_cabral
Postado

Meu computador está muito pesado, e fica abirndo pagina do iexplore sem eu fazer nada!

Fica exibindo site de propaganda, fica travando, msn live parou de funcionar.

Acho que está com virus...

Obrigado

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:59:15, on 17/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\svchost.exe

c:\windows\taskmgr.exe

c:\windows\ping.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\iGv6\Discador iG.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe

C:\WINDOWS\system32\sfdhost.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Save\Save.exe

C:\Arquivos de programas\AdVantage\AdVantage.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/'>http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\windows\taskmgr.exe,c:\windows\ping.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Arquivos de programas\DAEMON Tools SearchBar\search.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Arquivos de programas\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [global bias start axis] C:\Documents and Settings\All Users\Dados de aplicativos\LogBinGlobalBias\Bindactive.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WhenUSearch] "C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Fan App] sfdhost.exe

O4 - HKLM\..\RunServices: [Fan App] sfdhost.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [WhenUSave] "C:\Arquivos de programas\Save\Save.exe"

O4 - HKCU\..\Run: [AdVantage] "C:\Arquivos de programas\AdVantage\AdVantage.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: The Matrix_ Path of Neo Registration.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O4 - Global Startup: mjavas.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{511FD95E-D694-4F43-9B39-245E063F85AC}: NameServer = 200.149.55.142 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O24 - Desktop Component 0: (no name) - http://www.omelete.com.br/imagens/cinema/news/tartarugas_ninjas/1p.jpg

 

--

End of file - 9651 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! jefinho_cabral

 

<@> Baixe: < marcinsig.gif > Malwarebytes

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jefinho_cabral    0

jefinho_cabral
Postado

Boa noite!

Foi feito o processo do anti-vírus sendo que não atualizei ele, pois continua dando um erro no qual eu entro no site do anti-malware Malwarebytes ou em qualquer outro site aparece seguinte mensagem:

 

Servidor não encontrado

O Firefox não conseguiu localizar wl.dlservice.microsoft.com.

* Verifique se há algum erro de digitação no endereço. Como ww.exemplo.com.br em vez de www.exemplo.com.br

 

* Se você não conseguir abrir nenhuma página, verifique a conexão de rede do seu computador.

 

* Se o computador ou rede estiverem protegidos por um firewall ou proxy, certifique-se de que o Firefox está autorizado a acessar a web.

 

isso acontece tanto no Firefox quanto iexplore sendo que o erro não corresponde ao firewall ou proxy pois já tentei desabilitá-los mais continua dando o mesmo erro.

 

Valeu obrigado.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:54:06, on 19/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

c:\windows\ping.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\iGv6\Discador iG.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe

C:\WINDOWS\system32\sfdhost.exe

C:\ARQUIV~1\iGv6\sysbrand.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/'>http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://farejador.ig.com.br

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\windows\ping.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Arquivos de programas\DAEMON Tools SearchBar\search.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [global bias start axis] C:\Documents and Settings\All Users\Dados de aplicativos\LogBinGlobalBias\Bindactive.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [WhenUSearch] "C:\Arquivos de programas\DAEMON Tools SearchBar\Search.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Fan App] sfdhost.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunServices: [Fan App] sfdhost.exe

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: The Matrix_ Path of Neo Registration.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O4 - Global Startup: mjavas.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{511FD95E-D694-4F43-9B39-245E063F85AC}: NameServer = 200.222.0.34 200.202.193.75

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O24 - Desktop Component 0: (no name) - http://www.omelete.com.br/imagens/cinema/news/tartarugas_ninjas/1p.jpg

 

--

End of file - 9187 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! jefinho_cabral

 

<@> Baixe: < icon.gif > ( ...by andymanchesta )

<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.

<@> Reinicie o computador em Modo de Segurança. <-- Link!

<@> Dê um duplo clique em: < runThis.bat >

 

<!> Caso uma janela abra e feche,repentinamente!

<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!

<!> Reinicie o computador e execute,novamente,o SDFix.

<!> Caso não funcione,verifique a variável %comspec%.

<!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas.

<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:

 

<!> Valor: %SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter. ( Ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

<@> Poste: Report.txt <--

<><><><><><><><><><><>

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Desabilite seu anti-vírus ou Firewall.

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

 

Lop_Choix-large.jpg

 

<@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde!

 

Lop_Lang_en-large.jpg

 

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<><><><><><><><><><><>

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\Desktop\Combofix.exe" /killall

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

 

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: Rookit_found.gif

 

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><>

<@> Terminando,poste os relatórios:

 

<1> C:\ComboFix.txt <--

<2> HijackThis,atualizado <--

<3> Report.txt <--

<4> C:\Lop SD\LopR_1.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jefinho_cabral    0

jefinho_cabral
Postado

Boa noite!

 

Foi feito todos os procedimentos mais continua apresentando o mesmo erro de não poder exibir página . vão seguir os relatório pedidos .

 

Obrigado abraço!!!

 

<1> C:\ComboFix.txt <--

ComboFix 09-09-18.02 - Administrador 20/09/2009 20:53.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.696 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: Eset NOD32 sistema antivírus 2.50 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\DAEMON Tools SearchBar\search.dll

c:\windows\ping.exe

c:\windows\svchost

c:\windows\svcpool.dll

c:\windows\system32\drivers\npf.sys

c:\windows\system32\hosts.scr

c:\windows\system32\kernel1.exe

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))

.

 

2009-09-20 23:08 . 2009-09-20 23:11 -------- d-----w- C:\Lop SD

2009-09-20 22:54 . 2009-09-20 22:56 501736 ----a-w- C:\LopSD.exe

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\windows\system32\xircom

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\windows\system32\wbem\snmp

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\windows\system32\oobe

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-20 22:38 . 2009-09-20 22:38 -------- d-----w- c:\windows\ERUNT

2009-09-20 22:14 . 2009-09-20 22:47 -------- d-----w- C:\SDFix

2009-09-20 22:07 . 2009-09-20 22:12 1529241 ----a-w- C:\SDFix.exe

2009-09-19 21:14 . 2009-09-19 21:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-09-19 21:14 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-19 21:13 . 2009-09-19 21:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-19 21:13 . 2009-09-19 21:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-19 21:13 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-17 19:01 . 2009-09-17 19:01 -------- d-----w- c:\arquivos de programas\Sierra

2009-09-17 17:49 . 2009-09-17 17:49 -------- d-----w- C:\backup

2009-09-17 16:55 . 2009-09-17 16:55 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-17 16:20 . 2005-09-19 19:43 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2009-09-17 16:20 . 2005-09-19 19:43 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-09-17 16:20 . 2005-09-19 19:43 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-09-17 16:20 . 2005-09-19 19:43 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-09-17 03:35 . 2009-09-17 03:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Stardock

2009-09-17 03:30 . 2009-09-17 03:30 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-17 03:29 . 2009-09-17 03:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\WhenU

2009-09-17 03:29 . 2009-09-20 23:55 -------- d-----w- c:\arquivos de programas\DAEMON Tools SearchBar

2009-09-17 03:29 . 2009-09-17 03:29 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\WhenU

2009-09-16 22:27 . 2009-09-16 22:27 -------- d-----w- c:\arquivos de programas\Stardock

2009-09-16 21:28 . 2009-09-17 19:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Trymedia

2009-09-13 17:30 . 2009-09-18 03:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-09-13 17:30 . 2009-09-13 17:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-09-13 16:28 . 2009-09-19 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-08-31 12:53 . 2009-09-17 03:29 -------- d-----w- c:\arquivos de programas\segurança contra vírus e spam

2009-08-31 12:12 . 2009-09-17 03:29 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-08-31 12:12 . 2009-09-17 03:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-08-31 12:12 . 2009-08-31 12:12 -------- d-----w- c:\arquivos de programas\Lavasoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-20 23:51 . 2008-03-02 16:59 -------- d-----w- c:\arquivos de programas\Oi Internet

2009-09-20 23:43 . 2006-12-05 19:52 -------- d-----w- c:\arquivos de programas\ESET

2009-09-20 23:16 . 2006-12-09 02:50 -------- d-----w- c:\arquivos de programas\iGv6

2009-09-20 22:30 . 2009-06-10 23:18 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-09-17 03:29 . 2007-04-29 21:12 -------- d-----w- c:\arquivos de programas\Windows Live Toolbar

2009-09-17 03:28 . 2009-06-10 02:12 -------- d-----w- c:\arquivos de programas\DAEMON Tools

2009-09-17 03:28 . 2009-06-10 02:12 -------- d-----w- c:\arquivos de programas\GameSpy Arcade

2009-09-12 23:57 . 2006-12-05 19:53 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-07-31 20:41 . 2007-06-10 16:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer

2009-07-29 14:15 . 2009-07-29 14:15 -------- d-----w- c:\arquivos de programas\GoMyTEAM

2008-04-05 11:38 . 2009-06-01 05:05 6138047 ----a-w- c:\arquivos de programas\sal_tex_high_01.pssg

2007-02-07 21:21 . 2007-02-07 21:21 567 ----a-w- c:\arquivos de programas\Atalho para CyberLink DVD Solution.lnk

2004-10-01 17:00 . 2006-12-19 22:53 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2008-12-20 02:17 . 2008-08-30 23:49 67688 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll

2008-12-20 02:17 . 2008-08-30 23:49 54368 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2008-12-20 02:17 . 2008-08-30 23:49 34944 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll

2008-12-20 02:17 . 2008-08-30 23:49 46712 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2008-12-20 02:17 . 2008-08-30 23:49 172136 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

2004-08-04 03:45 . 2004-08-04 03:45 171376 --sha-r- c:\windows\system32\fuzxyq.dll

.

 

------- Sigcheck -------

 

[-] 2006-08-25 . 9724ECD4529AF317DD5BD6194EB6428C . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-08-25 . 873E9E5B23D206BE443ABD3CF597C2E8 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\sp2qfe\comctl32.dll

[-] 2006-08-25 . 50141E3C168F02C3920891400CEC9FF4 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-03-17 . C82BBB7D9814AEFAD9D8EAC835FC73B8 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\f1e95efde9d0fcd98ccb360c7cd7f789\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2005-09-19 . 472BE19EDF1B28DC75FB6DC4B55B3CF6 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2005-08-31 . 70BBD3548F745527E3510442C1544ED7 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\1a90747611a07d9fa6e0ab88e775c802\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\a3f50ca82cf30e090a6af182ef0b5931\sp2qfe\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\a3f50ca82cf30e090a6af182ef0b5931\sp2gdr\tcpip.sys

[-] 2005-09-19 . DBC20C4332FE84B826530C49AE09721E . 359936 . . [5.1.2600.2685] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2007-02-19 . 0D23C3095A171FC2097A47935210C4EE . 3077632 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2GDR\mshtml.dll

[-] 2007-02-19 . 06F8E693E5B804EF385516A561D7BE60 . 3084288 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2QFE\mshtml.dll

[-] 2005-09-19 . E2BFA54BF52619F13651D4FCF48EC956 . 3014144 . . [6.00.2900.2722] . . c:\windows\system32\mshtml.dll

 

[-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntoskrnl.exe

[-] 2007-02-28 . 986C40660057A2BAC752ED4F97CF4A10 . 2184576 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntoskrnl.exe

[-] 2005-09-19 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\system32\ntoskrnl.exe

 

[-] 2005-09-19 . A38FDDA0A6FEC3ACAA8511366AACC6A3 . 396288 . . [5.1.2600.2665] . . c:\windows\system32\rpcss.dll

[-] 2005-07-26 . 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B . 397824 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\b8316d1eaff2956cb69c44e409a59efa\sp2gdr\rpcss.dll

[-] 2005-07-26 . 3EBF666347F1BB6AA9F091C36020A78A . 398336 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\b8316d1eaff2956cb69c44e409a59efa\sp2qfe\rpcss.dll

 

[-] 2005-09-19 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

 

[-] 2005-09-19 . F94EBF229DC4A2A74A4CEA0318103FD2 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

 

[-] 2007-02-19 . 5925ECE8848E66691E8720CC2B839844 . 667648 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2QFE\wininet.dll

[-] 2007-02-19 . DE2D940C31FB62F7188FB9AB86B47221 . 660992 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2GDR\wininet.dll

[-] 2005-09-19 . CB38F344FAA2CC14A3C6D4E64073F07B . 661504 . . [6.00.2900.2713] . . c:\windows\system32\wininet.dll

 

[-] 2005-09-19 . 07AF0154923DF6DEC6DE9CA0D4B04F8F . 1034240 . . [6.00.2900.2527] . . c:\windows\explorer.exe

 

[-] 2005-09-19 . 9DD429359FE067BA52D00C0DBB9537EE . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

 

[-] 2005-09-19 20:12 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\mspmsnsv.dll

 

[-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntkrnlpa.exe

[-] 2007-02-28 . 1683AF18422F7DE34575EE95BE882AD1 . 2061824 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntkrnlpa.exe

[-] 2005-09-19 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\system32\ntkrnlpa.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysBrand"="c:\arquiv~1\iGv6\sysbrand.exe" [2004-12-08 36864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

"STYLEXP"="c:\arquivos de programas\TGTSoft\StyleXP\StyleXP.exe" [2005-03-17 1159168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-12 2899968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-12 46080]

"Discador iG"="c:\arquivos de programas\iGv6\Discador iG.exe" [2005-07-25 1329152]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-12 782336]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2009-9-17 3450608]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Discador Oi Internet.lnk - c:\arquivos de programas\Oi Internet\discaoi.exe [2005-7-21 1349120]

mjavas.exe [2007-6-9 762368]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\mjavas.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\MotoGP2\\motogp2.exe"=

"c:\\Arquivos de programas\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9520:TCP"= 9520:TCP:afvckcdw

 

S2 zdtosigo;Boot Driver;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 00:45 14336]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/5/2009 10:08 42112]

S3 padenum;Enumerador de dispositivos de NTPAD;c:\windows\system32\DRIVERS\padenum.sys --> c:\windows\system32\DRIVERS\padenum.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;c:\windows\system32\drivers\ntpad.sys --> c:\windows\system32\drivers\ntpad.sys [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

zdtosigo

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-20 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 20:39]

.

.

------- Scan Suplementar -------

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.orkut.com/

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: imon.dll

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\2ldqol5j.default\

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}\components\tab_effect_xpcom.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-nod32kui - c:\arquivos de programas\Eset\nod32kui.exe

HKLM-Run-global bias start axis - c:\documents and settings\All Users\Dados de aplicativos\LogBinGlobalBias\Bindactive.exe

HKLM-Run-Adobe Photo Downloader - c:\arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

HKLM-Run-Fan App - sfdhost.exe

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\arquivos de programas\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-20 20:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zdtosigo]

"ServiceDll"="c:\windows\system32\fuzxyq.dll"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(576)

c:\windows\system32\imon.dll

 

- - - - - - - > 'explorer.exe'(2220)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSPTB.DLL

c:\arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

c:\windows\system32\nvwddi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\rundll32.exe

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-20 20:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-20 23:59

 

Pré-execução: 11 pasta(s) 13.634.924.544 bytes disponíveis

Pós execução: 13 pasta(s) 13.572.435.968 bytes disponíveis

 

252

 

<2> HijackThis,atualizado <--

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:24:33, on 20/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\iGv6\Discador iG.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: The Matrix_ Path of Neo Registration.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O4 - Global Startup: mjavas.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{511FD95E-D694-4F43-9B39-245E063F85AC}: NameServer = 200.222.0.34 200.202.193.75

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O24 - Desktop Component 0: (no name) - http://www.omelete.com.br/imagens/cinema/news/tartarugas_ninjas/1p.jpg

 

--

End of file - 7782 bytes

 

<3> Report.txt <--

 

rport.txt

SDFix: Version 1.240

Run by Administrador on dom 20/09/2009 at 19:41

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\Administrador\Configura‡äes locais\Temp\Google Toolbar\gtb1A.tmp.exe - Deleted

C:\Documents and Settings\Administrador\Configura‡äes locais\Temp\Google Toolbar\gtb4.tmp.exe - Deleted

C:\Documents and Settings\Administrador\Configura‡äes locais\Temp\Google Toolbar\gtb8.tmp.exe - Deleted

C:\WINDOWS\system32\sfdhost.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-20 19:46:39

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:52e3d283

"s2"=dword:5389345a

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:f9,f5,08,64,5a,68,30,0b,44,25,b7,0f,8b,8f,dc,51,d3,61,fc,ef,50,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,d0,cd,82,88,c1,d1,25,22,48,4d,e5,6d,84,bb,41,47,06,..

"khjeh"=hex:58,3f,f9,42,6b,a8,31,01,68,fc,25,fb,6a,c6,2e,e6,9a,60,89,bd,8c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:c3,22,28,5e,32,a7,82,6b,de,13,18,25,79,df,1a,4c,95,e5,68,78,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zdtosigo]

"DisplayName"="Boot Driver"

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Description"="Fornece funcionalidade de inicialização para serviços DCOM."

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zdtosigo\Parameters]

"ServiceDll"=str(2):"C:\WINDOWS\system32\fuzxyq.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:f9,f5,08,64,5a,68,30,0b,44,25,b7,0f,8b,8f,dc,51,d3,61,fc,ef,50,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,d0,cd,82,88,c1,d1,25,22,48,4d,e5,6d,84,bb,41,47,06,..

"khjeh"=hex:58,3f,f9,42,6b,a8,31,01,68,fc,25,fb,6a,c6,2e,e6,9a,60,89,bd,8c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:c3,22,28,5e,32,a7,82,6b,de,13,18,25,79,df,1a,4c,95,e5,68,78,3b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zdtosigo]

"DisplayName"="Boot Driver"

"Type"=dword:00000020

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs"

"ObjectName"="LocalSystem"

"Description"="Fornece funcionalidade de inicialização para serviços DCOM."

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zdtosigo\Parameters]

"ServiceDll"=str(2):"C:\WINDOWS\system32\fuzxyq.dll"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

"C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\mjavas.exe"="C:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\mjavas.exe:*:Enabled:alicdjja"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

"C:\\Arquivos de programas\\EA GAMES\\NFS Underground\\3DSetup\\3DSetup.exe"="C:\\Arquivos de programas\\EA GAMES\\NFS Underground\\3DSetup\\3DSetup.exe:*:Enabled:3DSetup"

"C:\\Arquivos de programas\\MotoGP2\\motogp2.exe"="C:\\Arquivos de programas\\MotoGP2\\motogp2.exe:*:Enabled:motogp2"

"C:\\Arquivos de programas\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"="C:\\Arquivos de programas\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE:*:Enabled:OR2006C2C"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Wed 4 Aug 2004 171,376 A.SHR --- "C:\WINDOWS\system32\fuzxyq.dll"

Tue 8 Mar 2005 630,784 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\ACE.dll"

Sat 14 Jan 2006 3,072 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\AdobeLM.dll"

Mon 21 Mar 2005 108,544 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Adobelmsvc Installer.dll"

Thu 3 Mar 2005 425,984 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\AdobeUpdater.dll"

Tue 8 Mar 2005 475,136 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\AdobeXMP.dll"

Mon 7 Feb 2005 5,632 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\agldt28l.dll"

Sun 13 Mar 2005 1,805,824 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\AGM.dll"

Tue 8 Mar 2005 121,856 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\ARE.dll"

Tue 24 Aug 2004 126,976 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\asneu.dll"

Tue 8 Mar 2005 151,552 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\AXE16SharedExpat.dll"

Tue 8 Mar 2005 151,552 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\AXE8SharedExpat.dll"

Tue 8 Mar 2005 180,224 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Bib.dll"

Tue 8 Mar 2005 217,088 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\BIBUtils.dll"

Tue 8 Mar 2005 878,592 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\CoolType.dll"

Tue 16 Sep 2003 1,177,209 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\emu.dll"

Thu 10 Feb 2005 143,360 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\epic_eula.dll"

Tue 18 Jan 2005 114,688 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\epic_pers.dll"

Wed 19 Jan 2005 155,648 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\epic_regs.dll"

Tue 8 Feb 2005 45,056 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\eularesen_US.dll"

Thu 17 Feb 2005 663,552 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\FileInfo.dll"

Sat 14 Jan 2006 6,786,048 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\ImageReady.exe"

Mon 14 Feb 2005 561,152 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\JP2KLib.dll"

Tue 22 Jun 2004 589,824 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\libagluc28.dll"

Thu 10 Mar 2005 3,715,072 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\MPS.dll"

Mon 28 Aug 2000 220,672 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\MSVCP60.DLL"

Thu 8 May 2003 499,712 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\msvcp71.dll"

Thu 8 May 2003 348,160 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\msvcr71.dll"

Mon 1 Feb 1999 121,344 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Msvcrt.dll"

Sun 13 Mar 2005 1,572,352 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\PDFL70.dll"

Wed 12 Jan 2005 180,224 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\pdfsettings.dll"

Tue 8 Feb 2005 49,152 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\persresen_US.dll"

Mon 21 Mar 2005 763,904 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Photoshop.dll"

Sat 14 Jan 2006 6,566,400 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Photoshop.exe"

Mon 21 Mar 2005 41,984 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Plugin.dll"

Mon 21 Mar 2005 1,508,864 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\PSArt.dll"

Thu 29 Jun 2006 5,282 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\pscs2.reg"

Mon 21 Mar 2005 443,904 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\PSViews.dll"

Wed 16 Mar 2005 61,440 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\regsresen_US.dll"

Fri 3 Dec 1999 9,728 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Shfolder.dll"

Thu 29 Jun 2006 5,284 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\unpscs2.reg"

Tue 8 Mar 2005 4,153,344 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\VersionCue.dll"

Tue 8 Mar 2005 3,170,304 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\VersionCueUI.dll"

Wed 6 Dec 2006 89,136 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE"

Mon 21 Mar 2005 58,368 A..H. --- "C:\Documents and Settings\Administrador\Meus documentos\PhotoshopCS2-Portable\Adobe_Photoshop_CS2\Required\Droplet Template.exe"

Wed 6 Dec 2006 224,344 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLEAN.DLL"

Wed 6 Dec 2006 58,456 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE"

Wed 6 Dec 2006 620,088 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE"

Wed 6 Dec 2006 39,992 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWDCW20.DLL"

Wed 6 Dec 2006 34,880 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE"

Wed 6 Dec 2006 110,680 A..H. --- "C:\MSOCache\All Users\90000416-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1046\DWINTL20.DLL"

 

Finished!

 

 

C:\Lop SD\LopR_1.txt

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3000+ )

BIOS : BIOS Date: 11/09/05 11:45:49 Ver: 08.00.12

USER : Administrador ( Administrator )

BOOT : Normal boot

Antivirus : Eset NOD32 sistema antivírus 2.50 2.50 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)

D:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( dom 20/09/2009|20:09 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\body wait.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\Build army.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\Hold Hide.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\Meet One.dat

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web\up for.dat

Deletado! - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\nsl2E.tmp

Deletado! - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\nsw7.tmp

Deletado! - C:\Arquivos de programas\Adverts\Adobe

Deletado! - C:\DOCUME~1\ADMINI~1\Cookies\administrador@adserver5[2].txt

Deletado! - C:\DOCUME~1\ADMINI~1\Cookies\administrador@www.adserver5[1].txt

Deletado! - C:\DOCUME~1\ADMINI~1\Cookies\administrador@888[1].txt

Deletado! - C:\DOCUME~1\ALLUSE~1\DADOSD~1\Book Slow Axis Web

Deletado! - C:\Arquivos de programas\Adverts

-

[ Arquivos/Ficheiros Hosts ] .. RESTAURADO

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[10/12/2008|00:39] C:\DOCUME~1\ADMINI~1\DADOSD~1\Adobe

[23/04/2007|11:58] C:\DOCUME~1\ADMINI~1\DADOSD~1\AdobeUM

[31/07/2009|17:41] C:\DOCUME~1\ADMINI~1\DADOSD~1\BSplayer

[01/06/2008|17:50] C:\DOCUME~1\ADMINI~1\DADOSD~1\BSplayer Pro

[27/04/2007|21:59] C:\DOCUME~1\ADMINI~1\DADOSD~1\CyberLink

[27/04/2007|21:54] C:\DOCUME~1\ADMINI~1\DADOSD~1\Google

[19/04/2007|15:09] C:\DOCUME~1\ADMINI~1\DADOSD~1\Help

[05/12/2006|16:56] C:\DOCUME~1\ADMINI~1\DADOSD~1\Identities

[19/12/2006|19:54] C:\DOCUME~1\ADMINI~1\DADOSD~1\InterTrust

[11/05/2008|18:44] C:\DOCUME~1\ADMINI~1\DADOSD~1\Leadertech

[24/12/2006|11:27] C:\DOCUME~1\ADMINI~1\DADOSD~1\Macromedia

[19/09/2009|18:14] C:\DOCUME~1\ADMINI~1\DADOSD~1\Malwarebytes

[06/07/2008|09:51] C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic

[29/07/2009|11:15] C:\DOCUME~1\ADMINI~1\DADOSD~1\Microsoft

[27/07/2008|18:59] C:\DOCUME~1\ADMINI~1\DADOSD~1\Mozilla

[15/07/2007|20:10] C:\DOCUME~1\ADMINI~1\DADOSD~1\Real

[02/05/2007|02:07] C:\DOCUME~1\ADMINI~1\DADOSD~1\Screenshot Sender

[18/09/2009|00:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\skypePM

[12/01/2007|16:19] C:\DOCUME~1\ADMINI~1\DADOSD~1\Sun

[02/08/2008|23:30] C:\DOCUME~1\ADMINI~1\DADOSD~1\Talkback

[17/09/2009|00:29] C:\DOCUME~1\ADMINI~1\DADOSD~1\WhenU

[20/09/2009|19:46] C:\DOCUME~1\ADMINI~1\DADOSD~1\WinRAR

 

[17/09/2009|00:29] C:\DOCUME~1\ALLUSE~1\DADOSD~1\{83C91755-2546-441D-AC40-9A6B4B860800}

[11/05/2008|18:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[09/11/2007|20:39] C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

[27/04/2007|21:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[27/04/2007|21:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[17/09/2009|00:29] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

[19/09/2009|18:14] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes

[17/09/2009|00:01] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[31/05/2008|12:32] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NFS Underground

[06/12/2006|15:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

[05/12/2006|16:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[19/09/2009|16:52] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[20/09/2009|19:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[27/08/2007|21:06] C:\DOCUME~1\ALLUSE~1\DADOSD~1\That Amen Second Book

[17/09/2009|16:03] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Trymedia

[29/04/2007|18:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Live Toolbar

 

[05/12/2006|16:52] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

[05/12/2006|16:53] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Real

 

[05/12/2006|16:55] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[05/12/2006|16:55] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[31/08/2009 09:15][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[20/09/2009 19:13][--a------] C:\WINDOWS\tasks\Verificar Atualiza‡äes para a Barra de Ferramentas do Windows Live.job

[20/09/2009 19:45][--ah-----] C:\WINDOWS\tasks\SA.DAT

[28/10/2001 14:07][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[12/05/2008|08:59] C:\Arquivos de programas\Adobe

[12/10/2007|00:41] C:\Arquivos de programas\Ahead

[06/12/2006|15:27] C:\Arquivos de programas\Anti-Blaxx

[19/09/2009|16:52] C:\Arquivos de programas\Arquivos comuns

[18/06/2009|12:33] C:\Arquivos de programas\Atari

[26/01/2009|00:30] C:\Arquivos de programas\Avanquest update

[05/12/2006|17:25] C:\Arquivos de programas\AvRack

[03/06/2009|00:44] C:\Arquivos de programas\Black Bean

[01/06/2008|20:24] C:\Arquivos de programas\BSPlayer_WhenUSave_Installer

[05/12/2006|16:49] C:\Arquivos de programas\ComPlus Applications

[28/04/2007|10:23] C:\Arquivos de programas\CyberLink

[19/04/2007|12:00] C:\Arquivos de programas\CyberLink DVD Solution

[17/09/2009|00:28] C:\Arquivos de programas\DAEMON Tools

[20/09/2009|19:49] C:\Arquivos de programas\DAEMON Tools SearchBar

[13/10/2008|10:42] C:\Arquivos de programas\Digital Photo Navigator 1.5

[06/01/2007|18:08] C:\Arquivos de programas\DVD Decrypter

[24/04/2007|15:28] C:\Arquivos de programas\ESET

[21/03/2009|18:53] C:\Arquivos de programas\FLV Player

[13/05/2009|09:27] C:\Arquivos de programas\Free WMA to MP3 Converter

[17/09/2009|00:28] C:\Arquivos de programas\GameSpy Arcade

[29/07/2009|11:15] C:\Arquivos de programas\GoMyTEAM

[07/03/2009|19:30] C:\Arquivos de programas\Google

[05/01/2009|16:18] C:\Arquivos de programas\GT Interactive

[20/09/2009|19:52] C:\Arquivos de programas\iGv6

[18/06/2009|12:33] C:\Arquivos de programas\InstallShield Installation Information

[05/12/2006|16:51] C:\Arquivos de programas\Internet Explorer

[19/04/2007|23:26] C:\Arquivos de programas\Java

[12/09/2009|20:57] C:\Arquivos de programas\K-Lite Codec Pack

[31/08/2009|09:12] C:\Arquivos de programas\Lavasoft

[19/09/2009|18:14] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[26/06/2007|19:02] C:\Arquivos de programas\MAX-FX Tools

[20/09/2009|19:45] C:\Arquivos de programas\microsoft frontpage

[06/12/2006|11:48] C:\Arquivos de programas\Microsoft Office

[06/12/2006|11:48] C:\Arquivos de programas\Microsoft Visual Studio

[06/12/2006|11:48] C:\Arquivos de programas\Microsoft.NET

[18/06/2009|11:48] C:\Arquivos de programas\MotoGP2

[26/01/2009|00:30] C:\Arquivos de programas\Motorola Phone Tools

[05/12/2006|16:50] C:\Arquivos de programas\Movie Maker

[20/09/2009|19:51] C:\Arquivos de programas\Mozilla Firefox

[05/12/2006|16:49] C:\Arquivos de programas\MSN Gaming Zone

[05/12/2006|16:50] C:\Arquivos de programas\NetMeeting

[30/08/2009|17:59] C:\Arquivos de programas\Oi Internet

[01/06/2009|01:40] C:\Arquivos de programas\OpenAL

[05/12/2006|16:50] C:\Arquivos de programas\Outlook Express

[26/07/2008|21:38] C:\Arquivos de programas\Panda Software

[06/10/2007|11:36] C:\Arquivos de programas\PRO.DE FOTOS DO CEL

[09/06/2009|23:12] C:\Arquivos de programas\programa de visual

[08/03/2008|19:07] C:\Arquivos de programas\Programas RFB

[05/12/2006|17:24] C:\Arquivos de programas\Realtek AC97

[05/12/2006|17:25] C:\Arquivos de programas\Realtek Sound Manager

[02/06/2009|22:37] C:\Arquivos de programas\Sega

[17/09/2009|00:29] C:\Arquivos de programas\seguran‡a contra v¡rus e spam

[05/12/2006|16:50] C:\Arquivos de programas\Servi‡os on-line

[17/09/2009|16:01] C:\Arquivos de programas\Sierra

[16/09/2009|19:27] C:\Arquivos de programas\Stardock

[27/04/2007|23:41] C:\Arquivos de programas\TGTSoft

[05/12/2006|16:51] C:\Arquivos de programas\Uninstall Information

[01/06/2009|02:09] C:\Arquivos de programas\USB Vibration

[29/01/2008|08:27] C:\Arquivos de programas\Webteh

[17/09/2009|13:55] C:\Arquivos de programas\Windows Live

[17/09/2009|00:29] C:\Arquivos de programas\Windows Live Toolbar

[05/12/2006|16:52] C:\Arquivos de programas\Windows Media Player

[05/12/2006|16:48] C:\Arquivos de programas\Windows NT

[05/12/2006|16:51] C:\Arquivos de programas\WindowsUpdate

[19/04/2007|15:09] C:\Arquivos de programas\WinRAR

[20/09/2009|19:45] C:\Arquivos de programas\xerox

[21/03/2009|17:17] C:\Arquivos de programas\zeraha.org

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[11/05/2008|18:43] C:\Arquivos de programas\Arquivos comuns\Adobe

[24/05/2007|11:40] C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[19/12/2006|19:44] C:\Arquivos de programas\Arquivos comuns\Ahead

[06/12/2006|11:48] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[22/01/2008|20:48] C:\Arquivos de programas\Arquivos comuns\DirectX

[05/12/2006|17:23] C:\Arquivos de programas\Arquivos comuns\InstallShield

[05/12/2006|16:53] C:\Arquivos de programas\Arquivos comuns\Java

[29/04/2007|18:12] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[08/05/2009|00:50] C:\Arquivos de programas\Arquivos comuns\Motorola Shared

[05/12/2006|16:50] C:\Arquivos de programas\Arquivos comuns\MSSoap

[05/12/2006|14:34] C:\Arquivos de programas\Arquivos comuns\ODBC

[26/07/2008|21:36] C:\Arquivos de programas\Arquivos comuns\Panda Software

[26/10/2007|12:48] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[05/12/2006|14:34] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[17/09/2009|00:35] C:\Arquivos de programas\Arquivos comuns\Stardock

[06/12/2006|11:48] C:\Arquivos de programas\Arquivos comuns\System

[17/09/2009|00:29] C:\Arquivos de programas\Arquivos comuns\WhenU

 

--------------------\\ Process

 

( 35 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-20 20:10:37

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\ADMINI~1\Recent\!! IMPORTANTE!!Crack .txt.lnk

C:\DOCUME~1\ADMINI~1\Recent\Crack myJal.lnk

 

 

[F:15][D:330]-> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp

[F:433][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies

[F:185][D:4]-> C:\DOCUME~1\ADMINI~1\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - dom 20/09/2009|20:11 - Option : [2]

 

--------------------\\ Verificação completa em 20:11:09

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! jefinho_cabral

 

<@> Faça uma verificação,ao arquivo Hosts,e veja se está no padrão.

<@> No Windows XP,verifique: C:\WINDOWS\System32\Drivers\etc <--

<@> Abra essa pasta,e localize o arquivo Hosts.

<@> Ps: Abra-o com o Bloco de Notas!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

<@> Ps: No Hosts,padronizado,não poderemos ter informações,abaixo de 127.0.0.1 localhost,que indiquem sites de antivírus.

<@> Tendo dúvidas,baixe e execute o HostsXpert,que gerenciará seu arquivo Hosts.

 

<1> < Link 1 >

<2> < Link 2 >

<3> < Link 3 > <-- Descompacte-o ao utilizar!

 

<@> Ela colocará o Hosts no padrão,dentre outras opções incluídas no gerenciamento:

 

- Append File - Allows selection of a file to be appended to your current hosts file.

- Replace File - Allows selection of a file to replace your hosts file.

- Merge File - Allows selection of a file to be merged with your current hosts file.

- Create Backup - Creates a Backup of you current hosts file. Backup file will be placed where ever HostsXpert.exe resides on your Hard drive.

- Restore Backup - Restores the backup hosts file.

- Restore MS Hosts - Restores the hosts file to Microsofts original hosts file. <-- Padroniza o Hosts!

- Add to Hosts Files - Adds the line item into your hosts file.

- Delete Line - Deletes highlighted line from hosts file.

- Comments - Insert # / Remove# - Insert or Remove "#" (comment marker).

- Sort File - Sorts the current hosts file in alphanumeric order, removes all comment lines.

- Swap Localhost - Swaps the current hosts file between 127.0.0.1 and 0.0.0.0

- Remove Block Items - Removes all blocking lines in the current hosts file.

- Copy to Clipboard - Copies the current hosts file to the clipboard.

- Make Hosts read-only/writable toggle <--

- Search - Enter text to be searched for, click Previous or Next.

- Open in Memopad - Opens the Memopad built-in to HostsXpert

- Save Hosts

- Saves the Hosts file from Memopad.

- Save As - Allows you to save the hosts file as a file other than "Hosts".

- Save Hosts Exit Memopad - Saves the Hosts file from Memopad, and returns you to normal view.

- Exit Memopad - Does not save changes.

<@> Salve-a no desktop!

<@> Descompacte-a e execute: HostsXpert.exe

<@> Feche todas as janelas e o navegador!

<@> Clique em "Restores the hosts file to Microsofts original hosts file" --> Ok.

<@> Ps: Essa opção,recuperará ou colocará o Hosts,em seu formato original. ( Microsoft )

<@> Ocorrendo algum erro,em sua execução,clique em Make Writable e repita o procedimento.

<@> Ps: Essa opção,irá sobreescrever o Hosts,auxiliando a padronização.

<@> Finalize/salve essas mudanças,e reinicie o computador!

<><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\fuzxyq.dll

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9520:TCP"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zdtosigo]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zdtosigo]

"ServiceDll"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 1 (0x0)

Firefox::

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll

NetSvc::

"zdtosigo"

Driver::

"zdtosigo"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jefinho_cabral    0

jefinho_cabral
Postado

Bom dia !!! seguem os relatórios atualizados .

 

ComboFix.txt

ComboFix 09-09-18.02 - Administrador 23/09/2009 17:55.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.692 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt

AV: Eset NOD32 sistema antivírus 2.50 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

"c:\windows\system32\fuzxyq.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\fuzxyq.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ZDTOSIGO

-------\Service_zdtosigo

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))

.

 

2009-09-23 05:29 . 2009-09-23 05:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-23 05:28 . 2009-09-23 05:28 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-20 23:08 . 2009-09-20 23:11 -------- d-----w- C:\Lop SD

2009-09-20 22:54 . 2009-09-20 22:56 501736 ----a-w- C:\LopSD.exe

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\windows\system32\xircom

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\windows\system32\wbem\snmp

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\windows\system32\oobe

2009-09-20 22:45 . 2009-09-20 22:45 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-20 22:38 . 2009-09-20 22:38 -------- d-----w- c:\windows\ERUNT

2009-09-20 22:14 . 2009-09-20 22:47 -------- d-----w- C:\SDFix

2009-09-20 22:07 . 2009-09-20 22:12 1529241 ----a-w- C:\SDFix.exe

2009-09-19 21:14 . 2009-09-19 21:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-09-19 21:14 . 2009-09-10 17:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-19 21:13 . 2009-09-19 21:14 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-09-19 21:13 . 2009-09-19 21:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-19 21:13 . 2009-09-10 17:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-17 19:01 . 2009-09-17 19:01 -------- d-----w- c:\arquivos de programas\Sierra

2009-09-17 17:49 . 2009-09-23 05:29 -------- d-----w- C:\backup

2009-09-17 16:55 . 2009-09-17 16:55 -------- d-----w- c:\arquivos de programas\Windows Live

2009-09-17 16:20 . 2005-09-19 19:43 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2009-09-17 16:20 . 2005-09-19 19:43 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-09-17 16:20 . 2005-09-19 19:43 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2009-09-17 16:20 . 2005-09-19 19:43 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2009-09-17 03:35 . 2009-09-17 03:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Stardock

2009-09-17 03:30 . 2009-09-17 03:30 -------- d-----w- c:\windows\system32\wbem\Repository

2009-09-17 03:29 . 2009-09-17 03:29 -------- d-----w- c:\arquivos de programas\Arquivos comuns\WhenU

2009-09-17 03:29 . 2009-09-20 23:55 -------- d-----w- c:\arquivos de programas\DAEMON Tools SearchBar

2009-09-17 03:29 . 2009-09-17 03:29 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\WhenU

2009-09-16 22:27 . 2009-09-16 22:27 -------- d-----w- c:\arquivos de programas\Stardock

2009-09-16 21:28 . 2009-09-17 19:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Trymedia

2009-09-13 17:30 . 2009-09-18 03:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\skypePM

2009-09-13 17:30 . 2009-09-13 17:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-09-13 16:28 . 2009-09-19 19:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-08-31 12:53 . 2009-09-17 03:29 -------- d-----w- c:\arquivos de programas\segurança contra vírus e spam

2009-08-31 12:12 . 2009-09-17 03:29 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-08-31 12:12 . 2009-09-17 03:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Lavasoft

2009-08-31 12:12 . 2009-08-31 12:12 -------- d-----w- c:\arquivos de programas\Lavasoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-23 06:44 . 2006-12-09 02:50 -------- d-----w- c:\arquivos de programas\iGv6

2009-09-20 23:51 . 2008-03-02 16:59 -------- d-----w- c:\arquivos de programas\Oi Internet

2009-09-20 23:43 . 2006-12-05 19:52 -------- d-----w- c:\arquivos de programas\ESET

2009-09-20 22:30 . 2009-06-10 23:18 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-09-17 03:29 . 2007-04-29 21:12 -------- d-----w- c:\arquivos de programas\Windows Live Toolbar

2009-09-17 03:28 . 2009-06-10 02:12 -------- d-----w- c:\arquivos de programas\DAEMON Tools

2009-09-17 03:28 . 2009-06-10 02:12 -------- d-----w- c:\arquivos de programas\GameSpy Arcade

2009-09-12 23:57 . 2006-12-05 19:53 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-07-31 20:41 . 2007-06-10 16:18 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer

2009-07-29 14:15 . 2009-07-29 14:15 -------- d-----w- c:\arquivos de programas\GoMyTEAM

2008-04-05 11:38 . 2009-06-01 05:05 6138047 ----a-w- c:\arquivos de programas\sal_tex_high_01.pssg

2007-02-07 21:21 . 2007-02-07 21:21 567 ----a-w- c:\arquivos de programas\Atalho para CyberLink DVD Solution.lnk

2004-10-01 17:00 . 2006-12-19 22:53 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

2008-12-20 02:17 . 2008-08-30 23:49 67688 ----a-w- c:\arquivos de programas\mozilla firefox\components\jar50.dll

2008-12-20 02:17 . 2008-08-30 23:49 54368 ----a-w- c:\arquivos de programas\mozilla firefox\components\jsd3250.dll

2008-12-20 02:17 . 2008-08-30 23:49 34944 ----a-w- c:\arquivos de programas\mozilla firefox\components\myspell.dll

2008-12-20 02:17 . 2008-08-30 23:49 46712 ----a-w- c:\arquivos de programas\mozilla firefox\components\spellchk.dll

2008-12-20 02:17 . 2008-08-30 23:49 172136 ----a-w- c:\arquivos de programas\mozilla firefox\components\xpinstal.dll

.

 

------- Sigcheck -------

 

[-] 2006-08-25 . 9724ECD4529AF317DD5BD6194EB6428C . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-08-25 . 873E9E5B23D206BE443ABD3CF597C2E8 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\sp2qfe\comctl32.dll

[-] 2006-08-25 . 50141E3C168F02C3920891400CEC9FF4 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\e918df34680aabbbe3d85686dfa8e8f4\sp2qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2006-03-17 . C82BBB7D9814AEFAD9D8EAC835FC73B8 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\f1e95efde9d0fcd98ccb360c7cd7f789\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2005-09-19 . 472BE19EDF1B28DC75FB6DC4B55B3CF6 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2005-08-31 . 70BBD3548F745527E3510442C1544ED7 . 925184 . . [6.0] . . c:\windows\SoftwareDistribution\Download\1a90747611a07d9fa6e0ab88e775c802\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll

[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\a3f50ca82cf30e090a6af182ef0b5931\sp2qfe\tcpip.sys

[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\a3f50ca82cf30e090a6af182ef0b5931\sp2gdr\tcpip.sys

[-] 2005-09-19 . DBC20C4332FE84B826530C49AE09721E . 359936 . . [5.1.2600.2685] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2007-02-19 . 0D23C3095A171FC2097A47935210C4EE . 3077632 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2GDR\mshtml.dll

[-] 2007-02-19 . 06F8E693E5B804EF385516A561D7BE60 . 3084288 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2QFE\mshtml.dll

[-] 2005-09-19 . E2BFA54BF52619F13651D4FCF48EC956 . 3014144 . . [6.00.2900.2722] . . c:\windows\system32\mshtml.dll

 

[-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntoskrnl.exe

[-] 2007-02-28 . 986C40660057A2BAC752ED4F97CF4A10 . 2184576 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntoskrnl.exe

[-] 2005-09-19 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\system32\ntoskrnl.exe

 

[-] 2005-09-19 . A38FDDA0A6FEC3ACAA8511366AACC6A3 . 396288 . . [5.1.2600.2665] . . c:\windows\system32\rpcss.dll

[-] 2005-07-26 . 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B . 397824 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\b8316d1eaff2956cb69c44e409a59efa\sp2gdr\rpcss.dll

[-] 2005-07-26 . 3EBF666347F1BB6AA9F091C36020A78A . 398336 . . [5.1.2600.2726] . . c:\windows\SoftwareDistribution\Download\b8316d1eaff2956cb69c44e409a59efa\sp2qfe\rpcss.dll

 

[-] 2005-09-19 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe

 

[-] 2005-09-19 . F94EBF229DC4A2A74A4CEA0318103FD2 . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll

 

[-] 2007-02-19 . 5925ECE8848E66691E8720CC2B839844 . 667648 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2QFE\wininet.dll

[-] 2007-02-19 . DE2D940C31FB62F7188FB9AB86B47221 . 660992 . . [6.00.2900.3086] . . c:\windows\SoftwareDistribution\Download\2a5577f67060d33b30f4c582ad7b2195\SP2GDR\wininet.dll

[-] 2005-09-19 . CB38F344FAA2CC14A3C6D4E64073F07B . 661504 . . [6.00.2900.2713] . . c:\windows\system32\wininet.dll

 

[-] 2005-09-19 . 07AF0154923DF6DEC6DE9CA0D4B04F8F . 1034240 . . [6.00.2900.2527] . . c:\windows\explorer.exe

 

[-] 2005-09-19 . 9DD429359FE067BA52D00C0DBB9537EE . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

 

[-] 2005-09-19 20:12 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\mspmsnsv.dll

 

[-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2qfe\ntkrnlpa.exe

[-] 2007-02-28 . 1683AF18422F7DE34575EE95BE882AD1 . 2061824 . . [5.1.2600.3093] . . c:\windows\SoftwareDistribution\Download\29b62a154932d48a836bac5b0a286054\sp2gdr\ntkrnlpa.exe

[-] 2005-09-19 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\system32\ntkrnlpa.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysBrand"="c:\arquiv~1\iGv6\sysbrand.exe" [2004-12-08 36864]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

"STYLEXP"="c:\arquivos de programas\TGTSoft\StyleXP\StyleXP.exe" [2005-03-17 1159168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-12 2899968]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-12 46080]

"Discador iG"="c:\arquivos de programas\iGv6\Discador iG.exe" [2005-07-25 1329152]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-12 782336]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Stardock ObjectDock.lnk - c:\arquivos de programas\Stardock\ObjectDock\ObjectDock.exe [2009-9-17 3450608]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Discador Oi Internet.lnk - c:\arquivos de programas\Oi Internet\discaoi.exe [2005-7-21 1349120]

mjavas.exe [2007-6-9 762368]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Documents and Settings\\All Users\\Menu Iniciar\\Programas\\Inicializar\\mjavas.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\MotoGP2\\motogp2.exe"=

"c:\\Arquivos de programas\\Sega\\OutRun2006 Coast 2 Coast\\OR2006C2C.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [8/5/2009 10:08 42112]

S3 padenum;Enumerador de dispositivos de NTPAD;c:\windows\system32\DRIVERS\padenum.sys --> c:\windows\system32\DRIVERS\padenum.sys [?]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;c:\windows\system32\drivers\ntpad.sys --> c:\windows\system32\drivers\ntpad.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-09-23 c:\windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

- c:\arquivos de programas\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 20:39]

.

.

------- Scan Suplementar -------

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.orkut.com/

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &Windows Live Search - c:\arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: imon.dll

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\2ldqol5j.default\

FF - component: c:\arquivos de programas\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava11.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava12.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava13.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava14.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJava32.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\arquivos de programas\Java\jre1.5.0_05\bin\NPOJI610.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-23 17:59

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD\000.fcl"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(576)

c:\windows\system32\imon.dll

 

- - - - - - - > 'explorer.exe'(3716)

c:\arquivos de programas\Stardock\ObjectDock\DockShellHook.dll

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSPTB.DLL

c:\windows\system32\nvwddi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\rundll32.exe

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-09-23 18:02 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-09-23 21:02

ComboFix2.txt 2009-09-21 00:00

 

Pré-execução: 12 pasta(s) 13.642.530.816 bytes disponíveis

Pós execução: 13 pasta(s) 13.632.405.504 bytes disponíveis

 

232

 

HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:03:43, on 23/9/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Oi Internet\discaoi.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe

C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://farejador.ig.com.br/ie/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\iGv6\igshop.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Discador iG] "C:\Arquivos de programas\iGv6\Discador iG.exe" boot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [sysBrand] "C:\ARQUIV~1\iGv6\sysbrand.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: The Matrix_ Path of Neo Registration.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe

O4 - Global Startup: mjavas.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\iGv6\igshop.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Arquivos de programas\Eset\nod32krn.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: StyleXPService - Unknown owner - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe

O24 - Desktop Component 0: (no name) - http://www.omelete.com.br/imagens/cinema/news/tartarugas_ninjas/1p.jpg

 

--

End of file - 7557 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! jefinho_cabral

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

jefinho_cabral    0

jefinho_cabral
Postado

Bom dia segue os relatórios atualizados .

 

OTL logfile created on: 4/10/2009 09:26:35 - Run 2

OTL by OldTimer - Version 3.0.18.2 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1023,23 Mb Total Physical Memory | 572,88 Mb Available Physical Memory | 55,99% Memory free

2,40 Gb Paging File | 2,02 Gb Available in Paging File | 83,90% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 47,66 Gb Free Space | 63,96% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: A8V-MX

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe ()

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\WINDOWS\System32\PnkBstrA.exe ()

PRC - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe ()

PRC - C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

PRC - C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

PRC - C:\Arquivos de programas\iGv6\sysbrand.exe ()

PRC - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe ()

PRC - C:\Arquivos de programas\Oi Internet\discaoi.exe ()

PRC - C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe (Stardock)

PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\iGv6\Discador iG.exe ()

PRC - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)

 

========== Win32 Services (SafeList) ==========

 

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (MDM [Auto | Running]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (NOD32krn [Auto | Stopped]) -- File not found

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\System32\PnkBstrA.exe ()

SRV - (RichVideo [Auto | Running]) -- C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe ()

SRV - (StyleXPService [Auto | Running]) -- C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPService.exe ()

SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

SRV - (usnjsvc [On_Demand | Running]) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (ykcgyr [Auto | Stopped]) -- C:\WINDOWS\System32\fuzxyq.dll ()

 

========== Driver Services (SafeList) ==========

 

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (AmdK8 [system | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (AMON [Auto | Stopped]) -- C:\WINDOWS\System32\drivers\amon.sys (Eset )

DRV - (FETND5BV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )

DRV - (FETNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )

DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)

DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys (Motorola Inc)

DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)

DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (sptd [boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (StyleXPHelper [system | Running]) -- C:\Arquivos de programas\TGTSoft\StyleXP\StyleXPHelper.exe (Windows ® 2000 DDK provider)

DRV - (viamraid [boot | Stopped]) -- C:\WINDOWS\System32\drivers\viamraid.sys (VIA Technologies inc,.ltd)

DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B} [Auto | Running]) -- C:\Arquivos de programas\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.compartilhando.org/

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.compartilhando.org/

 

IE - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

IE - HKU\S-1-5-21-73586283-57989841-725345543-500\S-1-5-21-73586283-57989841-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\ARQUIV~1\Mozilla Firefox\components [2008/12/19 23:17:15 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\ARQUIV~1\Mozilla Firefox\plugins [2009/03/22 00:12:40 | 00,000,000 | ---D | M]

 

[2009/09/27 14:27:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions

[2008/08/02 23:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{0784CD66-62FE-4cef-ABF4-F8ED9B654ACC}

[2008/09/03 07:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}

[2008/08/30 21:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}

[2008/08/30 20:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}

[2009/09/17 00:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)

[2008/08/02 23:30:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}

[2008/08/30 20:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\langpack-pt-BR@firefox.mozilla(2).org

[2008/11/15 20:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\Firefox\Profiles\2ldqol5j.default\extensions\pt-BR@dellalibera.sf.net

[2009/03/21 17:52:36 | 00,002,392 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\2ldqol5j.default\searchplugins\superdownloads.xml

[2009/09/23 00:56:06 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions

[2008/12/19 23:17:09 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2008/09/14 23:24:36 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\mozilla firefox\extensions\talkback@mozilla.org

[2008/12/19 23:17:09 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\jar50.dll

[2008/12/19 23:17:09 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\jsd3250.dll

[2008/12/19 23:17:09 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\myspell.dll

[2008/12/19 23:17:09 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\spellchk.dll

[2008/12/19 23:17:09 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\xpinstal.dll

[2008/12/19 23:17:14 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\mozilla firefox\plugins\npnul32.dll

[2008/03/24 20:21:00 | 02,889,088 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\plugins\NPSWF32.dll

[2008/09/14 23:24:35 | 00,001,038 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2008/09/14 23:24:35 | 00,002,368 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\google.xml

[2008/09/14 23:24:35 | 00,001,145 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2008/09/14 23:24:35 | 00,000,831 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2008/09/14 23:24:35 | 00,000,660 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (&iG) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\Arquivos de programas\iGv6\igshop.dll (Internet Group do Brasil)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (&iG) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\Arquivos de programas\iGv6\igshop.dll (Internet Group do Brasil)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-73586283-57989841-725345543-500\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKU\S-1-5-21-73586283-57989841-725345543-500\..\Toolbar\ShellBrowser: (&iG) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\Arquivos de programas\iGv6\igshop.dll (Internet Group do Brasil)

O3 - HKU\S-1-5-21-73586283-57989841-725345543-500\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-73586283-57989841-725345543-500\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKU\S-1-5-21-73586283-57989841-725345543-500\..\Toolbar\WebBrowser: (&iG) - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\Arquivos de programas\iGv6\igshop.dll (Internet Group do Brasil)

O3 - HKU\S-1-5-21-73586283-57989841-725345543-500\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [Discador iG] C:\Arquivos de programas\iGv6\Discador iG.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RemoteControl] C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKU\S-1-5-21-73586283-57989841-725345543-500..\Run: [sTYLEXP] C:\Arquivos de programas\TGTSoft\StyleXP\StyleXP.exe ()

O4 - HKU\S-1-5-21-73586283-57989841-725345543-500..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-73586283-57989841-725345543-500..\Run: [sysBrand] C:\Arquivos de programas\iGv6\sysbrand.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk = C:\Arquivos de programas\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Administrador\Configurações locais\Temp\{5E3D59E4-80F4-4B7E-88C9-7DF92EB0EE7E}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk = C:\Arquivos de programas\Oi Internet\discaoi.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-73586283-57989841-725345543-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Windows Live Search - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\Arquivos de programas\iGv6\igshop.dll (Internet Group do Brasil)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found

O12 - Plugin for: .spop - C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 () - http://www.omelete.com.br/imagens/cinema/news/tartarugas_ninjas/1p.jpg

O24 - Desktop Components:1 (Minha página inicial atual) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/05 16:52:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{05dbed50-05f1-11de-94bc-001731338152}\Shell - "" = AutoRun

O33 - MountPoints2\{357f7f2a-f220-11dd-948b-001731338152}\Shell - "" = AutoRun

O33 - MountPoints2\{ec39e98a-a512-11de-95d4-001731338152}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[12 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2009/09/19 18:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2009/09/23 02:29:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2009/09/13 13:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

[2009/09/16 18:28:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia

[2009/09/19 18:14:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

[2009/09/13 14:30:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM

[2009/09/17 00:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\WhenU

[2009/09/20 19:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\WinRAR

[2009/09/17 00:36:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Stardock

[2009/09/17 00:35:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Stardock

[2009/09/17 00:29:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\WhenU

[2009/09/17 00:29:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DAEMON Tools SearchBar

[2009/09/19 18:13:59 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2009/09/23 02:28:20 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger Plus! Live

[2009/09/20 19:45:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\microsoft frontpage

[2009/09/17 16:01:11 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sierra

[2009/09/16 19:27:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Stardock

[2009/09/17 13:55:21 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live

[2009/09/20 19:45:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\xerox

[2009/10/04 09:14:06 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2009/09/24 12:54:06 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/09/23 18:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/09/23 01:13:38 | 00,356,352 | ---- | C] (funkytoad.com) -- C:\Documents and Settings\Administrador\Desktop\HostsXpert.exe

[2009/09/23 01:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\HostsXpert

[2009/09/20 20:44:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/09/20 20:08:07 | 00,000,000 | ---D | C] -- C:\Lop SD

[2009/09/20 19:45:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2009/09/20 19:45:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe

[2009/09/20 19:38:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/09/19 18:14:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/09/19 18:13:59 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/09/19 17:19:24 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup.exe

[2009/09/17 14:58:44 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

[2009/09/17 14:49:21 | 00,000,000 | ---D | C] -- C:\backup

[2009/09/17 13:20:50 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys

[2009/09/17 13:20:44 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll

[2009/09/17 13:20:41 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys

[2009/09/17 13:20:23 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys

[2009/09/16 19:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Stardock

[2009/09/06 16:44:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\Updater

 

========== Files - Modified Within 30 Days ==========

 

[12 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2009/10/04 09:15:49 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2009/10/04 09:13:00 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job

[2009/10/04 09:00:28 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/10/04 08:44:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2009/10/04 08:44:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2009/10/04 08:27:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/04 08:27:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/03 21:42:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2009/10/03 21:42:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2009/10/02 18:26:42 | 04,292,168 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2009/09/30 00:48:54 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\prova enem.bmp

[2009/09/28 19:43:37 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/27 13:37:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2009/09/27 13:37:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009/09/27 09:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/09/27 09:01:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/09/27 07:58:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2009/09/27 07:58:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/09/24 22:50:54 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/09/24 22:00:05 | 00,000,292 | -H-- | M] () -- C:\sqmdata07.sqm

[2009/09/24 22:00:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/09/23 17:59:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/09/23 17:59:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2009/09/23 17:59:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/23 14:24:50 | 00,000,208 | -H-- | M] () -- C:\sqmdata06.sqm

[2009/09/23 14:24:50 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/09/23 13:05:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/09/23 13:05:42 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/09/23 13:05:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/09/23 13:05:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/09/23 13:05:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2009/09/23 13:05:41 | 00,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/09/23 03:52:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2009/09/23 03:52:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/09/23 03:52:01 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2009/09/23 03:52:01 | 00,000,172 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/09/23 03:52:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2009/09/23 03:52:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2009/09/23 03:49:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2009/09/23 03:49:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2009/09/23 03:49:43 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2009/09/23 03:49:43 | 00,000,172 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/09/23 03:31:54 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2009/09/23 03:31:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2009/09/23 02:29:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2009/09/23 02:29:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2009/09/23 01:30:24 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem5.bmp

[2009/09/23 01:28:22 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem4.bmp

[2009/09/23 01:23:48 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem3.bmp

[2009/09/23 01:21:35 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem2.bmp

[2009/09/23 01:20:01 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem.bmp

[2009/09/23 01:13:49 | 00,019,892 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\HOSTSXPERT.EXE-03625C8C.pf

[2009/09/23 00:38:58 | 00,000,304 | -H-- | M] () -- C:\sqmdata15.sqm

[2009/09/23 00:38:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2009/09/23 00:25:19 | 00,000,304 | -H-- | M] () -- C:\sqmdata14.sqm

[2009/09/23 00:25:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2009/09/22 00:30:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2009/09/22 00:30:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/09/20 22:51:46 | 00,171,008 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/20 19:56:17 | 00,501,736 | ---- | M] () -- C:\LopSD.exe

[2009/09/20 19:12:04 | 01,529,241 | ---- | M] () -- C:\SDFix.exe

[2009/09/19 18:14:03 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/19 17:33:47 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrador\Desktop\mbam-setup.exe

[2009/09/17 14:58:40 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

[2009/09/17 13:55:24 | 00,001,865 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Windows Live Messenger .lnk

[2009/09/17 00:36:11 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

[2009/09/14 22:03:19 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\ORAÇAMENTO DA OBRA.xls

[2009/09/13 14:30:42 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/09/12 00:14:41 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\agenda telefônica.xls

[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/09/06 18:02:54 | 00,139,063 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ojj

 

========== Files - No Company Name ==========

[2009/09/30 00:48:54 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\prova enem.bmp

[2009/09/23 01:30:24 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem5.bmp

[2009/09/23 01:28:21 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem4.bmp

[2009/09/23 01:23:47 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem3.bmp

[2009/09/23 01:21:34 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem2.bmp

[2009/09/23 01:20:00 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\imagem.bmp

[2009/09/23 01:13:49 | 00,019,892 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\HOSTSXPERT.EXE-03625C8C.pf

[2009/09/20 19:54:56 | 00,501,736 | ---- | C] () -- C:\LopSD.exe

[2009/09/20 19:07:22 | 01,529,241 | ---- | C] () -- C:\SDFix.exe

[2009/09/19 18:14:03 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/09/18 00:57:42 | 00,001,865 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Windows Live Messenger .lnk

[2009/09/17 00:36:11 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

[2009/09/13 14:30:42 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/06/01 02:05:52 | 06,138,047 | ---- | C] () -- C:\Arquivos de programas\sal_tex_high_01.pssg

[2008/04/17 00:36:22 | 00,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/04/17 00:36:07 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

[2008/01/21 20:47:18 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2007/07/15 14:34:35 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ntpadcpl.dll

[2007/04/28 00:46:28 | 00,000,076 | -H-- | C] () -- C:\Arquivos de programas\Desktop.ini

[2007/02/27 18:52:22 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2007/02/07 18:23:53 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2007/02/07 18:21:25 | 00,000,567 | ---- | C] () -- C:\Arquivos de programas\Atalho para CyberLink DVD Solution.lnk

[2006/12/19 20:25:01 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006/12/19 19:53:22 | 00,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe

[2006/12/06 13:02:17 | 00,171,008 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/06 11:49:23 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/12/05 17:34:59 | 00,065,472 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2006/12/05 17:24:55 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2006/12/05 17:24:33 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/12/05 17:22:42 | 00,013,658 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/12/05 17:22:37 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006/12/05 17:09:43 | 04,292,168 | -H-- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2006/12/05 16:56:05 | 00,000,086 | -HS- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini

[2006/12/05 16:53:15 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll

[2006/12/05 16:53:11 | 00,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2006/12/05 16:53:11 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2006/12/05 16:53:11 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll

[2006/12/05 16:53:10 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006/12/05 16:53:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006/12/05 16:53:09 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2006/12/05 16:53:09 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2006/12/05 16:53:09 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006/12/05 14:33:45 | 00,000,086 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

[2006/12/05 14:30:02 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006/04/11 23:39:06 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/04/11 23:39:04 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2004/08/04 00:45:24 | 00,171,376 | RHS- | C] () -- C:\WINDOWS\System32\fuzxyq.dll

[2004/08/04 00:45:24 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2003/04/07 10:30:02 | 00,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/10/28 14:07:38 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini

[2001/10/28 14:07:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:466F9D5D

< End of report >

 

 

OTL Extras logfile created on: 4/10/2009 09:26:35 - Run 2

OTL by OldTimer - Version 3.0.18.2 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1023,23 Mb Total Physical Memory | 572,88 Mb Available Physical Memory | 55,99% Memory free

2,40 Gb Paging File | 2,02 Gb Available in Paging File | 83,90% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 47,66 Gb Free Space | 63,96% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: A8V-MX

Current User Name: Administrador

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"9520:TCP" = 9520:TCP:*:Enabled:afvckcdw

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe" = C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe" = C:\Arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)

"C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe" = C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\mjavas.exe:*:Enabled:alicdjja -- (Microsoft Corporation)

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\Arquivos de programas\MotoGP2\motogp2.exe" = C:\Arquivos de programas\MotoGP2\motogp2.exe:*:Enabled:motogp2 -- File not found

"C:\Arquivos de programas\Sega\OutRun2006 Coast 2 Coast\OR2006C2C.EXE" = C:\Arquivos de programas\Sega\OutRun2006 Coast 2 Coast\OR2006C2C.EXE:*:Enabled:OR2006C2C -- File not found

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" = C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe" = C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Portable Photoshop CS2

"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant

"{4BB781A4-0C2B-4BA6-96C2-90FB81A7F28C}" = MyJAL MediaPAL

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{5546F2F4-236B-4E96-8D5C-7447BBC3C0B0}" = LS-USBMX 1/2/3 Steering Wheel W/Vibration

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{7299E7F8-6921-4588-9A83-9BB7B867706F}" = MAX-FX Tools

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8

"{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{DC25DEB3-630B-4357-B549-E4894FC324C8}" = Windows Live Toolbar

"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Acrobat 4.0" = Adobe Acrobat 4.0

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"Barra iG" = Barra do iG

"BSPlayer1" = BSplayer

"BSPlayerf" = BS.Player FREE powered by AdVantage

"Discador iG v8.00" = Discador iG v8.00

"Discador Oi Internet" = Discador Oi Internet 1.1

"DVD Decrypter" = DVD Decrypter (Remove Only)

"FLV Player" = FLV Player 2.0 (build 25)

"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16

"GameSpy Arcade" = GameSpy Arcade

"HijackThis" = HijackThis 2.0.2

"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.38

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)

"Nero - Burning Rom!UninstallKey" = Nero OEM

"NVIDIA Display Driver" = NVIDIA Display Driver

"NVIDIA Drivers" = NVIDIA Drivers

"ObjectDock" = ObjectDock

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"StyleXP" = StyleXP (remove only)

"SWAT 4" = SWAT 4

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WhenUSearch" = DAEMON Tools SearchBar

"Windows Live Toolbar" = Windows Live Toolbar

"WinRAR archiver" = Arquivo do WinRAR

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 17/9/2009 13:23:02 | Computer Name = A8V-MX | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 17/9/2009 13:23:02 | Computer Name = A8V-MX | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 17/9/2009 13:23:02 | Computer Name = A8V-MX | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

Error - 17/9/2009 13:23:02 | Computer Name = A8V-MX | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 17/9/2009 13:23:02 | Computer Name = A8V-MX | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

Error - 21/9/2009 21:18:55 | Computer Name = A8V-MX | Source = Application Error | ID = 1000

Description = Aplicativo com falha flvplayer.exe, versão 0.0.0.0, módulo com falha

ntdll.dll, versão 5.1.2600.2180, endereço com falha 0x00001010.

 

Error - 21/9/2009 23:20:54 | Computer Name = A8V-MX | Source = Application Error | ID = 1000

Description = Aplicativo com falha discador ig.exe, versão 0.0.0.0, módulo com falha

kernel32.dll, versão 5.1.2600.2180, endereço com falha 0x0001eb33.

 

Error - 21/9/2009 23:32:36 | Computer Name = A8V-MX | Source = Application Error | ID = 1000

Description = Aplicativo com falha discador ig.exe, versão 0.0.0.0, módulo com falha

kernel32.dll, versão 5.1.2600.2180, endereço com falha 0x0001eb33.

 

Error - 22/9/2009 23:21:50 | Computer Name = A8V-MX | Source = Application Error | ID = 1000

Description = Aplicativo com falha discador ig.exe, versão 0.0.0.0, módulo com falha

kernel32.dll, versão 5.1.2600.2180, endereço com falha 0x0001eb33.

 

Error - 22/9/2009 23:40:07 | Computer Name = A8V-MX | Source = Application Error | ID = 1000

Description = Aplicativo com falha discador ig.exe, versão 0.0.0.0, módulo com falha

unknown, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 3/10/2009 20:29:38 | Computer Name = A8V-MX | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço AMON devido ao seguinte erro: %%2

 

Error - 3/10/2009 20:29:38 | Computer Name = A8V-MX | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço NOD32 Kernel Service devido ao

seguinte erro: %%2

 

Error - 3/10/2009 20:29:38 | Computer Name = A8V-MX | Source = Service Control Manager | ID = 7023

Description = O serviço Task Update terminou com o erro: %%1114

 

Error - 3/10/2009 20:47:55 | Computer Name = A8V-MX | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço BITS com argumentos

"" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 3/10/2009 20:48:15 | Computer Name = A8V-MX | Source = Schannel | ID = 36881

Description = O certificado recebido do servidor remoto expirou. Houve falha na

solicitação de conexão SSL. Os dados anexados contêm o certificado do servidor.

 

Error - 4/10/2009 07:28:05 | Computer Name = A8V-MX | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço AMON devido ao seguinte erro: %%2

 

Error - 4/10/2009 07:28:05 | Computer Name = A8V-MX | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço NOD32 Kernel Service devido ao

seguinte erro: %%2

 

Error - 4/10/2009 07:28:05 | Computer Name = A8V-MX | Source = Service Control Manager | ID = 7023

Description = O serviço Task Update terminou com o erro: %%1114

 

Error - 4/10/2009 07:44:58 | Computer Name = A8V-MX | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço BITS com argumentos

"" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 4/10/2009 08:00:45 | Computer Name = A8V-MX | Source = Schannel | ID = 36881

Description = O certificado recebido do servidor remoto expirou. Houve falha na

solicitação de conexão SSL. Os dados anexados contêm o certificado do servidor.

 

 

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! jefinho_cabral

 

<@> Baixe: < BankerFix 3.1 >

<@> Salve-o no Disco Local-C!

<@> Desabilite,temporariamente,o seu anti-vírus.

<@> Dê um duplo-clique sobre o bankerfix.exe.

<@> Ps: Execute o bankerfix.exe,apenas uma vez!Evitando,com isso,a sobrescrição de seu relatório.

<@> A janela do BankerFix 3.1,abrir-se-á com a seguinte pergunta: "Instalar o Bankerfix 3.1?" <-- Traduzido!

<@> Clique em Sim!

<@> Uma janela informando que o BankerFix 3.0 será baixado,via internet,abrir-se-á.

<@> Clique OK. <-- Aguarde!

<@> Na próxima janela,clique em OK.

<@> O BankerFix 3.1 será iniciado!

<@> Pressione qualquer tecla,para dar continuidade ao processo. <-- Aguarde!

<@> Terminado o scan,leia a mensagem na tela e aperte Enter.

<@> Habilite o seu anti-vírus.

<@> Retorne com o relatório,do BankerFix,que estará em: C:\LinhaDefensiva\relatorio.txt <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito