[Resolvido!] Pc ta lento, e reiniciando sozinho

[danmex 0]

Boa tarde!

meu pc está muito lento..

tanto a internet como o computador em geral

eh agora ele está reiniciando sozinho, nao sei o motivo :(

obs: notei que ele ficou lento quando coloquei um acelerador de video e download DAP.

espero que vo6 possam me ajudar igual da ultima vez (agradeço ao Sr.DigRam, que resolvou meu problema)

 

 

[OFF] por favor algum moderador, pode apagar este topico aqui ( http://forum.imasters.com.br/index.php?/topic/368301-nao-consigo-instalar-antivirus/page__s__7cc14adbfb0538f20d5e20b3492eb039 ) dei meu login pro meu primo pra ele mas ele nem se interessou ) podem excluir

 

 

 

aqui vai o log do HijackThis do meu PC

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:14, on 9/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\DAP\DAP.EXE

C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL

O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [WindowsLivePhone] C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe /AutoRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun

O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~2\sblsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe

 

--

End of file - 10414 bytes

 

Abraços

[DigRam 144]

Boa Noite! danmex

 

<!> Desinstale os softwares,que causaram seus problemas.

<><><><><><><><><><><>

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[danmex 0]

Boa noite DigRAm

aqui vai os relatorios que você pediu!

 

ComboFix 09-11-13.06 - and 13/11/2009 21:38.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.664 [GMT -2:00]

Executando de: c:\documents and settings\and\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\and\CONFIG~1\Temp\E_N4

c:\docume~1\and\CONFIG~1\Temp\E_N4\cnvpe.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\dp1.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\eAPI.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\HtmlView.fne

c:\docume~1\and\CONFIG~1\Temp\E_N4\krnln.fnr

c:\docume~1\and\CONFIG~1\Temp\E_N4\spec.fne

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3360PR

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-10-13 to 2009-11-13 ))))))))))))))))))))))))))))

.

 

2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\teamspeak2

2009-11-12 05:48 . 2009-11-12 05:48 -------- d-----w- c:\arquivos de programas\Teamspeak2_RC2

2009-11-12 04:54 . 2009-11-12 04:54 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-12 04:54 . 2009-11-12 04:54 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-12 04:46 . 2009-11-12 04:46 15240 ----a-w- c:\documents and settings\and\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2009-11-11 16:45 . 2009-11-11 16:45 -------- d-----w- c:\arquivos de programas\Robster Productions

2009-11-10 15:48 . 2009-11-10 15:48 -------- d-----w- c:\windows\system32\msmq

2009-11-10 15:48 . 2009-11-10 15:48 -------- d-----w- C:\Inetpub

2009-11-09 18:15 . 2009-11-09 18:15 401720 ----a-w- C:\HiJackThis.exe

2009-11-06 04:33 . 2009-11-10 15:53 -------- d-----w- c:\arquivos de programas\DreaMule

2009-11-03 17:16 . 2009-11-03 17:16 -------- d-----w- c:\documents and settings\and\Configuraes locais

2009-11-03 17:13 . 2009-11-03 17:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems

2009-11-03 16:59 . 2009-11-03 16:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared

2009-10-26 16:06 . 2009-10-26 16:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-10-26 16:06 . 2009-10-26 16:06 -------- d-----w- c:\arquivos de programas\TP-LINK

2009-10-26 16:05 . 2008-10-21 13:16 465152 ----a-w- c:\windows\system32\drivers\rt73.sys

2009-10-26 16:05 . 2009-10-26 16:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver

2009-10-26 16:05 . 2008-10-21 13:16 465152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\rt73.sys

2009-10-26 16:05 . 2008-07-10 21:34 528384 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\RaInst.exe

2009-10-26 16:05 . 2007-05-17 13:17 192512 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\CoInstaller.dll

2009-10-26 16:05 . 2006-11-02 09:21 319456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\difxapi.dll

2009-10-26 16:05 . 2006-11-02 02:33 77312 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\TP-LINK Driver\TL-WN321G Wireless Utility\Driver\devcon.exe

2009-10-21 06:03 . 2009-10-21 06:03 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Octoshape

2009-10-16 06:19 . 2009-10-16 06:19 -------- d-----w- c:\windows\PaltalkScene

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-13 23:46 . 2009-09-18 21:30 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Skype

2009-11-13 23:28 . 2009-09-18 21:32 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\skypePM

2009-11-13 23:26 . 2009-10-08 22:35 -------- d-----w- c:\arquivos de programas\DAP

2009-11-13 23:26 . 2009-10-08 22:35 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit

2009-11-13 23:26 . 2009-10-08 22:35 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-11-13 23:25 . 2009-09-15 03:06 -------- d-----w- c:\arquivos de programas\Steam

2009-11-13 01:58 . 2009-09-29 04:58 -------- d-----w- c:\arquivos de programas\sXe Injected

2009-11-13 01:53 . 2009-09-15 02:59 -------- d-----w- c:\arquivos de programas\Valve

2009-11-10 15:50 . 2009-09-18 21:29 -------- d-----w- c:\arquivos de programas\Google

2009-11-03 17:02 . 2009-10-05 10:00 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-26 16:07 . 2008-04-14 07:00 48628 ----a-w- c:\windows\system32\perfc016.dat

2009-10-26 16:07 . 2008-04-14 07:00 344380 ----a-w- c:\windows\system32\perfh016.dat

2009-10-26 16:05 . 2009-09-15 02:24 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-10-16 21:18 . 2009-10-13 22:12 -------- d-----w- c:\arquivos de programas\NitroPC

2009-10-09 05:44 . 2009-10-09 05:44 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Broad Intelligence

2009-10-09 05:42 . 2009-10-09 05:42 -------- d-----w- c:\arquivos de programas\MediaCoder

2009-10-08 15:57 . 2009-10-08 15:57 -------- d-----w- c:\arquivos de programas\MSECache

2009-10-01 09:42 . 2009-10-01 09:41 -------- d-----w- c:\arquivos de programas\Java

2009-10-01 09:41 . 2009-10-01 09:41 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_16\lzma.dll

2009-10-01 09:40 . 2009-10-01 09:40 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_14\lzma.dll

2009-09-25 02:06 . 2009-09-21 01:33 2218400 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-09-25 02:06 . 2009-09-21 01:33 189122592 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-09-24 22:50 . 2009-09-24 22:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-09-24 22:50 . 2009-09-24 22:50 -------- d-----w- c:\arquivos de programas\Avira

2009-09-20 20:48 . 2009-09-15 03:50 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-09-20 16:44 . 2009-09-20 16:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\McAfee Security Scan

2009-09-20 15:37 . 2009-07-14 18:10 1519616 ----a-w- c:\windows\system32\nwiz.exe

2009-09-20 15:37 . 2009-09-15 02:24 46592 ----a-w- c:\windows\SOUNDMAN.EXE

2009-09-18 22:06 . 2009-09-18 22:06 0 ----a-w- c:\windows\nsreg.dat

2009-09-18 21:32 . 2009-09-18 21:32 32 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\ezsid.dat

2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\arquivos de programas\Skype

2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2009-09-18 21:28 . 2009-09-18 21:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2009-09-18 15:41 . 2009-09-18 15:41 28242 ----a-w- c:\windows\system32\regsvc.dll.zip

2009-09-17 20:16 . 2009-09-17 20:16 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Malwarebytes

2009-09-17 20:16 . 2009-09-17 20:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-09-17 01:07 . 2009-09-15 04:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2009-09-15 23:38 . 2009-09-15 23:38 -------- d-----w- c:\documents and settings\and\Dados de aplicativos\Media Player Classic

2009-09-15 17:59 . 2009-09-15 17:59 -------- d-----w- c:\arquivos de programas\PluginLetras

2009-09-15 06:45 . 2009-09-15 06:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avg7

2009-09-15 03:25 . 2009-09-15 03:25 -------- d-----w- c:\arquivos de programas\Topro

2009-09-15 03:02 . 2009-09-15 03:02 152576 ----a-w- c:\documents and settings\and\Dados de aplicativos\Sun\Java\jre1.6.0_15\lzma.dll

2009-09-15 02:27 . 2009-09-15 02:27 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-09-15 02:24 . 2009-09-15 02:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2009-09-15 01:45 . 2009-09-15 01:45 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2009-09-15 01:43 . 2009-09-15 01:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-09-15 01:42 . 2009-09-15 01:42 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2009-09-15 01:41 . 2009-09-15 01:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESTsoft

2009-09-15 01:38 . 2009-09-24 05:18 71680 ----a-w- c:\documents and settings\Administrador\GLB799.tmp

2009-09-15 01:38 . 2009-09-15 01:51 71680 ----a-w- c:\documents and settings\and\GLB799.tmp

2009-09-15 01:38 . 2009-09-15 01:47 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB799.tmp

2009-09-15 01:38 . 2009-09-15 01:38 71680 ----a-w- c:\documents and settings\Default User\GLB799.tmp

2009-09-15 01:35 . 2009-09-15 01:35 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2009-09-15 01:33 . 2009-09-15 01:33 -------- d-----w- c:\arquivos de programas\Serviços on-line

2009-09-15 01:33 . 2009-09-15 01:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2009-09-15 01:32 . 2009-09-15 01:32 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2009-09-11 14:15 . 2008-04-14 07:00 136704 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04 . 2008-04-14 07:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:29 . 2008-04-14 07:00 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:29 . 2009-09-15 01:35 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:29 . 2008-04-14 07:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-08-26 08:03 . 2009-03-21 14:20 247326 ----a-w- c:\windows\system32\strmdll.dll

.

 

------- Sigcheck -------

 

[-] 2009-04-17 . 2A293D04F15B5D25FF3615D8ED8DD1B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

 

 

c:\windows\system32\regsvc.dll ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2008-02-01 21898024]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2009-09-20 172032]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-09-20 46592]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-09-20 1519616]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-08-29 124928]

 

c:\documents and settings\and\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\hishi601\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Steam\\Steam.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\hishi601\\counter-strike source\\hl2.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

"c:\\WINDOWS\\system32\\nwiz.exe"=

"c:\\WINDOWS\\SOUNDMAN.EXE"=

"d:\\anderson arquivos\\HD 2\\Programas\\DVD Anderson\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jqsnotify.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"d:\\anderson arquivos\\HD 2\\Programas\\Meus documentos\\roteadores\\SpeedTouch_upgrade_wizard_R4421\\SpeedTouch 510 v6\\SetupWizard\\stInstall.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [17/4/2009 18:51 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [17/4/2009 18:51 52736]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [24/9/2009 20:50 108289]

R2 RalinkRegistryWriter;Ralink Registry Writer;c:\arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [26/10/2009 14:06 69632]

R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.SYS [15/9/2009 01:25 196548]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-11-13 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.speedbit.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

TCP: {0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7} = 200.165.132.154

TCP: {300EDF33-DB30-43FA-AC3E-CF080FC6BB5F} = 200.165.132.154

FF - ProfilePath - c:\documents and settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-WindowsLivePhone - c:\arquivos de programas\Windows Live\Device Manager\msgrdvmn.exe

HKLM-Run-tppoll - c:\program files\Topro\tppoll.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-13 21:45

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3928)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Windows Media Player\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-11-13 21:48 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-11-13 23:48

 

Pré-execução: 4.900.159.488 bytes disponíveis

Pós execução: 5.334.990.848 bytes disponíveis

 

- - End Of File - - 8D468A3772817ACD6F10C184418B27DD

 

 

 

------------x------------x---------------x------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:54:22, on 13/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

 

--

End of file - 7428 bytes

[DigRam 144]

Bom Dia! danmex

 

<@> Descompacte esse ficheiro: c:\windows\system32\regsvc.dll.zip

<@> Deixe-o aí mesmo...nesse diretório! ( system32 )

<@> Vá em Iniciar --> Executar.

<@> Digite ou cole: regsvr32 regsvc.dll --> Clique OK.

<><><><><><><><><><><>

<@> Baixe: < AVPTool >

<@> Salve-o em Arquivos de Programas,e instale-o aí mesmo!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Na janela de configuração,marque: Meu computador ou todas as caixinhas

<@> Dê início ao exame,clicando em "Scan".

<@> A verificação é muito demorada. <-- Aguarde!

<@> Caso sejam encontradas infecções,clique em "disinfect" se a opção estiver habilitada.

<@> Ps: Para algumas detecções ( Cracks ou Keygens ),conhecidas,clique em skip.

<@> Evite,para esses casos,a opção "Delete".

<@> Terminando,clique na aba Events.

<@> Desmarque a caixa de seleção "Show all events".

<@> Clique em "Save to file".

<@> Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[danmex 0]

Boa noite DIgram

bom deu isso aqui quando descompactei o arquivo que você pediu

 

"regsvc.dll foi carregado, mas o ponto de entrada DIRegister Server não foi localizado

 

esta arquivo não pode ser resgistrado"

 

eh não consigo entrar em mode de segurançao, meu pc reinicia sozinho :(

 

Abraçoss

[DigRam 144]

Boa noite DIgram

bom deu isso aqui quando descompactei o arquivo que você pediu

 

"regsvc.dll foi carregado, mas o ponto de entrada DIRegister Server não foi localizado

 

esta arquivo não pode ser resgistrado"

 

eh não consigo entrar em mode de segurançao, meu pc reinicia sozinho :(

 

Abraçoss

<><><><><><><><><>

Opa! danmex

 

<!> Execute AVPTool em Modo Normal,e poste seu relatório.

 

Abraços!

[danmex 0]

Boa Tarde DigRam

bom aqui vai os logs que você pediu

 

obs: quando rodava o scan do AVPTool o avira detectava alguns virus, isso e normal?

 

Log AVPTools

 

Scan

----

Scanned: 872271

Detected: 0

Untreated: 0

Start time: 14/11/2009 22:01:04

Duration: 03:52:54

Finish time: 15/11/2009 01:53:58

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bck1.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt11.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt12.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt13.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt21.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt22.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt23.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt31.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt32.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt33.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt41.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt42.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt43.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt51.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt52.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt53.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt61.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt62.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/main.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/preview.bmp password protected

14/11/2009 22:59:20 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bck1.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt11.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt12.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt13.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt21.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt22.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt23.bmp password protected

15/11/2009 00:46:44 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt31.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt32.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt33.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt41.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt42.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt43.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt51.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt52.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt53.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt61.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/bt62.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/main.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/preview.bmp password protected

15/11/2009 00:46:45 File: D:\anderson arquivos\HD 2\Meus doc\Anti virus\Anti trojan\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp password protected

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

 

 

log Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:25, on 15/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: is-2SL0L.lnk = C:\Arquivos de programas\Virus Removal Tool\is-2SL0L\startup.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

 

--

End of file - 7753 bytes

 

Abraçoss

[DigRam 144]

Bom Dia! danmex

 

obs: quando rodava o scan do AVPTool o avira detectava alguns virus, isso e normal?

<!> Seu antivírus deveria estar desabilitado,mas como ocorreram detecções,o procedimento seria enviá-las à quarentena.

<><><><><><><><><><><>

<@> Faça um escaneamento de desinfecção,em: < BitDefender >

<@> Ps: Utilize o navegador Internet Explorer!

<@> Abrirá a página: BitDefender OnLine Scanner ( Free and effective malware cleanup directly from your browser )

 

<@> Clique em Start Scanner -->

 

<@> Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan.

<@> Terminando,poste o relatório: C:\Windows\BDOSCAN8\bdoscan.log <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[danmex 0]

Boa Tarde DigRam

 

gostaria de tirar uma duvida!

toda vez que eu for rodar um scan que você pedir eu tenhu q desabilitar meu antivirus? ou so quando você pedir pra desabilitar? nesse caso do scan do Bitdefender eu parei meu antivirus!

 

:)

 

aqui vai os log que você pediu

 

BDOSCAN.log

 

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 16:11:2009

Time = 15:36:58

Scan Path = C:\;D:\;E:\;

 

[Engines Info]

Virus Definitions = 4552716

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)"

Scan plugins = 17

Archive plugins = 44

Unpack plugins = 8

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 5356

Files = 291519

Archives = 10979

Packed files = 19479

Identified viruses = 5

Infected files = 5

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 5

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 30

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000015 = "C:\Documents and Settings\and\Desktop\Patch_Sitecs_protocolo_47_48.exe=>(Instyler o)=>(Instyler Module 9) Infected with: Trojan.Generic.IS.581108"

Line00000014 = "C:\Documents and Settings\and\Desktop\Patch_Sitecs_protocolo_47_48.exe=>(Instyler o)=>(Instyler Module 9) Deleted"

Line00000013 = "C:\Documents and Settings\and\Desktop\Patch_Sitecs_protocolo_47_48.exe=>(Instyler o) Update failed"

Line00000012 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/ACLUI.DLL Infected with: Trojan.Generic.1618691"

Line00000011 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/ACLUI.DLL Deleted"

Line00000010 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed"

Line00000009 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Infected with: Gen:Trojan.Heur.amSfyeNTQWdi"

Line00000008 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Disinfection failed"

Line00000007 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/CLB.DLL Deleted"

Line00000006 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed"

Line00000005 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/NOTEPAD.EXE Infected with: Trojan.Generic.2562059"

Line00000004 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/NOTEPAD.EXE Deleted"

Line00000003 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed"

Line00000002 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/WSOCK32.DLL Infected with: Trojan.Generic.2571627"

Line00000001 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso=>I386/SYSTEM32/WSOCK32.DLL Deleted"

Line00000000 = "D:\anderson arquivos\HD 2\Programas\DVD Anderson\winxpportable-www.DownGratis.com.rar=>Extra.Small.Windows.XP.USB.Flash.Edition.iso Update failed"

 

 

><><><><><<><><><><><><><><><><

 

 

log hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:41:54, on 16/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: is-2SL0L.lnk = C:\Arquivos de programas\Virus Removal Tool\is-2SL0L\startup.exe

O4 - Global Startup: PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O17 - HKLM\System\CS1\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O17 - HKLM\System\CS2\Services\Tcpip\..\{0C11AC79-FAA6-44AC-AB34-2491E8EF4FE7}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

 

--

End of file - 7721 bytes

 

abraços

[DigRam 144]

Boa Noite! danmex

 

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local ©.

<@> Execute-a!E,ao terminar,gerará um relatório: C:\SafeBoot_Repair.txt <-- Não poste!

<@> Reinicie e verifique se já pode entrar,em Modo de Segurança.

 

<@> Baixe: < > (...par A.Rothstein & dj Quiou )

<@> Salve-o no desktop!

<@> Feche programas que estejam abertos,e execute a ferramenta.

<@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde!

<@> Terminando,teremos relacionados os itens que serão removidos.

<@> Clique no botão Supression para remover os itens encontrados.

<@> Clique,à seguir,em Quitter.

<@> Poste o relatório: ( C:\TCleaner.txt ) <--

<><><><><><><><><><>

<@> Ps: Caso disponha do CD de instalação do Windows,execute estes procedimentos:

<@> Vá em Iniciar --> Executar --> Digite ou cole: sfc /scannow --> Clique OK.

 

< >

 

<@> Será pedido a colocação do CD-ROM,do Windows XP,no drive.

<@> Aguarde a conclusão do reparo! --> Reinicie!

<@> Ps: Informe a situação do computador!

 

Abraços!

[danmex 0]

Boa Tarde DigRam

 

bom a situação e o seguinte

executei safebootkey como você pediu, quando reiniciei ele nao entro no modo seguro,continua reiniciando e tem mais, quando ele reinicia, quando passa da tela do WINDOWS XP depois fica uma tela azul, ai o pc trava e reinicia ou desliga, ficou complicado :(

 

aqui vai o LOG q você pediu

 

Tcleaner.log

 

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\HijackThis.exe: trouvé !

C:\Combofix.txt: trouvé !

C:\hijackthis.log: trouvé !

C:\Qoobox: trouvé !

C:\Documents and Settings\and\Desktop\ComboFix.exe: trouvé !

C:\Qoobox\Quarantine\catchme.log: trouvé !

C:\WINDOWS\mbr.exe: trouvé !

 

---------------------------------

--> Suppression:

 

C:\HijackThis.exe: supprimé !

C:\Documents and Settings\and\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!

C:\Combofix.txt: supprimé !

C:\hijackthis.log: supprimé !

C:\Qoobox\Quarantine\catchme.log: supprimé !

C:\WINDOWS\mbr.exe: supprimé !

C:\Qoobox: supprimé !

 

<><><>><><><><><><

 

 

como não tenhu o cd de formatação do windows aqui nao fiz o outro processo

 

ABraços

[DigRam 144]

Boa Noite! danmex

 

<@> Baixe: < DrWebCureIt >

<@> Caso tenha dificuldades para o download,utilize outro computador ou proxy.

<@> Vá em: < Proxify >

<@> Digite,na caixa,a URL ao DrWebCureIt.

<@> Clique em Proxify.

<@> Salve a ferramenta no desktop!

<@> Inicie a instalação/execução,com um duplo-clique em drweb-cureit.

<@> Na janela que abrir,clique em Iniciar --> OK.

<@> Será dado início a "Verificação rápida" --> Feche a janela de propaganda!

<@> Terminando,marque a caixa de "Verificação Completa".

<@> Click em "Options" --> Em Change settings,desmarque a "Heuristic analysis".

 

Neste modo são verificados os seguintes objectos:

 

* Sectores de Arranque de Todos os Discos. <--

 

* Todas as Unidades Removíveis. <--

 

* Todos os Discos Locais. <--

<@> Clique em "Iniciar verificação" --> Aguarde!

<@> Surgindo mensagens para mover ou desinfectar arquivos,clique em Sim.

<@> Terminando,clique em "Ficheiro" --> "Guardar lista de relatórios".

<@> Procure salvá-lo em um local adequado. ( DrWeb.csv ) <-- Converta em Texto!

<@> Poste: DrWeb.csv

 

Abraços!

[danmex 0]

Bom dia DigRAM

 

aqui vai o logo que você pediu

 

DrWeb.csv

 

flashplayer10_install_plugin_051508.exe;C:\Documents and Settings\Administrador\7zS791.tmp;Trojan.MulDrop.39229;Incurável.Movido.;

flashplayer10_install_plugin_051508.exe;C:\Documents and Settings\and\7zS791.tmp;Trojan.MulDrop.39229;Incurável.Movido.;

flashplayer10_install_plugin_051508.exe;C:\Documents and Settings\Default User\7zS791.tmp;Trojan.MulDrop.39229;Incurável.Movido.;

A0029956.exe;C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP52;Trojan.MulDrop.39229;Incurável.Movido.;

A0029957.exe;C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP52;Trojan.MulDrop.39229;Incurável.Movido.;

A0029958.exe;C:\System Volume Information\_restore{4B61B3AB-368B-4D63-8634-B220CCAD1557}\RP52;Trojan.MulDrop.39229;Incurável.Movido.;

 

Abraços

[DigRam 144]

Bom Dia! danmex

 

bom a situação e o seguinte

executei safebootkey como você pediu, quando reiniciei ele nao entro no modo seguro,continua reiniciando e tem mais, quando ele reinicia, quando passa da tela do WINDOWS XP depois fica uma tela azul, ai o pc trava e reinicia ou desliga, ficou complicado

<!> Ps: Essa sintomatologia,normalmente,não está relacionada à vírus.

<><><><><><><><><><><><>

<@> Baixe: < McAfee Avert Stinger >

<@> Salve-o em Arquivos de programas!

<@> Clique em Add,e adicione as demais unidades de disco que possua. ( Por exemplo, a unidade D:\ )

<@> Em seguida,clique em "Preferences",para configurar seu scan.

<@> Marque,abaixo,as opções:

 

Boot sectors

Repair <-- Por default,encontra-se marcada!

Scan self extracting executables

Check files for MIME contente

Check files for UUEncoded content

Scan inside compressed files

Scan subdirectories

Report applications

Scan all files

 

<@> Ps: Muitas caixas estarão marcadas,bastando completar algumas.

<@> Ps: Ajuste a sensibilidade para "Medium" --> OK.

<@> Clique em "Scan now".

<@> Aguarde o término do Scan.

<@> Clique em File --> Save report to file --> OK.

<@> Poste: c:\arquivos de programas\stinger 1001624.txt <-- Relatório!

<><><><><><><><><><><><>

<@> Baixe: < FindyKill > ( ...par Chiquitine29 )

<@> Salve-a em Arquivos de Programas!

<@> Feche programas que estejam abertos.

<@> Desabilite a proteção residente de antivírus e antispywares.

<@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo!

<@> Instale a ferramenta,e aceite todas as condições pedidas.

<@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat

<@> No prompt,aperte o P. --> Enter. <-- Opção de linguas!

<@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" )

<@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde!

<@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter.

<@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport!

 

Abraços!

[danmex 0]

Bom dia DigRAm

 

aqui vai os logs que você pediu

 

stinger.txt

 

McAfee® Stinger Version 10.0.1.624 built on Jul 6 2009

 

Copyright © 2009 McAfee, Inc. All Rights Reserved.

 

Virus data file v1000 created on Jul 6 2009.

 

Ready to scan for 897 viruses, trojans and variants.

 

 

 

Scan initiated on Wed Nov 18 11:32:04 2009

 

C:\SafeBootKeyRepair.exe

 

Found the Artemis!A6837F19674B trojan !!!

 

C:\SafeBootKeyRepair.exe has been deleted.

 

D:\anderson arquivos\HD 2\Programas\DVD Anderson\Nitro+PC+2008.exe

 

Found the Artemis!23A0F826E0FA trojan !!!

 

D:\anderson arquivos\HD 2\Programas\DVD Anderson\Nitro+PC+2008.exe has been deleted.

 

Number of clean files: 217797

 

Number of Trojans: 2

 

Number of files deleted: 2

 

 

 

FindyKill.txt

 

 

############################## | FindyKill V5.019 |

 

# User : and (Administradores) # CASA

# Update on 16/11/2009 by Chiquitine29

# Start at: 12:37:19 | 18/11/2009

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Intel® Pentium® 4 CPU 3.00GHz

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 7.0.5730.13

# Windows Firewall Status : Disabled

 

# C:\ # Disco fixo local # 14,65 Go (4,73 Go free) # NTFS

# D:\ # Disco fixo local # 134,39 Go (69,79 Go free) [documentos] # NTFS

# E:\ # Disco CD-ROM

 

############################## | Processos ativos |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | C: |

 

 

################## | C:\WINDOWS |

 

Supprimido ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\and\Dados de aplicativos |

 

 

################## | Supressão Outros ... |

 

################## | Temporary Internet Files |

 

 

################## | Registro / Chaves infeciosas |

 

Supprimido ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"

Supprimido ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

 

################## | Estado / Serviços / Informações |

 

# Safe mode : OK

 

 

# Affichagem dos arquivos ocultos : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | PEH ... |

 

 

################## | Cracks / Keygens / Serials |

 

"D:\anderson arquivos\HD 2\Meus doc\Anti virus\Avast + serial\ATUALIZAۂO_AVAST_17_JUNHO_2008.exe"

27/06/2008 13:07 |Size 16210008 |Crc32 cf0ea1b3 |Md5 19b7b7987ac272cf576b5f64e042984f

 

"D:\anderson arquivos\HD 2\Meus doc\Anti virus\Avast + serial\AVAST_JUNHO2008.exe"

04/07/2008 11:12 |Size 24059384 |Crc32 1a7ee37c |Md5 7e359abc7cafc9df0e373d9d3f3bf9fa

 

"D:\anderson arquivos\HD 2\Meus doc\Anti virus\Avast + serial\AVAST_PROFISSIONAL\AVAST_PROFISSIONAL_17_JUNHO_2008.exe"

17/06/2008 12:21 |Size 24312056 |Crc32 1ea14750 |Md5 a285f7b9a81ff8a49d96e09b0935d9c6

 

"D:\anderson arquivos\HD 2\Programas\DVD Anderson\Pinnacle 9.3\KEYGEN\Pinnacle Studio Plus 9.3.2.48 Trial - Parisa\Unlock_Patch.exe"

11/02/2005 10:36 |Size 341836 |Crc32 d4e16a71 |Md5 f119eb4709d72bd50380485db7a7f726

 

"D:\anderson arquivos\HD 2\Programas\DVD Anderson\Pinnacle 9.3\KEYGEN\Pinnacle Studio Plus 9.3.2.48 Trial - Parisa\programs\Check2D.exe"

11/02/2005 08:37 |Size 425984 |Crc32 26acb0b0 |Md5 635ff53cbd951f2411ef5133fd042b54

 

 

################## | ! Fim do relatório # FindyKill V5.019 ! |

 

 

Abraços

[DigRam 144]

Boa Tarde! danmex

 

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Clique em: < > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[danmex 0]

Boa Tarde DigRAM

 

fiz oq você pediu

mas so gerou um log

aqui está

 

OTL.txt

 

OTL logfile created on: 18/11/2009 15:20:01 - Run 3

OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\and\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1022,48 Mb Total Physical Memory | 275,94 Mb Available Physical Memory | 26,99% Memory free

2,40 Gb Paging File | 1,79 Gb Available in Paging File | 74,39% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 14,65 Gb Total Space | 4,82 Gb Free Space | 32,92% Space Free | Partition Type: NTFS

Drive D: | 134,39 Gb Total Space | 69,79 Gb Free Space | 51,93% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: CASA

Current User Name: and

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\and\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\Steam\Steam.exe (Valve Corporation)

PRC - C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies)

PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\and\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Adobe LM Service) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (RalinkRegistryWriter) -- C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()

SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ViPrt) -- C:\WINDOWS\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)

DRV - (ViBus) -- C:\WINDOWS\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (is-2SL0Ldrv) -- C:\WINDOWS\system32\drivers\22393460.sys (Kaspersky Lab)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (DCamUSBIntel) -- C:\WINDOWS\system32\drivers\TP6800.SYS (Microsoft Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

DRV - (FETNDIS) -- C:\WINDOWS\system32\drivers\fetnd5.sys (VIA Technologies, Inc. )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

 

 

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/10/01 07:41:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/11/17 03:07:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/11/17 03:07:56 | 00,000,000 | ---D | M]

 

[2009/09/18 20:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Extensions

[2009/09/18 20:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/10/16 17:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\extensions

[2009/10/16 03:24:46 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\searchplugins\winamp-search.xml

[2009/11/17 15:34:20 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2009/11/08 10:15:40 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/10/01 07:41:17 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/10/01 07:42:13 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/11/08 10:15:33 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/08 10:15:33 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll

[2009/07/31 16:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/08 10:15:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/08/03 16:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

[2009/11/09 16:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

[2009/11/09 16:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

[2009/10/16 16:45:44 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/10/16 16:45:44 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\google.xml

[2009/10/16 16:45:44 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/10/16 16:45:44 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/10/16 16:45:44 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001..\Run: [skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe File not found

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/14 23:34:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/09/24 13:44:33 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoPLaY\ComMaND - "" = F:\qsqh.exe -- File not found

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoRun\command - "" = F:\qsqh.exe -- File not found

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\eXplORE\COmmanD - "" = F:\qsqh.exe -- File not found

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\open\COmMAnd - "" = F:\qsqh.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009/11/18 15:17:17 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\and\Desktop\OTL.exe

[2009/11/18 12:35:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\and\Recent

[2009/11/18 12:35:12 | 00,000,000 | ---D | C] -- C:\FindyKill

[2009/11/18 11:29:04 | 04,129,799 | ---- | C] (McAfee Inc.) -- C:\Arquivos de programas\stinger.exe

[2009/11/18 00:17:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/11/18 00:15:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2009/11/17 23:57:58 | 22,897,440 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\and\Desktop\drweb-cureit.exe

[2009/11/17 13:29:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2009/11/17 13:29:25 | 00,000,000 | R--D | C] -- C:\Arquivos de programas\Skype

[2009/11/17 03:07:53 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2009/11/17 03:07:53 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2009/11/17 03:07:53 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2009/11/17 03:07:53 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2009/11/17 03:07:50 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2009/11/17 03:07:49 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2009/11/17 03:07:49 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2009/11/17 03:07:48 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009/11/17 03:07:47 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009/11/17 03:07:42 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack

[2009/11/14 19:28:50 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\22393460.sys

[2009/11/14 19:28:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Virus Removal Tool

[2009/11/14 19:20:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\regsvc.dll~

[2009/11/14 19:19:03 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvc.dll

[2009/11/12 03:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Dados de aplicativos\teamspeak2

[2009/11/12 03:48:27 | 00,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm

[2009/11/12 03:48:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Teamspeak2_RC2

[2009/11/12 02:54:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2009/11/12 02:54:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live

[2009/11/11 14:45:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Robster Productions

[2009/11/10 13:48:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq

[2009/11/10 13:48:13 | 00,000,000 | ---D | C] -- C:\Inetpub

[2009/11/06 02:33:24 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DreaMule

[2009/11/03 15:16:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Meus documentos\Updater

[2009/11/03 15:16:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Configuraes locais

[2009/11/03 15:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

[2009/11/03 15:02:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Adobe PDF

[2009/11/03 14:59:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

[2009/11/02 05:12:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Meus documentos\Downloads

[2009/10/26 14:06:04 | 00,021,361 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys

[2009/10/26 14:06:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TP-LINK

[2009/10/26 14:05:58 | 00,465,152 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys

[2009/10/26 14:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TP-LINK Driver

[2009/10/21 04:03:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Dados de aplicativos\Octoshape

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[13 C:\Documents and Settings\and\*.tmp files -> C:\Documents and Settings\and\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2009/11/18 15:21:08 | 22,049,7952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/11/18 15:17:17 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\and\Desktop\OTL.exe

[2009/11/18 14:51:21 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\and\NTUSER.DAT

[2009/11/18 13:05:55 | 00,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/11/18 12:53:41 | 00,043,209 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/11/18 12:37:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/18 12:37:06 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/18 12:37:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/18 12:37:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/18 12:35:56 | 02,571,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/11/18 12:35:48 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\and\ntuser.ini

[2009/11/18 12:34:10 | 01,065,740 | ---- | M] () -- C:\Arquivos de programas\FindyKill.exe

[2009/11/18 12:33:23 | 00,000,022 | ---- | M] () -- C:\Arquivos de programas\stinger.opt

[2009/11/18 11:29:20 | 04,129,799 | ---- | M] (McAfee Inc.) -- C:\Arquivos de programas\stinger.exe

[2009/11/18 00:15:52 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\and\Desktop\CCleaner.lnk

[2009/11/17 23:30:35 | 22,897,440 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\and\Desktop\drweb-cureit.exe

[2009/11/17 14:06:37 | 00,455,680 | ---- | M] () -- C:\Documents and Settings\and\Desktop\ToolsCleaner2.exe

[2009/11/17 13:30:03 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/11/16 23:46:25 | 00,099,883 | ---- | M] () -- C:\Documents and Settings\and\Desktop\feliz!!.jpg

[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/11/13 21:45:19 | 00,000,241 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/13 21:45:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/11/13 21:34:32 | 03,559,628 | R--- | M] () -- C:\Documents and Settings\and\Desktop\ComboFix.exe

[2009/11/12 23:50:54 | 00,011,736 | R--- | M] () -- C:\Documents and Settings\and\Desktop\tempdecal.wad

[2009/11/12 23:48:03 | 00,104,499 | ---- | M] () -- C:\Documents and Settings\and\Desktop\PRIIII.jpg

[2009/11/12 22:47:35 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\and\Desktop\sXe Injected.lnk

[2009/11/12 03:48:27 | 00,034,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm

[2009/11/12 02:44:27 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\and\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/11/11 22:54:41 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6 Non-steam (v23).lnk

[2009/11/11 22:54:32 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Counter-Strike.lnk

[2009/11/11 13:18:30 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/09 16:00:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2009/11/09 16:00:00 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll

[2009/11/09 16:00:00 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/09 16:00:00 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll

[2009/11/09 16:00:00 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll

[2009/11/09 16:00:00 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

[2009/11/05 15:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/11/03 15:23:41 | 00,017,384 | ---- | M] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/11/03 02:51:11 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/30 02:08:47 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Condition Zero.lnk

[2009/10/29 00:33:38 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/10/26 14:07:04 | 00,752,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/26 14:07:04 | 00,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/10/26 14:07:04 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/26 14:07:04 | 00,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/10/26 14:07:04 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/26 14:06:08 | 00,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk

[2009/10/26 14:06:04 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\AegisP.sys

[2009/10/21 02:07:53 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009/10/21 02:07:53 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[13 C:\Documents and Settings\and\*.tmp files -> C:\Documents and Settings\and\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2009/11/18 12:33:29 | 01,065,740 | ---- | C] () -- C:\Arquivos de programas\FindyKill.exe

[2009/11/18 12:33:23 | 00,000,022 | ---- | C] () -- C:\Arquivos de programas\stinger.opt

[2009/11/18 12:33:19 | 00,000,680 | ---- | C] () -- C:\Arquivos de programas\stinger.txt

[2009/11/18 00:15:52 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\and\Desktop\CCleaner.lnk

[2009/11/17 14:06:28 | 00,455,680 | ---- | C] () -- C:\Documents and Settings\and\Desktop\ToolsCleaner2.exe

[2009/11/17 13:30:03 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/11/17 03:07:52 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/11/17 03:07:51 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/11/17 03:07:50 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2009/11/17 03:07:49 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/17 03:07:49 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/17 03:07:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/11/17 03:07:45 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/17 03:07:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/11/13 21:34:01 | 03,559,628 | R--- | C] () -- C:\Documents and Settings\and\Desktop\ComboFix.exe

[2009/11/12 23:48:02 | 00,104,499 | ---- | C] () -- C:\Documents and Settings\and\Desktop\PRIIII.jpg

[2009/11/12 22:35:45 | 00,099,883 | ---- | C] () -- C:\Documents and Settings\and\Desktop\feliz!!.jpg

[2009/11/12 22:34:44 | 00,011,736 | R--- | C] () -- C:\Documents and Settings\and\Desktop\tempdecal.wad

[2009/10/26 14:06:08 | 00,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk

[2009/10/26 04:29:20 | 00,001,766 | ---- | C] () -- C:\Documents and Settings\and\Desktop\Condition Zero.lnk

[2009/09/18 19:32:02 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

[2009/09/18 19:29:34 | 00,002,296 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini

[2009/09/18 19:29:12 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2009/09/18 13:41:09 | 00,028,242 | ---- | C] () -- C:\WINDOWS\System32\regsvc.dll.zip

[2009/09/15 04:45:15 | 07,440,192 | -H-- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\IconCache.db

[2009/09/15 01:50:11 | 00,017,384 | ---- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/09/15 01:25:24 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\CamLib.Dll

[2009/09/14 23:51:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\and\Dados de aplicativos\desktop.ini

[2009/09/14 23:43:08 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/14 20:26:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

[2009/09/14 17:03:55 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/14 16:10:15 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/07/14 16:10:15 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/07/14 16:10:14 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/07/14 16:10:14 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2009/07/14 16:10:13 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/07/14 16:10:13 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2009/07/14 16:10:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2009/04/17 19:21:12 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/04/14 05:00:00 | 00,000,528 | ---- | C] () -- C:\WINDOWS\win.ini

[2008/04/14 05:00:00 | 00,000,241 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5

< End of report >

 

Abraços

[DigRam 144]

Boa Noite! danmex

 

<@> Cole no Bloco de Notas,estas informações sob o Quote.

<@> Em "Salvar como tipo",escolha "Todos os arquivos".

<@> Em "Nome do Arquivo",coloque: Temp.bat

 

@ECHO OFF

IF NOT %temp% == %tmp% GOTO both

GOTO single

:both

DEL %temp%\*.* /F /S /Q

DEL %tmp%\*.* /F /S /Q

CLS

ECHO Deleted all files in the TEMP folder: %temp%

ECHO Deleted all files in the TMP folder: %tmp%

GOTO end

:single

DEL %temp%\*.* /F /S /Q

DEL %systemroot%\Temp\*.* /F /S /Q

CLS

ECHO Deleted all files in the TEMP folder: %temp%

:end

<@> Salve-o no desktop e execute-o com um duplo-clique.

<@> Surgirá,por breve momento,uma tela preta.

<><><><><><><><><><>

<@> Baixe: < FixPolicies > ( ...by Bill Castner )

<@> Salve-o no Desktop!

<@> Esteja logado como Administrador.

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies,que foi criada.

<@> Duplo-clique em Fix_policies.cmd.

<@> Surgirá,por breve momento,uma caixa preta.

<><><><><><><><><><>

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:Processes

explorer.exe

:OTL

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoPLaY\ComMaND - "" = F:\qsqh.exe -- File not found

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\AutoRun\command - "" = F:\qsqh.exe -- File not found

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\eXplORE\COmmanD - "" = F:\qsqh.exe -- File not found

O33 - MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\Shell\open\COmMAnd - "" = F:\qsqh.exe -- File not found

:Files

@C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5

C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Reg

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000\Control]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Security]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Enum]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000\Control]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Security]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Enum]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão e reboot.

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

 

Abraços!

[danmex 0]

Bom dia DigRam

 

aqui vai o Log que você pediu!

 

 

OTL/movedfiles.log

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== OTL ==========

No active process named explorer.exe was found!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

File F:\qsqh.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

File F:\qsqh.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

File F:\qsqh.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8c485bd-a494-11de-8e20-0016ec4b124b}\ not found.

File F:\qsqh.exe not found.

========== FILES ==========

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5 deleted successfully.

C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASC3360PR\0000\Control\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Security\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asc3360pr\Enum\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASC3360PR\0000\Control\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Security\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3360pr\Enum\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

 

User: All Users

 

User: and

->Temp folder emptied: 243712 bytes

->Temporary Internet Files folder emptied: 969593 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49413059 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LEY

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2617939 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 50,92 mb

 

 

OTL by OldTimer - Version 3.1.6.0 log created on 11192009_014912

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

Abraços =)

[DigRam 144]

Bom Dia! danmex

 

<!> Desinstale: < CyE Registry Writer >

<><><><><><><><><><><>

<@> Baixe: < O18fix.zip >

<@> Descompacte-o para o desktop. ( O18fix.reg )

<@> Execute o arquivo o18fix.reg,com um duplo clique.

<@> Confirme a inserção ao registro --> Reinicie o computador!

<><><><><><><><><><><>

<@> Faça o download do UnHook.

<@> Baixe-o para o Desktop!

 

[Version]Signature="$Chicago$"Provider=Symantec[DefaultInstall]AddReg=UnhookRegKey[UnhookRegKey]HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

<@> Copie estas informações sob o Code,para o Bloco de Notas.

<@> Salve-as no desktop,com o nome: UnHookExec.inf

<@> Em "Arquivos do Tipo"...coloque: "Todos os arquivos"

<@> Insira o arquivo estabelecido,ao registro. ( UnHookExec.inf )

<@> Clique com o lado direito,do Mouse. --> Clique em Instalar <-- Clique esquerdo!

<@> Reinicie o computador!

<><><><><><><><><><><>

<@> Baixe: < The_Comedian > ( ...by Rorschach112 )

<@> Salve-o no desktop,renomeado como: komedian.exe

<@> Execute komedian.exe,com um duplo-clique.

<@> Siga as várias etapas ( Steps 1,2,3,4.. ),sempre apertando Enter.

 

Step 1 --> Turning off wordwrap..

Step 2 --> Fixing file associations

Step 3 --> Creating an ERUNT registry backup..

 

<@> Permita a instalação de ERUNT,que estabelecerá backup ao registro.

<@> Conclua a etapa 4 ( Step 4 ),que irá criar um novo Ponto de restauração do sistema.

<@> Confirme a finalização dessa etapa,que terminará automaticamente.

<@> Por default,o backup estará em: C:\WINDOWS\ERUNT\d-m-2009

<><><><><><><><><><><>

<@> Execute o OTL Quick Scan,onde teremos um rápido escaneamento da ferramenta.

<@> Duplo-clique em: < >

<@> Clique em "Scan All Users" --> --> Aguarde!

<@> Copie e poste o relatório. ( OTL log )

 

Abraços!