[Resolvido!] possível vírus

[.matiello 0]

bom sempre que eu ligo o pc e deixo um pouco sem uso surgi um programa estranho de nome C:\Windows\Sysvxd.exe

fiquei assustado, não sei se poderia ser um virus ou algo do gênero.

por favor me ajudem

[DigRam 144]

bom sempre que eu ligo o pc e deixo um pouco sem uso surgi um programa estranho de nome C:\Windows\Sysvxd.exe

fiquei assustado, não sei se poderia ser um virus ou algo do gênero.

por favor me ajudem

<><><><><><><><><>

Opa! .matiello

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

Abraços!

[.matiello 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:04:39, on 12/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\drivers\svchost.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O20 - AppInit_DLLs:

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: ESET Service (ekrn) - ESET - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 13600 bytes

[DigRam 144]

Boa Tarde! .matiello

 

<@> Baixe: < > ( ...by andymanchesta )

<@> Salve-o no Disco Local-C e,descompacte-o aí mesmo.

<@> Reinicie o computador em Modo de Segurança. <-- Link!

<@> Dê um duplo clique em: < runThis.bat >

 

<!> Caso uma janela abra e feche,repentinamente!

<!> Vá em Iniciar --> Executar --> Digite ou cole: %systemdrive%\SDFix\apps\FixPath.exe /Q --> OK!

<!> Reinicie o computador e execute,novamente,o SDFix.

<!> Caso não funcione,verifique a variável %comspec%.

<!> Clique direito do mouse,em Meu Computador --> Propriedades --> Avançadas.

<!> Em Variáveis do Ambiente,verifique se a variável ComSpec,tem o seguinte valor para o cmd.exe:

 

<!> Valor: %SystemRoot%\system32\cmd.exe

<@> Aperte o Y.

<@> Aguarde a conclusão!

<@> Terminando,aperte Enter. ( Ou,qualquer tecla!)

<@> O computador será reiniciado!

<@> Aguarde,ainda,a conclusão da limpeza.

<><><><><><><><><><><>

<@> Poste os relatórios: Report.txt + HijackThis,atualizado.

 

Abraços!

[.matiello 0]

SDFix: Version 1.240

Run by Marcus on 12/10/2009 at 16:55

 

Microsoft Windows XP [versÆo 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\E.BAT - Deleted

C:\WINDOWS\Z.EXE - Deleted

C:\WINDOWS\system32\drivers\svchost.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-12 17:09:50

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:c7,60,71,90,8e,31,21,f5,07,1a,79,9e,eb,c3,6d,bf,de,8a,64,77,58,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,61,f6,fc,ac,4f,19,ee,cd,89,d8,03,d8,7f,ea,00,4a,e7,..

"khjeh"=hex:4f,8c,ee,29,95,e8,f0,7e,68,ff,c4,cf,22,50,2a,cf,86,ea,9e,43,b1,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9b,bc,cc,37,1e,57,bf,3f,76,7d,9b,cb,f1,16,97,e8,7b,3d,ff,ef,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:c7,60,71,90,8e,31,21,f5,07,1a,79,9e,eb,c3,6d,bf,de,8a,64,77,58,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,61,f6,fc,ac,4f,19,ee,cd,89,d8,03,d8,7f,ea,00,4a,e7,..

"khjeh"=hex:4f,8c,ee,29,95,e8,f0,7e,68,ff,c4,cf,22,50,2a,cf,86,ea,9e,43,b1,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9b,bc,cc,37,1e,57,bf,3f,76,7d,9b,cb,f1,16,97,e8,7b,3d,ff,ef,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:c7,60,71,90,8e,31,21,f5,07,1a,79,9e,eb,c3,6d,bf,de,8a,64,77,58,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,61,f6,fc,ac,4f,19,ee,cd,89,d8,03,d8,7f,ea,00,4a,e7,..

"khjeh"=hex:4f,8c,ee,29,95,e8,f0,7e,68,ff,c4,cf,22,50,2a,cf,86,ea,9e,43,b1,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9b,bc,cc,37,1e,57,bf,3f,76,7d,9b,cb,f1,16,97,e8,7b,3d,ff,ef,8a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Arquivos de programas\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:c7,60,71,90,8e,31,21,f5,07,1a,79,9e,eb,c3,6d,bf,de,8a,64,77,58,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,61,f6,fc,ac,4f,19,ee,cd,89,d8,03,d8,7f,ea,00,4a,e7,..

"khjeh"=hex:4f,8c,ee,29,95,e8,f0,7e,68,ff,c4,cf,22,50,2a,cf,86,ea,9e,43,b1,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9b,bc,cc,37,1e,57,bf,3f,76,7d,9b,cb,f1,16,97,e8,7b,3d,ff,ef,8a,..

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Arquivos de programas\\Microsoft Offwice\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Console de gerenciamento Microsoft"

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"="C:\\Arquivos de programas\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"="C:\\Arquivos de programas\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"="C:\\Arquivos de programas\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"

"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Arquivos de programas\\AVG\\AVGLS\\avgupd.exe"="C:\\Arquivos de programas\\AVG\\AVGLS\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Arquivos de programas\\AVG\\AVGLS\\avgnsx.exe"="C:\\Arquivos de programas\\AVG\\AVGLS\\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"="C:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"="C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"

"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 28 Jul 2009 1,548,120 A..H. --- "C:\Arquivos de programas\Spybot - Search & Destroy\advcheck.dll"

Sun 22 Mar 2009 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 7 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:15:16, on 12/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O20 - AppInit_DLLs:

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: ESET Service (ekrn) - ESET - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 13816 bytes

[DigRam 144]

Bom Dia! .matiello

 

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

 

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[.matiello 0]

ComboFix 09-10-12.03 - Marcus 13/10/2009 11:24.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1564 [GMT -3:00]

Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe

* Criado um novo ponto de restauração

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbhelper.dll

c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon

c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon\eBayShortcuts.exe

c:\documents and settings\Marcus\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\clofghls.dll

c:\windows\Installer\210bf.msi

c:\windows\Installer\225ca0.msi

c:\windows\Installer\3bffd1.msi

c:\windows\Installer\3e86c6.msp

c:\windows\Installer\ab9167.msi

c:\windows\Installer\c1307.msi

c:\windows\system32\HookApi.dll

c:\windows\system32\upd

c:\windows\system32\xa.tmp

c:\windows\Sysvxd.exe

c:\windows\winhelp.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))

.

 

2009-10-12 19:54 . 2009-10-12 19:54 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-10-12 19:52 . 2009-10-12 19:52 -------- d-----w- c:\windows\ERUNT

2009-10-12 19:41 . 2009-10-12 20:12 -------- d-----w- C:\SDFix

2009-10-12 19:38 . 2009-10-12 19:40 1529241 ----a-w- C:\SDFix.exe

2009-10-12 15:24 . 2009-10-12 20:15 -------- d-----w- C:\Hijack

2009-10-11 17:46 . 2009-10-11 17:46 482 ----a-w- C:\cc_20091011_144628.reg

2009-10-11 15:31 . 2009-10-11 15:31 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-10-09 22:56 . 2009-10-09 22:56 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2009-10-06 20:05 . 2009-10-06 20:05 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Xfire

2009-10-06 19:57 . 2009-10-06 20:13 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-10-06 19:24 . 2009-10-06 19:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-10-06 19:24 . 2009-10-06 19:51 -------- d-----w- c:\arquivos de programas\DAP

2009-10-06 19:24 . 2009-10-06 19:24 -------- d-----w- c:\arquivos de programas\SpeedBit Video Downloader

2009-10-06 16:14 . 2009-10-11 20:26 -------- d-----w- C:\downloads

2009-10-06 16:14 . 2009-10-06 16:14 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\GrabPro

2009-10-06 16:14 . 2009-10-13 14:04 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Orbit

2009-09-29 20:27 . 2009-10-08 03:01 353840 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-09-29 20:20 . 2009-10-09 23:11 -------- d-----w- c:\arquivos de programas\COMODO

2009-09-29 19:01 . 2009-09-29 19:01 -------- d-----w- C:\ijji

2009-09-29 14:30 . 2009-09-29 14:30 -------- d-----w- c:\arquivos de programas\Vstplugins

2009-09-29 14:29 . 2009-09-29 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-09-29 14:29 . 2009-09-29 14:34 -------- d-----w- c:\arquivos de programas\Sony

2009-09-29 03:43 . 2009-09-29 03:43 -------- d-----w- c:\arquivos de programas\Your Freedom

2009-09-29 03:13 . 2009-09-29 03:13 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-09-27 20:29 . 2009-10-07 23:25 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\DMCache

2009-09-25 14:51 . 2009-09-29 03:45 -------- d-----w- c:\arquivos de programas\ijji

2009-09-22 02:56 . 2009-09-22 02:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-22 01:36 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Circe Developement

2009-09-22 01:36 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-22 00:39 . 2002-01-05 16:40 487424 ----a-w- c:\windows\system32\MSVCP70.DLL

2009-09-22 00:39 . 2009-09-22 01:10 -------- d-----w- c:\arquivos de programas\FASoft

2009-09-22 00:39 . 2009-09-22 00:39 -------- d-----w- c:\documents and settings\Marcus\WINDOWS

2009-09-22 00:39 . 2009-09-22 01:10 -------- d-----w- c:\windows\ntrcktmp

2009-09-21 23:49 . 2004-03-29 19:23 90112 ----a-w- c:\windows\unvise32.exe

2009-09-21 23:47 . 2009-09-21 23:49 -------- d-----w- c:\arquivos de programas\Magic Bullet Editors 2.0 Vegas

2009-09-21 23:40 . 2009-09-21 23:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\eSellerate

2009-09-21 23:40 . 2009-09-22 02:32 -------- d-----w- c:\arquivos de programas\NewBlue

2009-09-21 23:39 . 2009-09-21 23:39 -------- d-----w- c:\arquivos de programas\Sonic Foundry

2009-09-21 23:30 . 2009-09-29 14:28 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-09-21 22:41 . 2009-09-21 22:41 -------- d-----w- C:\movies

2009-09-21 22:41 . 2009-09-21 22:41 -------- d-----w- c:\arquivos de programas\Power Video Converter

2009-09-20 21:30 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-20 21:30 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-20 21:30 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-20 21:30 . 2009-09-20 21:30 -------- d-----w- c:\arquivos de programas\Avira

2009-09-20 15:13 . 2009-09-29 03:37 -------- d-----w- c:\arquivos de programas\NitroPC

2009-09-20 02:43 . 2009-09-20 02:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-20 02:42 . 2009-09-20 21:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-19 22:10 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-17 01:49 . 2009-09-20 14:56 -------- d-----w- c:\arquivos de programas\Pinnacle

2009-09-17 01:48 . 2009-09-17 01:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle

2009-09-16 21:38 . 2009-09-16 21:38 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Publish Providers

2009-09-16 21:38 . 2009-09-18 00:36 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Sony

2009-09-16 21:26 . 2009-10-06 14:48 -------- d-----w- C:\Fraps

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-13 14:28 . 2009-05-08 13:41 24824608 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-10-13 14:28 . 2009-05-08 13:41 1689888 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-10-13 05:14 . 2009-05-08 13:41 159044 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-10-13 05:14 . 2009-05-08 13:41 332420 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-10-12 15:21 . 2008-11-15 14:03 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent

2009-10-12 07:59 . 2009-09-12 16:14 -------- d-----w- c:\arquivos de programas\MegaJogos

2009-10-10 15:29 . 2009-09-02 01:16 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-10-06 19:44 . 2009-09-02 12:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-04 23:44 . 2009-04-13 01:55 -------- d-----w- c:\arquivos de programas\Crawler

2009-09-30 02:41 . 2009-07-14 18:22 -------- d-----w- c:\arquivos de programas\TeamViewer

2009-09-29 22:50 . 2009-09-01 01:09 -------- d-----w- c:\arquivos de programas\eWar 3.1

2009-09-29 20:20 . 2009-08-19 01:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-29 20:20 . 2009-08-19 01:57 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-29 19:01 . 2007-05-21 22:37 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-09-29 03:41 . 2009-01-03 20:21 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-09-22 20:18 . 2008-11-24 20:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-09-20 14:58 . 2009-09-02 15:00 -------- d-----w- c:\arquivos de programas\IObit

2009-09-17 02:03 . 2009-02-20 16:26 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\DivX

2009-09-17 01:40 . 2009-09-05 22:51 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\GlarySoft

2009-09-13 19:10 . 2009-03-31 00:39 -------- d-----w- c:\arquivos de programas\PokerStars

2009-09-12 23:46 . 2009-09-02 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-09-10 14:22 . 2009-08-13 02:12 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-09-09 23:12 . 2007-05-23 22:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-09-05 22:48 . 2009-09-05 22:48 -------- d-----w- c:\arquivos de programas\Glary Utilities

2009-09-05 22:40 . 2009-04-23 21:09 -------- d-----w- c:\arquivos de programas\CachemanXP

2009-09-04 21:00 . 2009-09-04 21:00 916430 ----a-w- c:\arquivos de programas\Apr2006_MDX1_x86.cab

2009-09-04 00:58 . 2004-08-04 12:00 79832 ----a-w- c:\windows\system32\perfc016.dat

2009-09-04 00:58 . 2004-08-04 12:00 470730 ----a-w- c:\windows\system32\perfh016.dat

2009-09-02 20:48 . 2007-05-21 22:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-02 20:43 . 2009-09-02 15:00 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\IObit

2009-09-02 20:38 . 2009-08-12 23:57 -------- d-----w- c:\arquivos de programas\softendo.com

2009-09-02 02:46 . 2009-09-02 02:46 253576 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-02 02:46 . 2009-09-02 02:46 108296 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-02 02:46 . 2009-09-02 02:46 -------- d-----w- c:\arquivos de programas\AVG

2009-09-02 02:46 . 2009-09-02 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8ls

2009-09-02 02:29 . 2009-09-02 02:29 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\AVG8

2009-09-01 02:37 . 2004-08-04 07:45 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-09-01 01:19 . 2009-09-01 01:19 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-01 01:19 . 2008-03-08 17:38 -------- d-----w- c:\arquivos de programas\Java

2009-08-30 19:04 . 2009-08-30 00:21 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-08-30 00:20 . 2009-02-19 16:27 -------- d-----w- c:\arquivos de programas\DivX

2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-08-15 02:13 . 2009-08-15 02:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-08-15 02:13 . 2009-08-15 02:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-08-15 01:08 . 2009-04-18 15:48 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-08-15 00:59 . 2007-06-02 01:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-08-14 21:52 . 2009-08-14 21:38 -------- d-----w- c:\arquivos de programas\Aqua Dock

2009-08-06 22:24 . 2007-05-21 21:10 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 22:24 . 2007-05-21 21:10 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 22:24 . 2007-05-21 21:10 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 22:24 . 2005-05-26 07:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 22:24 . 2007-05-21 21:10 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 22:24 . 2004-08-04 07:45 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 22:23 . 2007-05-21 21:10 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 22:23 . 2007-06-19 23:42 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 22:23 . 2007-06-19 23:42 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 22:23 . 2007-05-21 21:10 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:00 . 2004-08-04 07:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2004-08-04 07:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 18:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-17 19:03 . 2004-08-04 07:45 58880 ----a-w- c:\windows\system32\atl.dll

2008-08-12 00:07 . 2008-07-17 22:49 29806 ----a-w- c:\arquivos de programas\megacubo_log.log

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\14520071\comctl32.dll

[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\10355011\comctl32.dll

[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2006-08-25 . 873E9E5B23D206BE443ABD3CF597C2E8 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . 50141E3C168F02C3920891400CEC9FF4 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\65836\comctl32.dll

[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

[-] 2009-07-19 . C8EB873A9B0B6F8C997C83A895F2C05D . 6211072 . . [8.00.6001.18812] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\system32\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll

[7] 2009-04-29 . 02E979A0AF1154B662197CE4A7C55B7D . 3596288 . . [7.00.6000.16850] . . c:\windows\ie8\mshtml.dll

[7] 2009-04-29 . 504CDF33912AC30894CD4212C8502144 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll

[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll

[7] 2009-02-21 . DB7EF9A37E690CDA63021C7B4BA10EA7 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll

[7] 2009-02-20 . A3C5332ACB981726FA37912569FEB074 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll

[7] 2009-01-17 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll

[7] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[7] 2008-12-13 . A294B659329C4007D75FF675A8A3A94F . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[7] 2008-12-13 . 4C2F6BAFA9236FA50620CC3E6DDF3BAD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[7] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll

[7] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[7] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll

[7] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

[7] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll

[7] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll

[7] 2008-04-24 . 64F482EA4F26168A96D74F74096ECEE8 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll

[7] 2008-04-23 . 20FB3AC0FEF99E7444DBAD5705870887 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll

[7] 2008-03-01 . A6C43E554C7E1C584C57410F87FF6FAD . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll

[7] 2008-03-01 . 0571E353495276FEA10816EB2065BDB0 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[7] 2007-12-08 . A565094D7133D110305531AA9E0C0FB5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll

[7] 2007-12-07 . BBAC7C10FC8CFF2F890873F69BE2498F . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll

[7] 2007-10-30 . FFDA226726452AD71D5CE5810CB7DB30 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll

[7] 2007-10-30 . 0494C9577CC5EA957A9E7AF281408D72 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll

[7] 2007-08-20 . B1189C0EFD72099D8DBFA4EF3EFA3D3B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll

[7] 2007-08-20 . E52992A6BCD0A242DAFBE8E5E36E823D . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll

[7] 2007-07-19 . 77A7A597604BC7B912473F226CE97E23 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll

[7] 2007-07-18 . 7C518776841AC612362EA21696B3D55E . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll

[7] 2007-05-08 . 76B02F0C1FFD986869A9F689052EF685 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll

[7] 2007-05-08 . FF09B59560FB2DBB479D9C2E6D4D0C3B . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll

[7] 2007-03-07 . 1FF8173A05C80696AB31E8C4968E5361 . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll

[7] 2007-03-07 . 2F388F8112E8F634CCB4EFAD496CF4D4 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll

[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll

[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll

 

[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . 023A1B1C004483AEEB4209239524DCC5 . 2149376 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 . 7AACD829F2A9BB4DACE70CBFC6046934 . 2140160 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2005-03-02 . 7C9E84463BF6228660898395851464E0 . 2139648 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

 

[-] 2009-10-12 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . F86D3E5C8FE13297E1C2D662F9E2D59D . 578560 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . B5782EE6EAFE3C218236F79F1A27B747 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . 7FFBCF1B94E6929DEECE06670C2407D6 . 577536 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

 

[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\system32\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\system32\dllcache\wininet.dll

[7] 2009-04-29 . 655C1AB1542F5FCBF81E35FAEA9C98C4 . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll

[7] 2009-04-29 . 970E417EDDEFA88E68C47B3B854BDC2E . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll

[7] 2009-03-03 . 5E06773367C4F7D07F7E088DE4155795 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-03-03 . ED9B2E986B3F2EC048B1930FFCC3D7D4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll

[7] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[7] 2008-04-23 . DD01BDE9CA09B53C50F67E932181CB7E . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-04-23 . 7282F35CBA5770795325F4B55E992F8F . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[7] 2008-03-01 . 85B2CDB953E8D6956FB17B4B5FBECA60 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll

[7] 2008-03-01 . B7D78DDC9BDB7CE9E70CB97A142B160C . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[7] 2007-12-07 . 769CE05CB67B19196E47CE6AA9246243 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll

[7] 2007-12-07 . 6EDAE22E39820D235D43C53D1D7AF6FD . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

[7] 2007-10-10 . 72B0921B0146DAF6D45D497EAEB45AB0 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll

[7] 2007-10-10 . 7BD056001A1794AE58AC1E6A431E0ED9 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

[7] 2007-08-20 . 1C9109F9368EED632396829CE13A040F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll

[7] 2007-08-20 . 661B708F131BD39979A7C53ECAC7885E . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

[7] 2007-06-27 . 4508CBB1CBBC15975BEE6E74246FD26A . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

[7] 2007-06-27 . 55D5B4C2DD719F9A4E02D8CC2180F8ED . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll

[7] 2007-04-25 . 1E01E09DBF1B60188B83F1C56C81760D . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

[7] 2007-04-25 . C686B52A7601C49DB96D562B5E981FEB . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll

[7] 2007-03-07 . 82274E0B5210EC9D4A1B2E395AA593E3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll

[7] 2007-03-07 . A397B8BD7F2BF08ACCD0C5D4A6157B70 . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll

[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll

 

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

 

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . DCCBF18E94D651393A3FFA060F88E0A0 . 1035264 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

 

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

 

[7] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 616D6CD2B6AD2B022234C4A524DB3E46 . 2028032 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 . 1F433C0F544A74459F035B71121A4569 . 2019840 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2005-03-02 . 98C8C29BB2BD2427819674062604668C . 2019328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]

2009-10-06 19:24 2655736 ----a-w- c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 12:56 1090816 ----a-w- c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ProxyCap"="c:\arquiv~1\PROXYL~1\ProxyCap\ProxyCap.exe" [2009-04-18 282624]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-01 149280]

"ipTray.exe"="c:\arquivos de programas\Intel\IDU\iptray.exe" [2006-12-28 2242328]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]

"NiwradSoft Welcome"="c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe" [2009-07-23 264913]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVGLS\avgtray.exe" [2009-09-02 1950488]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-05-26 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

NCProTray.lnk - c:\arquivos de programas\SEC\Natural Color Pro\NCProTray.exe [2007-9-30 49220]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-10-11 1719568]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\AVG\\AVGLS\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVGLS\\avgnsx.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56458:TCP"= 56458:TCP:Pando Media Booster

"56458:UDP"= 56458:UDP:Pando Media Booster

"56911:TCP"= 56911:TCP:Pando Media Booster

"56911:UDP"= 56911:UDP:Pando Media Booster

 

R1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/09/2009 23:46 253576]

R1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/09/2009 23:46 108296]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/09/2009 18:30 108289]

R2 avg8wd;AVG LinkScanner® WatchDog;c:\arquiv~1\AVG\AVGLS\avgwdsvc.exe [01/09/2009 23:46 298776]

R2 CachemanXPService;CachemanXP;c:\arquiv~1\CACHEM~1\CachemanXP.exe [05/09/2009 19:40 355840]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

S2 ekrn;ESET Service; [x]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys --> c:\windows\system32\DRIVERS\3xHybrid.sys [?]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [21/05/2007 19:50 14074]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [27/11/2008 21:05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [27/11/2008 21:05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [27/11/2008 21:05 110464]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [27/11/2008 21:05 100480]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [18/08/2007 15:24 28480]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2009-10-13 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-02 18:35]

 

2009-10-13 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-09-05 19:09]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.orbitdownloader.com

IE: &Clean Traces

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Download with &DAP

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Crawler Search - tbr:iemenu

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: Download &all with DAP

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: w2pxdrv.dll

TCP: {F6ED63BF-48EA-49FF-B3BF-A0E98B62947B} = 156.154.70.25,156.154.71.25

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Crawler Search

FF - prefs.js: browser.startup.homepage - hxxp://www.terra.com.br/portal/

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\AVG\AVGLS\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-13 11:28

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

"BarID"=dword:0000e81b

"Bars"=dword:00000003

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e800

"Bar#2"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

"BarID"=dword:0000e81c

"Bars"=dword:00000004

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e807

"Bar#2"=dword:0000e806

"Bar#3"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

"BarID"=dword:0000e800

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000001f5

"MRUDockBottomPos"=dword:00000036

"MRUFloatStyle"=dword:00002000

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

"BarID"=dword:0000e806

"XPos"=dword:fffffffe

"YPos"=dword:00000141

"Docking"=dword:00000001

"MRUDockID"=dword:0000e81c

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:00000141

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000287

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

"BarID"=dword:0000e807

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000143

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

"Bars"=dword:00000005

"ScreenCX"=dword:00000400

"ScreenCY"=dword:00000300

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

"FirstRun"=dword:00000000

"xScreen"=dword:00000400

"yScreen"=dword:000002c4

"floats"="1.000000 0.500000 0.500000 120 120"

"skin"="ISR_10Moons.dll"

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

"FLAG"=dword:00000000

"SHOWCMD"=dword:00000001

"LEFT"=dword:fffffffc

"TOP"=dword:fffffffc

"RIGHT"=dword:00000404

"BOTTOM"=dword:000002e2

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\klogon.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(904)

c:\windows\system32\setupapi.dll

.

Tempo para conclusão: 2009-10-13 11:30

ComboFix-quarantined-files.txt 2009-10-13 14:30

 

Pré-execução: 45 pasta(s) 77.413.679.104 bytes disponíveis

Pós execução: 46 pasta(s) 77.397.434.368 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

571 --- E O F --- 2009-09-21 16:35

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:32:28, on 13/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: ESET Service (ekrn) - ESET - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 12624 bytes

[DigRam 144]

Boa Tarde! .matiello

 

<!> Ps: Você possui mais que um antivírus. Fique,somente,com o Avira.

<><><><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no desktop,com o nome: CFScript.txt

 

RegLock::

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

Driver::

"ekrn"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: C:\ComboFix.txt + HijackThis,atualizado.

<><><><><><><><><><><>

<@> Baixe: < PaintRestore.reg >

<@> Salve-o no desktop --> Execute-o e confirme sua inserção ao registro.

<@> Reinicie o computador!

<><><><><><><><><><><>

<!> Poste,também,HijackThis,atualizado.

 

Abraços!

[.matiello 0]

Dig após fazer o lance de arrastar o arquivo ate o combofix, aparece uma mensagem que tenho 2 antivirus instalado:o avira e eset

eu ja fechei o avira só que o eset, que ja tive, ja desinstalei a algum tempo

o que eu faço?

[DigRam 144]

Dig após fazer o lance de arrastar o arquivo ate o combofix, aparece uma mensagem que tenho 2 antivirus instalado:o avira e eset

eu ja fechei o avira só que o eset, que ja tive, ja desinstalei a algum tempo

o que eu faço?

<><><><><><><><><><>

Opa! .matiello

 

<!> Ignore o aviso e siga com a execução da ferramenta,ao proceder o arraste de CFScript.txt ao ícone ComboFix.exe.

 

Abraços!

[.matiello 0]

ComboFix 09-10-13.01 - Marcus 13/10/2009 20:54.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1387 [GMT -3:00]

Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marcus\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_EKRN

-------\Service_ekrn

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-14 to 2009-10-14 ))))))))))))))))))))))))))))

.

 

2009-10-12 19:54 . 2009-10-12 19:54 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-10-12 19:52 . 2009-10-12 19:52 -------- d-----w- c:\windows\ERUNT

2009-10-12 19:41 . 2009-10-12 20:12 -------- d-----w- C:\SDFix

2009-10-12 19:38 . 2009-10-12 19:40 1529241 ----a-w- C:\SDFix.exe

2009-10-12 15:24 . 2009-10-13 14:32 -------- d-----w- C:\Hijack

2009-10-11 17:46 . 2009-10-11 17:46 482 ----a-w- C:\cc_20091011_144628.reg

2009-10-11 15:31 . 2009-10-11 15:31 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-10-09 22:56 . 2009-10-09 22:56 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2009-10-06 20:05 . 2009-10-06 20:05 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Xfire

2009-10-06 19:57 . 2009-10-06 20:13 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-10-06 19:24 . 2009-10-06 19:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-10-06 19:24 . 2009-10-06 19:51 -------- d-----w- c:\arquivos de programas\DAP

2009-10-06 19:24 . 2009-10-06 19:24 -------- d-----w- c:\arquivos de programas\SpeedBit Video Downloader

2009-10-06 16:14 . 2009-10-13 16:47 -------- d-----w- C:\downloads

2009-10-06 16:14 . 2009-10-06 16:14 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\GrabPro

2009-10-06 16:14 . 2009-10-14 00:01 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Orbit

2009-09-29 20:27 . 2009-10-08 03:01 353840 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-09-29 20:20 . 2009-10-09 23:11 -------- d-----w- c:\arquivos de programas\COMODO

2009-09-29 19:01 . 2009-09-29 19:01 -------- d-----w- C:\ijji

2009-09-29 14:30 . 2009-09-29 14:30 -------- d-----w- c:\arquivos de programas\Vstplugins

2009-09-29 14:29 . 2009-09-29 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-09-29 14:29 . 2009-09-29 14:34 -------- d-----w- c:\arquivos de programas\Sony

2009-09-29 03:43 . 2009-09-29 03:43 -------- d-----w- c:\arquivos de programas\Your Freedom

2009-09-29 03:13 . 2009-09-29 03:13 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-09-27 20:29 . 2009-10-07 23:25 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\DMCache

2009-09-25 14:51 . 2009-09-29 03:45 -------- d-----w- c:\arquivos de programas\ijji

2009-09-22 02:56 . 2009-09-22 02:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-22 01:36 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Circe Developement

2009-09-22 01:36 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-22 00:39 . 2002-01-05 16:40 487424 ----a-w- c:\windows\system32\MSVCP70.DLL

2009-09-22 00:39 . 2009-09-22 01:10 -------- d-----w- c:\arquivos de programas\FASoft

2009-09-22 00:39 . 2009-09-22 00:39 -------- d-----w- c:\documents and settings\Marcus\WINDOWS

2009-09-22 00:39 . 2009-09-22 01:10 -------- d-----w- c:\windows\ntrcktmp

2009-09-21 23:49 . 2004-03-29 19:23 90112 ----a-w- c:\windows\unvise32.exe

2009-09-21 23:47 . 2009-09-21 23:49 -------- d-----w- c:\arquivos de programas\Magic Bullet Editors 2.0 Vegas

2009-09-21 23:40 . 2009-09-21 23:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\eSellerate

2009-09-21 23:40 . 2009-09-22 02:32 -------- d-----w- c:\arquivos de programas\NewBlue

2009-09-21 23:39 . 2009-09-21 23:39 -------- d-----w- c:\arquivos de programas\Sonic Foundry

2009-09-21 23:30 . 2009-09-29 14:28 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-09-21 22:41 . 2009-09-21 22:41 -------- d-----w- C:\movies

2009-09-21 22:41 . 2009-09-21 22:41 -------- d-----w- c:\arquivos de programas\Power Video Converter

2009-09-20 21:30 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-20 21:30 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-20 21:30 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-20 21:30 . 2009-09-20 21:30 -------- d-----w- c:\arquivos de programas\Avira

2009-09-20 15:13 . 2009-09-29 03:37 -------- d-----w- c:\arquivos de programas\NitroPC

2009-09-20 02:43 . 2009-09-20 02:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-20 02:42 . 2009-09-20 21:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-19 22:10 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-17 01:49 . 2009-09-20 14:56 -------- d-----w- c:\arquivos de programas\Pinnacle

2009-09-17 01:48 . 2009-09-17 01:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle

2009-09-16 21:38 . 2009-09-16 21:38 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Publish Providers

2009-09-16 21:38 . 2009-09-18 00:36 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Sony

2009-09-16 21:26 . 2009-10-06 14:48 -------- d-----w- C:\Fraps

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-14 00:01 . 2009-05-08 13:41 1700640 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-10-14 00:00 . 2009-05-08 13:41 24962592 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-10-13 23:59 . 2009-05-08 13:41 335348 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-10-13 23:59 . 2009-05-08 13:41 160436 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-10-13 20:45 . 2008-11-15 14:03 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent

2009-10-12 07:59 . 2009-09-12 16:14 -------- d-----w- c:\arquivos de programas\MegaJogos

2009-10-10 15:29 . 2009-09-02 01:16 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-10-06 19:44 . 2009-09-02 12:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-04 23:44 . 2009-04-13 01:55 -------- d-----w- c:\arquivos de programas\Crawler

2009-09-30 02:41 . 2009-07-14 18:22 -------- d-----w- c:\arquivos de programas\TeamViewer

2009-09-29 22:50 . 2009-09-01 01:09 -------- d-----w- c:\arquivos de programas\eWar 3.1

2009-09-29 20:20 . 2009-08-19 01:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-29 20:20 . 2009-08-19 01:57 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-29 19:01 . 2007-05-21 22:37 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-09-29 03:41 . 2009-01-03 20:21 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-09-22 20:18 . 2008-11-24 20:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-09-20 14:58 . 2009-09-02 15:00 -------- d-----w- c:\arquivos de programas\IObit

2009-09-17 02:03 . 2009-02-20 16:26 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\DivX

2009-09-17 01:40 . 2009-09-05 22:51 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\GlarySoft

2009-09-13 19:10 . 2009-03-31 00:39 -------- d-----w- c:\arquivos de programas\PokerStars

2009-09-12 23:46 . 2009-09-02 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-09-10 14:22 . 2009-08-13 02:12 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-09-09 23:12 . 2007-05-23 22:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-09-05 22:48 . 2009-09-05 22:48 -------- d-----w- c:\arquivos de programas\Glary Utilities

2009-09-05 22:40 . 2009-04-23 21:09 -------- d-----w- c:\arquivos de programas\CachemanXP

2009-09-04 21:00 . 2009-09-04 21:00 916430 ----a-w- c:\arquivos de programas\Apr2006_MDX1_x86.cab

2009-09-04 00:58 . 2004-08-04 12:00 79832 ----a-w- c:\windows\system32\perfc016.dat

2009-09-04 00:58 . 2004-08-04 12:00 470730 ----a-w- c:\windows\system32\perfh016.dat

2009-09-02 20:48 . 2007-05-21 22:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-02 20:43 . 2009-09-02 15:00 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\IObit

2009-09-02 20:38 . 2009-08-12 23:57 -------- d-----w- c:\arquivos de programas\softendo.com

2009-09-02 02:46 . 2009-09-02 02:46 253576 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-02 02:46 . 2009-09-02 02:46 108296 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-02 02:46 . 2009-09-02 02:46 -------- d-----w- c:\arquivos de programas\AVG

2009-09-02 02:46 . 2009-09-02 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8ls

2009-09-02 02:29 . 2009-09-02 02:29 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\AVG8

2009-09-01 02:37 . 2004-08-04 07:45 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-09-01 01:19 . 2009-09-01 01:19 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-01 01:19 . 2008-03-08 17:38 -------- d-----w- c:\arquivos de programas\Java

2009-08-30 19:04 . 2009-08-30 00:21 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-08-30 00:20 . 2009-02-19 16:27 -------- d-----w- c:\arquivos de programas\DivX

2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-08-15 02:13 . 2009-08-15 02:13 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-08-15 02:13 . 2009-08-15 02:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA Corporation

2009-08-15 01:08 . 2009-04-18 15:48 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-08-15 00:59 . 2007-06-02 01:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-08-06 22:24 . 2007-05-21 21:10 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 22:24 . 2007-05-21 21:10 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 22:24 . 2007-05-21 21:10 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 22:24 . 2005-05-26 07:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 22:24 . 2007-05-21 21:10 53472 ------w- c:\windows\system32\wuauclt.exe

2009-08-06 22:24 . 2004-08-04 07:45 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 22:23 . 2007-05-21 21:10 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 22:23 . 2007-06-19 23:42 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 22:23 . 2007-06-19 23:42 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 22:23 . 2007-05-21 21:10 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:00 . 2004-08-04 07:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2004-08-04 07:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 18:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-17 19:03 . 2004-08-04 07:45 58880 ----a-w- c:\windows\system32\atl.dll

2008-08-12 00:07 . 2008-07-17 22:49 29806 ----a-w- c:\arquivos de programas\megacubo_log.log

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\14520071\comctl32.dll

[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\10355011\comctl32.dll

[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2006-08-25 . 873E9E5B23D206BE443ABD3CF597C2E8 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . 50141E3C168F02C3920891400CEC9FF4 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\65836\comctl32.dll

[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

[-] 2009-07-19 . C8EB873A9B0B6F8C997C83A895F2C05D . 6211072 . . [8.00.6001.18812] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\system32\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll

[7] 2009-04-29 . 02E979A0AF1154B662197CE4A7C55B7D . 3596288 . . [7.00.6000.16850] . . c:\windows\ie8\mshtml.dll

[7] 2009-04-29 . 504CDF33912AC30894CD4212C8502144 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll

[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll

[7] 2009-02-21 . DB7EF9A37E690CDA63021C7B4BA10EA7 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll

[7] 2009-02-20 . A3C5332ACB981726FA37912569FEB074 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll

[7] 2009-01-17 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll

[7] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[7] 2008-12-13 . A294B659329C4007D75FF675A8A3A94F . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[7] 2008-12-13 . 4C2F6BAFA9236FA50620CC3E6DDF3BAD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[7] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll

[7] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[7] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll

[7] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

[7] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll

[7] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll

[7] 2008-04-24 . 64F482EA4F26168A96D74F74096ECEE8 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll

[7] 2008-04-23 . 20FB3AC0FEF99E7444DBAD5705870887 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll

[7] 2008-03-01 . A6C43E554C7E1C584C57410F87FF6FAD . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll

[7] 2008-03-01 . 0571E353495276FEA10816EB2065BDB0 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[7] 2007-12-08 . A565094D7133D110305531AA9E0C0FB5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll

[7] 2007-12-07 . BBAC7C10FC8CFF2F890873F69BE2498F . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll

[7] 2007-10-30 . FFDA226726452AD71D5CE5810CB7DB30 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll

[7] 2007-10-30 . 0494C9577CC5EA957A9E7AF281408D72 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll

[7] 2007-08-20 . B1189C0EFD72099D8DBFA4EF3EFA3D3B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll

[7] 2007-08-20 . E52992A6BCD0A242DAFBE8E5E36E823D . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll

[7] 2007-07-19 . 77A7A597604BC7B912473F226CE97E23 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll

[7] 2007-07-18 . 7C518776841AC612362EA21696B3D55E . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll

[7] 2007-05-08 . 76B02F0C1FFD986869A9F689052EF685 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll

[7] 2007-05-08 . FF09B59560FB2DBB479D9C2E6D4D0C3B . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll

[7] 2007-03-07 . 1FF8173A05C80696AB31E8C4968E5361 . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll

[7] 2007-03-07 . 2F388F8112E8F634CCB4EFAD496CF4D4 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll

[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll

[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll

 

[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . 023A1B1C004483AEEB4209239524DCC5 . 2149376 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 . 7AACD829F2A9BB4DACE70CBFC6046934 . 2140160 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2005-03-02 . 7C9E84463BF6228660898395851464E0 . 2139648 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

 

[-] 2009-10-12 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . F86D3E5C8FE13297E1C2D662F9E2D59D . 578560 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . B5782EE6EAFE3C218236F79F1A27B747 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . 7FFBCF1B94E6929DEECE06670C2407D6 . 577536 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

 

[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\system32\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\system32\dllcache\wininet.dll

[7] 2009-04-29 . 655C1AB1542F5FCBF81E35FAEA9C98C4 . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll

[7] 2009-04-29 . 970E417EDDEFA88E68C47B3B854BDC2E . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll

[7] 2009-03-03 . 5E06773367C4F7D07F7E088DE4155795 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-03-03 . ED9B2E986B3F2EC048B1930FFCC3D7D4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll

[7] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[7] 2008-04-23 . DD01BDE9CA09B53C50F67E932181CB7E . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-04-23 . 7282F35CBA5770795325F4B55E992F8F . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[7] 2008-03-01 . 85B2CDB953E8D6956FB17B4B5FBECA60 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll

[7] 2008-03-01 . B7D78DDC9BDB7CE9E70CB97A142B160C . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[7] 2007-12-07 . 769CE05CB67B19196E47CE6AA9246243 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll

[7] 2007-12-07 . 6EDAE22E39820D235D43C53D1D7AF6FD . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

[7] 2007-10-10 . 72B0921B0146DAF6D45D497EAEB45AB0 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll

[7] 2007-10-10 . 7BD056001A1794AE58AC1E6A431E0ED9 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

[7] 2007-08-20 . 1C9109F9368EED632396829CE13A040F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll

[7] 2007-08-20 . 661B708F131BD39979A7C53ECAC7885E . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

[7] 2007-06-27 . 4508CBB1CBBC15975BEE6E74246FD26A . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

[7] 2007-06-27 . 55D5B4C2DD719F9A4E02D8CC2180F8ED . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll

[7] 2007-04-25 . 1E01E09DBF1B60188B83F1C56C81760D . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

[7] 2007-04-25 . C686B52A7601C49DB96D562B5E981FEB . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll

[7] 2007-03-07 . 82274E0B5210EC9D4A1B2E395AA593E3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll

[7] 2007-03-07 . A397B8BD7F2BF08ACCD0C5D4A6157B70 . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll

[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll

 

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

 

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . DCCBF18E94D651393A3FFA060F88E0A0 . 1035264 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

 

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

 

[7] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 616D6CD2B6AD2B022234C4A524DB3E46 . 2028032 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 . 1F433C0F544A74459F035B71121A4569 . 2019840 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2005-03-02 . 98C8C29BB2BD2427819674062604668C . 2019328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_14.28.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-14 00:01 . 2009-10-14 00:01 16384 c:\windows\Temp\Perflib_Perfdata_b44.dat

+ 2009-10-14 00:01 . 2009-10-14 00:01 16384 c:\windows\Temp\Perflib_Perfdata_940.dat

+ 2009-10-13 20:52 . 2009-10-13 20:52 16384 c:\windows\Temp\Perflib_Perfdata_8b0.dat

+ 2009-10-14 00:01 . 2009-10-14 00:01 16384 c:\windows\Temp\Perflib_Perfdata_8a8.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]

2009-10-06 19:24 2655736 ----a-w- c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 12:56 1090816 ----a-w- c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ProxyCap"="c:\arquiv~1\PROXYL~1\ProxyCap\ProxyCap.exe" [2009-04-18 282624]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 40448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-01 149280]

"ipTray.exe"="c:\arquivos de programas\Intel\IDU\iptray.exe" [2006-12-28 2242328]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]

"NiwradSoft Welcome"="c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe" [2009-07-23 264913]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVGLS\avgtray.exe" [2009-09-02 1950488]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-05-26 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

NCProTray.lnk - c:\arquivos de programas\SEC\Natural Color Pro\NCProTray.exe [2007-9-30 49220]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-10-11 1719568]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\AVG\\AVGLS\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVGLS\\avgnsx.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56458:TCP"= 56458:TCP:Pando Media Booster

"56458:UDP"= 56458:UDP:Pando Media Booster

"56911:TCP"= 56911:TCP:Pando Media Booster

"56911:UDP"= 56911:UDP:Pando Media Booster

 

R1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/09/2009 23:46 253576]

R1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/09/2009 23:46 108296]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/09/2009 18:30 108289]

R2 avg8wd;AVG LinkScanner® WatchDog;c:\arquiv~1\AVG\AVGLS\avgwdsvc.exe [01/09/2009 23:46 298776]

R2 CachemanXPService;CachemanXP;c:\arquiv~1\CACHEM~1\CachemanXP.exe [05/09/2009 19:40 355840]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys --> c:\windows\system32\DRIVERS\3xHybrid.sys [?]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [21/05/2007 19:50 14074]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [27/11/2008 21:05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [27/11/2008 21:05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [27/11/2008 21:05 110464]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [27/11/2008 21:05 100480]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [18/08/2007 15:24 28480]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2009-10-14 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-02 18:35]

 

2009-10-14 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-09-05 19:09]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.orbitdownloader.com

IE: &Clean Traces

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Download with &DAP

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Crawler Search - tbr:iemenu

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: Download &all with DAP

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: w2pxdrv.dll

TCP: {F6ED63BF-48EA-49FF-B3BF-A0E98B62947B} = 156.154.70.25,156.154.71.25

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Crawler Search

FF - prefs.js: browser.startup.homepage - hxxp://www.terra.com.br/portal/

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\AVG\AVGLS\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-13 21:00

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

"BarID"=dword:0000e81b

"Bars"=dword:00000003

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e800

"Bar#2"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

"BarID"=dword:0000e81c

"Bars"=dword:00000004

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e807

"Bar#2"=dword:0000e806

"Bar#3"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

"BarID"=dword:0000e800

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000001f5

"MRUDockBottomPos"=dword:00000036

"MRUFloatStyle"=dword:00002000

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

"BarID"=dword:0000e806

"XPos"=dword:fffffffe

"YPos"=dword:00000141

"Docking"=dword:00000001

"MRUDockID"=dword:0000e81c

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:00000141

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000287

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

"BarID"=dword:0000e807

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000143

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

"Bars"=dword:00000005

"ScreenCX"=dword:00000400

"ScreenCY"=dword:00000300

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

"FirstRun"=dword:00000000

"xScreen"=dword:00000400

"yScreen"=dword:000002c4

"floats"="1.000000 0.500000 0.500000 120 120"

"skin"="ISR_10Moons.dll"

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

"FLAG"=dword:00000000

"SHOWCMD"=dword:00000001

"LEFT"=dword:fffffffc

"TOP"=dword:fffffffc

"RIGHT"=dword:00000404

"BOTTOM"=dword:000002e2

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\klogon.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(904)

c:\windows\system32\setupapi.dll

 

- - - - - - - > 'explorer.exe'(2764)

c:\windows\system32\WININET.dll

c:\arquivos de programas\NVIDIA Corporation\nView\nview.dll

c:\arquivos de programas\NVIDIA Corporation\nView\NVWRSPTB.DLL

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\a-squared Free\a2service.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\Intel\IDU\awServ.exe

c:\arquiv~1\AVG\AVGLS\avgnsx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Orbitdownloader\orbitnet.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\snmp.exe

c:\windows\system32\stacsv.exe

c:\arquivos de programas\iPod\bin\iPodService.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-10-14 21:05 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-10-14 00:05

ComboFix2.txt 2009-10-13 14:30

 

Pré-execução: 45 pasta(s) 77.815.365.632 bytes disponíveis

Pós execução: 46 pasta(s) 77.689.311.232 bytes disponíveis

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

599 --- E O F --- 2009-09-21 16:35

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:08:01, on 13/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\rundll32.exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 13322 bytes

[.matiello 0]

opa baixei o painrestore e ele veio na forma de txt é assim mesmo?como eu vou inserir ao registro?

[DigRam 144]

opa baixei o painrestore e ele veio na forma de txt é assim mesmo?como eu vou inserir ao registro?

<><><><><><><><><>

Opa! .matiello

 

<!> Se não souber converte-lo para arquivo .reg,baixe-o daqui: < PaintRestore.zip >

<!> Tire-o do zip,ao inseri-lo ao registro.

<!> Mas...execute primeiro o CFScript.

<><><><><><><><><>

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RegNull::

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

ReglockDel::

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[.matiello 0]

ComboFix 09-10-13.01 - Marcus 14/10/2009 12:32.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2045.1582 [GMT -3:00]

Executando de: c:\documents and settings\Marcus\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marcus\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-14 to 2009-10-14 ))))))))))))))))))))))))))))

.

 

2009-10-12 19:54 . 2009-10-12 19:54 579072 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-10-12 19:52 . 2009-10-12 19:52 -------- d-----w- c:\windows\ERUNT

2009-10-12 19:41 . 2009-10-12 20:12 -------- d-----w- C:\SDFix

2009-10-12 19:38 . 2009-10-12 19:40 1529241 ----a-w- C:\SDFix.exe

2009-10-12 15:24 . 2009-10-14 00:07 -------- d-----w- C:\Hijack

2009-10-11 17:46 . 2009-10-11 17:46 482 ----a-w- C:\cc_20091011_144628.reg

2009-10-11 15:31 . 2009-10-11 15:31 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-10-09 22:56 . 2009-10-09 22:56 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2009-10-06 20:05 . 2009-10-06 20:05 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Xfire

2009-10-06 19:57 . 2009-10-06 20:13 -------- d-----w- c:\arquivos de programas\Free Download Manager

2009-10-06 19:24 . 2009-10-06 19:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-10-06 19:24 . 2009-10-06 19:51 -------- d-----w- c:\arquivos de programas\DAP

2009-10-06 19:24 . 2009-10-06 19:24 -------- d-----w- c:\arquivos de programas\SpeedBit Video Downloader

2009-10-06 16:14 . 2009-10-13 16:47 -------- d-----w- C:\downloads

2009-10-06 16:14 . 2009-10-06 16:14 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\GrabPro

2009-10-06 16:14 . 2009-10-14 15:29 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Orbit

2009-09-29 20:27 . 2009-10-08 03:01 353840 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-09-29 20:20 . 2009-10-09 23:11 -------- d-----w- c:\arquivos de programas\COMODO

2009-09-29 19:01 . 2009-09-29 19:01 -------- d-----w- C:\ijji

2009-09-29 14:30 . 2009-09-29 14:30 -------- d-----w- c:\arquivos de programas\Vstplugins

2009-09-29 14:29 . 2009-09-29 14:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Sony

2009-09-29 14:29 . 2009-09-29 14:34 -------- d-----w- c:\arquivos de programas\Sony

2009-09-29 03:43 . 2009-09-29 03:43 -------- d-----w- c:\arquivos de programas\Your Freedom

2009-09-29 03:13 . 2009-09-29 03:13 -------- d-----r- c:\documents and settings\LocalService\Favoritos

2009-09-27 20:29 . 2009-10-07 23:25 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\DMCache

2009-09-25 14:51 . 2009-09-29 03:45 -------- d-----w- c:\arquivos de programas\ijji

2009-09-22 02:56 . 2009-09-22 02:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-22 01:36 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Circe Developement

2009-09-22 01:36 . 2009-09-22 01:36 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-22 00:39 . 2002-01-05 16:40 487424 ----a-w- c:\windows\system32\MSVCP70.DLL

2009-09-22 00:39 . 2009-09-22 01:10 -------- d-----w- c:\arquivos de programas\FASoft

2009-09-22 00:39 . 2009-09-22 00:39 -------- d-----w- c:\documents and settings\Marcus\WINDOWS

2009-09-22 00:39 . 2009-09-22 01:10 -------- d-----w- c:\windows\ntrcktmp

2009-09-21 23:49 . 2004-03-29 19:23 90112 ----a-w- c:\windows\unvise32.exe

2009-09-21 23:47 . 2009-09-21 23:49 -------- d-----w- c:\arquivos de programas\Magic Bullet Editors 2.0 Vegas

2009-09-21 23:40 . 2009-09-21 23:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\eSellerate

2009-09-21 23:40 . 2009-09-22 02:32 -------- d-----w- c:\arquivos de programas\NewBlue

2009-09-21 23:39 . 2009-09-21 23:39 -------- d-----w- c:\arquivos de programas\Sonic Foundry

2009-09-21 23:30 . 2009-09-29 14:28 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-09-21 22:41 . 2009-09-21 22:41 -------- d-----w- C:\movies

2009-09-21 22:41 . 2009-09-21 22:41 -------- d-----w- c:\arquivos de programas\Power Video Converter

2009-09-20 21:30 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-09-20 21:30 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-09-20 21:30 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-09-20 21:30 . 2009-09-20 21:30 -------- d-----w- c:\arquivos de programas\Avira

2009-09-20 15:13 . 2009-09-29 03:37 -------- d-----w- c:\arquivos de programas\NitroPC

2009-09-20 02:43 . 2009-09-20 02:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-09-20 02:42 . 2009-09-20 21:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-19 22:10 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-09-17 01:49 . 2009-09-20 14:56 -------- d-----w- c:\arquivos de programas\Pinnacle

2009-09-17 01:48 . 2009-09-17 01:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Pinnacle

2009-09-16 21:38 . 2009-09-16 21:38 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Publish Providers

2009-09-16 21:38 . 2009-09-18 00:36 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\Sony

2009-09-16 21:26 . 2009-10-06 14:48 -------- d-----w- C:\Fraps

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-14 15:36 . 2009-05-08 13:41 25064736 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-10-14 15:36 . 2009-05-08 13:41 1707296 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-10-14 03:38 . 2009-05-08 13:41 160748 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-10-14 03:38 . 2009-05-08 13:41 335852 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-10-13 20:45 . 2008-11-15 14:03 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\uTorrent

2009-10-12 07:59 . 2009-09-12 16:14 -------- d-----w- c:\arquivos de programas\MegaJogos

2009-10-10 15:29 . 2009-09-02 01:16 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-10-06 19:44 . 2009-09-02 12:01 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-10-04 23:44 . 2009-04-13 01:55 -------- d-----w- c:\arquivos de programas\Crawler

2009-09-30 02:41 . 2009-07-14 18:22 -------- d-----w- c:\arquivos de programas\TeamViewer

2009-09-29 22:50 . 2009-09-01 01:09 -------- d-----w- c:\arquivos de programas\eWar 3.1

2009-09-29 20:20 . 2009-08-19 01:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-09-29 20:20 . 2009-08-19 01:57 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-09-29 19:01 . 2007-05-21 22:37 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-09-29 03:41 . 2009-01-03 20:21 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-09-22 20:18 . 2008-11-24 20:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-09-20 14:58 . 2009-09-02 15:00 -------- d-----w- c:\arquivos de programas\IObit

2009-09-17 02:03 . 2009-02-20 16:26 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\DivX

2009-09-17 01:40 . 2009-09-05 22:51 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\GlarySoft

2009-09-13 19:10 . 2009-03-31 00:39 -------- d-----w- c:\arquivos de programas\PokerStars

2009-09-12 23:46 . 2009-09-02 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVG Security Toolbar

2009-09-10 14:22 . 2009-08-13 02:12 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2009-09-09 23:12 . 2007-05-23 22:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-09-05 22:48 . 2009-09-05 22:48 -------- d-----w- c:\arquivos de programas\Glary Utilities

2009-09-05 22:40 . 2009-04-23 21:09 -------- d-----w- c:\arquivos de programas\CachemanXP

2009-09-04 21:00 . 2009-09-04 21:00 916430 ----a-w- c:\arquivos de programas\Apr2006_MDX1_x86.cab

2009-09-04 00:58 . 2004-08-04 12:00 79832 ----a-w- c:\windows\system32\perfc016.dat

2009-09-04 00:58 . 2004-08-04 12:00 470730 ----a-w- c:\windows\system32\perfh016.dat

2009-09-02 20:48 . 2007-05-21 22:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-02 20:43 . 2009-09-02 15:00 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\IObit

2009-09-02 20:38 . 2009-08-12 23:57 -------- d-----w- c:\arquivos de programas\softendo.com

2009-09-02 02:46 . 2009-09-02 02:46 253576 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-09-02 02:46 . 2009-09-02 02:46 108296 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-09-02 02:46 . 2009-09-02 02:46 -------- d-----w- c:\arquivos de programas\AVG

2009-09-02 02:46 . 2009-09-02 02:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg8ls

2009-09-02 02:29 . 2009-09-02 02:29 -------- d-----w- c:\documents and settings\Marcus\Dados de aplicativos\AVG8

2009-09-01 02:37 . 2004-08-04 07:45 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-09-01 01:19 . 2009-09-01 01:19 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-01 01:19 . 2008-03-08 17:38 -------- d-----w- c:\arquivos de programas\Java

2009-08-30 19:04 . 2009-08-30 00:21 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2009-08-30 00:20 . 2009-02-19 16:27 -------- d-----w- c:\arquivos de programas\DivX

2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-08-06 22:24 . 2007-05-21 21:10 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 22:24 . 2007-05-21 21:10 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 22:24 . 2007-05-21 21:10 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 22:24 . 2005-05-26 07:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 22:24 . 2007-05-21 21:10 53472 ------w- c:\windows\system32\wuauclt.exe

2009-08-06 22:24 . 2004-08-04 07:45 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 22:23 . 2007-05-21 21:10 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 22:23 . 2007-06-19 23:42 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 22:23 . 2007-06-19 23:42 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 22:23 . 2007-05-21 21:10 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-05 09:00 . 2004-08-04 07:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-29 04:36 . 2004-08-04 07:45 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:36 . 2001-10-28 18:06 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-07-17 19:03 . 2004-08-04 07:45 58880 ----a-w- c:\windows\system32\atl.dll

2008-08-12 00:07 . 2008-07-17 22:49 29806 ----a-w- c:\arquivos de programas\megacubo_log.log

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

 

------- Sigcheck -------

 

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\14520071\comctl32.dll

[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\InstallTemp\10355011\comctl32.dll

[7] 2008-04-13 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2006-08-25 . 873E9E5B23D206BE443ABD3CF597C2E8 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2006-08-25 . 50141E3C168F02C3920891400CEC9FF4 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\65836\comctl32.dll

[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[7] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[7] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

 

[-] 2009-07-19 . C8EB873A9B0B6F8C997C83A895F2C05D . 6211072 . . [8.00.6001.18812] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\system32\mshtml.dll

[-] 2009-07-19 . 63F1535AA4E623CB80B94A7F124319CA . 6098432 . . [8.00.6001.18812] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll

[7] 2009-04-29 . 02E979A0AF1154B662197CE4A7C55B7D . 3596288 . . [7.00.6000.16850] . . c:\windows\ie8\mshtml.dll

[7] 2009-04-29 . 504CDF33912AC30894CD4212C8502144 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll

[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll

[7] 2009-02-21 . DB7EF9A37E690CDA63021C7B4BA10EA7 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll

[7] 2009-02-20 . A3C5332ACB981726FA37912569FEB074 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll

[7] 2009-01-17 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll

[7] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[7] 2008-12-13 . A294B659329C4007D75FF675A8A3A94F . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[7] 2008-12-13 . 4C2F6BAFA9236FA50620CC3E6DDF3BAD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[7] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll

[7] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[7] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll

[7] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

[7] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll

[7] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll

[7] 2008-04-24 . 64F482EA4F26168A96D74F74096ECEE8 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll

[7] 2008-04-23 . 20FB3AC0FEF99E7444DBAD5705870887 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll

[7] 2008-03-01 . A6C43E554C7E1C584C57410F87FF6FAD . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll

[7] 2008-03-01 . 0571E353495276FEA10816EB2065BDB0 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[7] 2007-12-08 . A565094D7133D110305531AA9E0C0FB5 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll

[7] 2007-12-07 . BBAC7C10FC8CFF2F890873F69BE2498F . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll

[7] 2007-10-30 . FFDA226726452AD71D5CE5810CB7DB30 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll

[7] 2007-10-30 . 0494C9577CC5EA957A9E7AF281408D72 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll

[7] 2007-08-20 . B1189C0EFD72099D8DBFA4EF3EFA3D3B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll

[7] 2007-08-20 . E52992A6BCD0A242DAFBE8E5E36E823D . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll

[7] 2007-07-19 . 77A7A597604BC7B912473F226CE97E23 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll

[7] 2007-07-18 . 7C518776841AC612362EA21696B3D55E . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll

[7] 2007-05-08 . 76B02F0C1FFD986869A9F689052EF685 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll

[7] 2007-05-08 . FF09B59560FB2DBB479D9C2E6D4D0C3B . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll

[7] 2007-03-07 . 1FF8173A05C80696AB31E8C4968E5361 . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll

[7] 2007-03-07 . 2F388F8112E8F634CCB4EFAD496CF4D4 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll

[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll

[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll

 

[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-02-09 . 56B4BE308B1C5AE390C19A37BCC9A902 . 2309632 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-08-14 . 023A1B1C004483AEEB4209239524DCC5 . 2149376 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[-] 2007-02-28 . 7AACD829F2A9BB4DACE70CBFC6046934 . 2140160 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2005-03-02 . 7C9E84463BF6228660898395851464E0 . 2139648 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe

[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

 

[-] 2009-10-12 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2007-03-08 . F86D3E5C8FE13297E1C2D662F9E2D59D . 578560 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll

[-] 2007-03-08 . B5782EE6EAFE3C218236F79F1A27B747 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll

[-] 2005-03-02 . 7FFBCF1B94E6929DEECE06670C2407D6 . 577536 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll

[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

 

[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll

[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\system32\wininet.dll

[-] 2009-07-03 . 9C794432E8F18D8908E7897AA41EA9D6 . 982016 . . [8.00.6001.18806] . . c:\windows\system32\dllcache\wininet.dll

[7] 2009-04-29 . 655C1AB1542F5FCBF81E35FAEA9C98C4 . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll

[7] 2009-04-29 . 970E417EDDEFA88E68C47B3B854BDC2E . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll

[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll

[7] 2009-03-03 . 5E06773367C4F7D07F7E088DE4155795 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll

[7] 2009-03-03 . ED9B2E986B3F2EC048B1930FFCC3D7D4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll

[7] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll

[7] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll

[7] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll

[7] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

[7] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll

[7] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll

[7] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[7] 2008-04-23 . DD01BDE9CA09B53C50F67E932181CB7E . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll

[7] 2008-04-23 . 7282F35CBA5770795325F4B55E992F8F . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

[7] 2008-03-01 . 85B2CDB953E8D6956FB17B4B5FBECA60 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll

[7] 2008-03-01 . B7D78DDC9BDB7CE9E70CB97A142B160C . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[7] 2007-12-07 . 769CE05CB67B19196E47CE6AA9246243 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll

[7] 2007-12-07 . 6EDAE22E39820D235D43C53D1D7AF6FD . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

[7] 2007-10-10 . 72B0921B0146DAF6D45D497EAEB45AB0 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll

[7] 2007-10-10 . 7BD056001A1794AE58AC1E6A431E0ED9 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

[7] 2007-08-20 . 1C9109F9368EED632396829CE13A040F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll

[7] 2007-08-20 . 661B708F131BD39979A7C53ECAC7885E . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll

[7] 2007-06-27 . 4508CBB1CBBC15975BEE6E74246FD26A . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll

[7] 2007-06-27 . 55D5B4C2DD719F9A4E02D8CC2180F8ED . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll

[7] 2007-04-25 . 1E01E09DBF1B60188B83F1C56C81760D . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll

[7] 2007-04-25 . C686B52A7601C49DB96D562B5E981FEB . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll

[7] 2007-03-07 . 82274E0B5210EC9D4A1B2E395AA593E3 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll

[7] 2007-03-07 . A397B8BD7F2BF08ACCD0C5D4A6157B70 . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll

[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll

[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll

 

[7] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

 

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 732946EEAA1D8EE2A4FC24370827617B . 977920 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[-] 2008-04-14 . 54701D40A8E060872E666D48FDA27A19 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . DCCBF18E94D651393A3FFA060F88E0A0 . 1035264 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

 

[7] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

 

[7] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-02-09 . BC3BE10F79EE1A3538E1B25AAD2185FC . 2188288 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-08-14 . 616D6CD2B6AD2B022234C4A524DB3E46 . 2028032 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[-] 2007-02-28 . 1F433C0F544A74459F035B71121A4569 . 2019840 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

[-] 2005-03-02 . 98C8C29BB2BD2427819674062604668C . 2019328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe

[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_14.28.14 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-14 15:12 . 2009-10-14 15:12 16384 c:\windows\Temp\Perflib_Perfdata_990.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]

2009-10-06 19:24 2655736 ----a-w- c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 12:56 1090816 ----a-w- c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

"ProxyCap"="c:\arquiv~1\PROXYL~1\ProxyCap\ProxyCap.exe" [2009-04-18 282624]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-01 149280]

"ipTray.exe"="c:\arquivos de programas\Intel\IDU\iptray.exe" [2006-12-28 2242328]

"AppleSyncNotifier"="c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]

"NiwradSoft Welcome"="c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe" [2009-07-23 264913]

"nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVGLS\avgtray.exe" [2009-09-02 1950488]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-05-26 282624]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

NCProTray.lnk - c:\arquivos de programas\SEC\Natural Color Pro\NCProTray.exe [2007-9-30 49220]

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-10-11 1719568]

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Marcus^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\AVG\\AVGLS\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVGLS\\avgnsx.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_05\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\MegaJogos\\jre\\jre\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56458:TCP"= 56458:TCP:Pando Media Booster

"56458:UDP"= 56458:UDP:Pando Media Booster

"56911:TCP"= 56911:TCP:Pando Media Booster

"56911:UDP"= 56911:UDP:Pando Media Booster

 

R1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [01/09/2009 23:46 253576]

R1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\system32\drivers\avgtdix.sys [01/09/2009 23:46 108296]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 107256]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [20/09/2009 18:30 108289]

R2 avg8wd;AVG LinkScanner® WatchDog;c:\arquiv~1\AVG\AVGLS\avgwdsvc.exe [01/09/2009 23:46 298776]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [10/06/2002 00:09 31232]

S2 CachemanXPService;CachemanXP;c:\arquiv~1\CACHEM~1\CachemanXP.exe [05/09/2009 19:40 355840]

S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys --> c:\windows\system32\DRIVERS\3xHybrid.sys [?]

S3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [21/05/2007 19:50 14074]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [27/11/2008 21:05 83584]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [27/11/2008 21:05 14976]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [27/11/2008 21:05 110464]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [27/11/2008 21:05 100480]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 PhTVTune;ENCORE TV Tuner Pro PCI Adapter;c:\windows\system32\drivers\PhTVTune.sys [18/08/2007 15:24 28480]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2009-10-14 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-02 18:35]

 

2009-10-14 c:\windows\Tasks\GlaryInitialize.job

- c:\arquivos de programas\Glary Utilities\initialize.exe [2009-09-05 19:09]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.orbitdownloader.com

IE: &Clean Traces

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Download with &DAP

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Crawler Search - tbr:iemenu

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: Download &all with DAP

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: w2pxdrv.dll

TCP: {F6ED63BF-48EA-49FF-B3BF-A0E98B62947B} = 156.154.70.25,156.154.71.25

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\arquiv~1\Crawler\ctbr.dll

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\documents and settings\Marcus\Dados de aplicativos\Mozilla\Firefox\Profiles\mnctdmk7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Crawler Search

FF - prefs.js: browser.startup.homepage - hxxp://www.terra.com.br/portal/

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\AVG\AVGLS\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVGLS\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-14 12:36

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar0]

"BarID"=dword:0000e81b

"Bars"=dword:00000003

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e800

"Bar#2"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar1]

"BarID"=dword:0000e81c

"Bars"=dword:00000004

"Bar#0"=dword:00000000

"Bar#1"=dword:0000e807

"Bar#2"=dword:0000e806

"Bar#3"=dword:00000000

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar2]

"BarID"=dword:0000e800

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000001f5

"MRUDockBottomPos"=dword:00000036

"MRUFloatStyle"=dword:00002000

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar3]

"BarID"=dword:0000e806

"XPos"=dword:fffffffe

"YPos"=dword:00000141

"Docking"=dword:00000001

"MRUDockID"=dword:0000e81c

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:00000141

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000287

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Bar4]

"BarID"=dword:0000e807

"XPos"=dword:fffffffe

"YPos"=dword:fffffffe

"Docking"=dword:00000001

"MRUDockID"=dword:00000000

"MRUDockLeftPos"=dword:fffffffe

"MRUDockTopPos"=dword:fffffffe

"MRUDockRightPos"=dword:000000c6

"MRUDockBottomPos"=dword:00000143

"MRUFloatStyle"=dword:00002004

"MRUFloatXPos"=dword:80000000

"MRUFloatYPos"=dword:cdcdcdcd

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Bars\Settings-Summary]

"Bars"=dword:00000005

"ScreenCX"=dword:00000400

"ScreenCY"=dword:00000300

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\Settings]

"FirstRun"=dword:00000000

"xScreen"=dword:00000400

"yScreen"=dword:000002c4

"floats"="1.000000 0.500000 0.500000 120 120"

"skin"="ISR_10Moons.dll"

 

[HKEY_USERS\S-1-5-21-1078081533-1409082233-725345543-1006\Software\10Moons\þV * *Gr * *Om * *ȉ * *hV *\WNDSTATUS]

"FLAG"=dword:00000000

"SHOWCMD"=dword:00000001

"LEFT"=dword:fffffffc

"TOP"=dword:fffffffc

"RIGHT"=dword:00000404

"BOTTOM"=dword:000002e2

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\klogon.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(900)

c:\windows\system32\setupapi.dll

 

- - - - - - - > 'explorer.exe'(2208)

c:\windows\system32\WININET.dll

c:\arquivos de programas\NVIDIA Corporation\nView\nview.dll

c:\arquivos de programas\NVIDIA Corporation\nView\NVWRSPTB.DLL

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\arquivos de programas\Scpad\scpLIB.dll

c:\arquivos de programas\Scpad\scpMIB.dll

c:\arquivos de programas\Scpad\sshib.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-10-14 12:39

ComboFix-quarantined-files.txt 2009-10-14 15:39

ComboFix2.txt 2009-10-14 00:05

ComboFix3.txt 2009-10-13 14:30

 

Pré-execução: 45 pasta(s) 77.704.204.288 bytes disponíveis

Pós execução: 46 pasta(s) 77.722.664.960 bytes disponíveis

 

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

565 --- E O F --- 2009-09-21 16:35

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:39:46, on 14/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 12829 bytes

[.matiello 0]

Hijack com a inserção do paintrestore

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:30, on 14/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 13135 bytes

[DigRam 144]

Bom Dia! .matiello

 

<!> Desinstale: C:\Arquivos de programas\Crawler <--

<><><><><><><><><><>

<@> Abra o HijackThis --> Clique: Do a system scan only

 

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

<@> Marque,àcima,estas entradas! --> Clique em Fix checked --> Sim!

<><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<!> Poste: HijackThis,atualizado.

 

Abraços!

[.matiello 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:51:53, on 15/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\AVG\AVGLS\avgnsx.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll (file missing)

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVGLS\avgssie.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll (file missing)

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVGLS\Toolbar\IEToolbar.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVGLS\avgtray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVGLS\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll (file missing)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVGLS\avgwdsvc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 13125 bytes

[DigRam 144]

Boa Tarde! .matiello

 

<!> Voçê possui 2 antivírus: Avira e AVG8

<!> Ps: Fique com o Avira e desinstale o AVG8.

<><><><><><><><><><><><>

<@> Abra o HijackThis,e dê Fix nestas entradas:

 

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\ctbr.dll (file missing)

 

O3 - Toolbar: Barra de ferramentas &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\ctbr.dll (file missing)

 

O8 - Extra context menu item: Crawler Search - tbr:iemenu

 

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\ctbr.dll (file missing)

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Services

npggsvc

AVP

:Files

:Reg

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme! --> Aguarde!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTM\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTM\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[.matiello 0]

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== SERVICES/DRIVERS ==========

 

Service\Driver npggsvc deleted successfully.

 

Service\Driver AVP deleted successfully.

========== FILES ==========

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Marcus

->Temp folder emptied: 44213068 bytes

->Temporary Internet Files folder emptied: 1235751 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 77619416 bytes

->Google Chrome cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 32902 bytes

 

%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\NV26362644.TMP folder deleted successfully.

C:\WINDOWS\NV27602764.TMP folder deleted successfully.

C:\WINDOWS\NV37723776.TMP folder deleted successfully.

C:\WINDOWS\NV38483852.TMP folder deleted successfully.

%systemroot% .tmp files removed: 55085488 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 114688 bytes

RecycleBin emptied: 291526302 bytes

 

Total Files Cleaned = 448,17 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 10152009_124131

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:46:35, on 15/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Intel\IDU\awServ.exe

C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\sttray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Intel\IDU\iptray.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\SEC\Natural Color Pro\NCProTray.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ssh2 Class - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [ipTray.exe] "C:\Arquivos de programas\Intel\IDU\iptray.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [NiwradSoft Welcome] C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NCProTray.lnk = ?

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O10 - Unknown file in Winsock LSP: w2pxdrv.dll

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6ED63BF-48EA-49FF-B3BF-A0E98B62947B}: NameServer = 156.154.70.25,156.154.71.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Arquivos de programas\Intel\IDU\awServ.exe

O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\ARQUIV~1\CACHEM~1\CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

 

--

End of file - 11934 bytes

[DigRam 144]

Boa Tarde! .matiello

 

<@> Remova esta linha: O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Avira GmbH - (no file)

<@> Tente com o procedimento,logo abaixo!

<><><><><><><><><><>

<@> Abra o Bloco de Notas!

<@> Copie ( ctrl + c ) --> Cole ( ctrl + v ),o texto que está no "QUOTE".

 

sc stop "Kaspersky Anti-Virus 6.0"

sc delete "Kaspersky Anti-Virus 6.0"

del services.bat

<@> Salve o arquivo como: DelServices.bat --> Salve-o no Desktop!

<@> Escolha salvar,colocando como Tipo de arquivo: Todos os arquivos (*.*)

 

<@> Ficará um ícone como este: < >

 

<@> Execute o arquivo,com um duplo-clique. <-- Confirme!

<><><><><><><><><><>

<@> Abra o OTMoveIt3 --> Clique em < > --> Aguarde! --> Yes!

<><><><><><><><><><>

<!> Seus logs estão limpos! :bye:

<!> Tudo Ok?

 

Abraços!