Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

chubes

[Arquivado] Analise meu log

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:40:08, on 27/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\mmrtkrnl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2233703

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: egoads - {53082ce2-5306-b270-9a1c-6ce617f0e5e1} - C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

 

--

End of file - 11201 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Olá chubes! Seja bem-vindo ao Fórum Imasters.

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2233703

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

 

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

________________________________________

 

:seta: Acesse o site '>http://www.virustotal.com/"]Virus total e envie este arquivo destacado vermelho para ser analisado:

 

C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll

 

Se o arquivo acima não aparecer na hora de selecioná-lo, faça o seguinte:

 

# Vá no menu: Iniciar > Painel de Controle > Opções de Pasta

# Selecione a aba Modo de exibição

# Selecione o botão Mostrar pastas e arquivos ocultos

# Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado)

# Clique em OK

 

E aí envie-o novamente para ser analisado.

 

Assim que a análise acima terminar, copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos.

 

Obs: Caso o site Virus Total esteja muito congestionado ou com problemas, envie o arquivo para ser analisado nestes sites abaixo:

 

http://virscan.org/

http://virusscan.jotti.org/

http://www.viruschief.com/

__________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o link da análise do arquivo no site Virus Total e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa fiz tudo que pediu, vamos aos logs

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:56:22, on 27/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\mmrtkrnl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: egoads - {53082ce2-5306-b270-9a1c-6ce617f0e5e1} - C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

 

--

End of file - 10832 bytes

 

___________________________________________________

___________________________________________________

 

resultado do virus total

 

http://www.virustotal.com/pt/analisis/fc0a4e1bf21be5935ad0a1c24d6067ae823122d235e95c278bdf9f8b5b258cd7-1264637000

 

___________________________________________________

___________________________________________________

resultado do malware (ja tinha passado semana passada e fui ver hj tinha 40 arquivos no quarentena, deletei todos, pois o pc estava funcionando normalmente)

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3517

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

 

27/1/2010 23:33:40

mbam-log-2010-01-27 (23-33-40).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 196792

Tempo decorrido: 1 hour(s), 25 minute(s), 14 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

 

vlw

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Um problema foi removido pelo Malwarebytes.

_____________________________

 

:seta: Siga, por gentileza, as dicas destes tutoriais:

 

Tutorial do Norman Malware Cleaner

 

Tutorial do antivirus Nod32 Online

_____________________________

 

:seta: Na sua próxima resposta poste este log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nod32

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.20900 (vista_ldr.080820-1506)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=045f4c0baafb48479fb910ef9dca4ae5

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-01-28 07:32:14

# local_time=2010-01-28 05:32:14 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777215 100 0 45728276 45728276 0 0

# compatibility_mode=1028 16777214 0 4 6162824 6612901 0 0

# compatibility_mode=1797 16775145 100 94 0 36426197 0 0

# compatibility_mode=2560 16777175 100 0 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16777214 0 9 16529885 32052624 0 0

# scanned=80156

# found=2

# cleaned=2

# scan_time=3067

C:\downloads\MsgPlus3-Setup.exe Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\downloads\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

 

<<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>

<<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>

 

 

HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:35:44, on 28/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\mmrtkrnl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: egoads - {53082ce2-5306-b270-9a1c-6ce617f0e5e1} - C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

 

--

End of file - 11081 bytes

 

 

<<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>

<<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>

 

Norman

 

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/01/27 08:47:04

 

Norman Scanner Engine Version: 6.04.03

Nvcbin.def Version: 6.04.00, Date: 2010/01/27 08:47:04, Variants: 4817693

 

Scan started: 28/01/2010 14:47:59

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: MASTER-C8963AE8\SIMONE

 

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispCPL = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispCPL = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Changed service configuration for "wuauserv" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF

Started service "wuauserv"

Changed service configuration for "BITS" from 0x00000004 and 0x00000001 to 0x00000003 and 0xFFFFFFFF

Started service "BITS"

 

Scanning bootsectors...

 

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 3128

Number of processes/threads scanned: 3128

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 1m 17s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\*.*

 

C:\Arquivos de programas\1.02t\mucabrasil.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\Arquivos de programas\1.02t\mucabrasil.VIR (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\Arquivos de programas\Megacubo\components\bin\pv.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

C:\Arquivos de programas\Mu C.A Brasil 1.02t\mucabrasil.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\Documents and Settings\SIMONE\Configurações locais\Temporary Internet Files\Content.IE5\4GB26JM0\mucabrasil.exe[1].rar/mucabrasil.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\Documents and Settings\SIMONE\Configurações locais\Temporary Internet Files\Content.IE5\4GB26JM0\mucabrasil.exe[1].rar (Empty archive after cleaning)

Deleted file

 

C:\Documents and Settings\SIMONE\Meus documentos\ana\Videos\[c=38][c=19][-c]Letícia[-c]_14_7_2009@18_50_58.wav (Error opening file: Not found)

 

C:\Documents and Settings\SIMONE\Meus documentos\Meus arquivos recebidos\farkli5.jpg (Error opening file: Not found)

 

C:\LinhaDefensiva\exec\download.exe (Infected with Suspicious_Gen.CQSA)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP11\A0004722.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP12\A0004841.exe/noname.nsis/file4617 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP5\A0001588.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP56\A0022461.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP58\A0023211.dll (Infected with W32/Obfuscated.A!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024165.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024342.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024343.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024344.exe (Infected with W32/Obfuscated.AK!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024345.exe (Infected with Suspicious_Gen.CQSA)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP7\A0002957.exe (Infected with Ircbot.ANFB.dropper)

Deleted file

 

C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut10_43AA47BAAFAC4744A9BF278EB213A3B8.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut11_8B92D9CDF62A467BB8BC9F2764E4B69F.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut8_11AE7A1F25BD40F4ACDAFBB762BBAAEF.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut9_48B66D5BB6F048C38E9B8347B51AFC45.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

Scanning: C:\System Volume Information\*.*

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP12\A0004841.exe/noname.nsis/file4617 (Error whilst scanning file: I/O Error (0x00220005))

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024346.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024347.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024348.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024349.exe (Infected with W32/Obfuscated.D2!genr)

Deleted file

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

Failed to locate shared service executable: C:\WINDOWS\system32\xzyhpi.dll

Removed service: cmldof

Failed to locate shared service executable: C:\WINDOWS\system32\xzyhpi.dll

Removed service: hcvuhv

 

Number of files found: 197317

Number of archives unpacked: 986

Number of files scanned: 197306

Number of files not scanned: 11

Number of files skipped due to exclude list: 0

Number of infected files found: 25

Number of infected files repaired/deleted: 25

Number of infections removed: 25

Total scanning time: 1h 13m 49s

 

 

vlw

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Faça o download desta ferramenta abaixo:

http://lop.com/new_uninstall.exe

 

Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro.

 

Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando.

_____________________________________

 

:seta: Siga as dicas deste tutorial:

 

http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-lop-s-d.html '>Tutorial do Lop S&D

 

No final será gerado um log que estará em C:\lopR.txt

_____________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

RcAuto1.gif

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log que estará em C:\lopR.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do combo (obs ele nao pediu para reiniciar)

 

ComboFix 10-01-28.04 - SIMONE 28/01/2010 22:39:07.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.623 [GMT -2:00]

Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\SIMONE\Dados de aplicativos\.#

c:\documents and settings\SIMONE\Dados de aplicativos\Desktopicon

c:\documents and settings\SIMONE\Dados de aplicativos\Desktopicon\mc.ico

c:\windows\system32\31f37ca2-b91c-a392-0c46-01edbd2d0584.exe

c:\windows\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll

c:\windows\system32\DROPPEDFILEOK.tmp

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))

.

 

2010-01-29 00:14 . 2010-01-29 00:18 -------- d-----w- C:\Lop SD

2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET

2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva

2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack

2010-01-27 00:45 . 2010-01-27 14:06 -------- d-----w- C:\OutputFolder

2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll

2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter

2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll

2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic

2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit

2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira

2010-01-12 02:33 . 2010-01-13 23:40 -------- d-----w- c:\arquivos de programas\DreaMule

2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018

2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe

2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-29 00:27 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-01-29 00:26 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t

2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t

2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google

2010-01-27 14:06 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire

2010-01-27 00:46 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule

2010-01-26 16:07 . 2009-06-23 01:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-26 01:50 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX

2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX

2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza

2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-01-21 18:18 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat

2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat

2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit

2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent

2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer

2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime

2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony

2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-12-03 02:03 . 2009-12-03 02:01 -------- d-----w- c:\arquivos de programas\Kodak

2009-12-03 02:02 . 2009-12-03 02:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Kodak

2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe

2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe

2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe

2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe

2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll

2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kodak

2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE

.

 

------- Sigcheck -------

 

[-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

"nwiz"="nwiz.exe" [2008-01-08 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]

"Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK]

path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK

backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2009-08-06 00:48 647520 ----a-w- c:\arquivos de programas\Windows Live\Family Safety\fsui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]

2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"= 3603:TCP:rivtsmh

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/1/2009 14:41 54752]

S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?]

S3 XDva258;XDva258;\??\c:\windows\system32\XDva258.sys --> c:\windows\system32\XDva258.sys [?]

S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

cmldof

hcvuhv

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ketsujin.com\fighterace

Trusted Zone: ketsujin.com\primary

Trusted Zone: ketsujin.com\update

Trusted Zone: ketsujin.com\www

Trusted Zone: stormofaces.com\www

FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{53082ce2-5306-b270-9a1c-6ce617f0e5e1} - c:\windows\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-Active Captions - c:\arquivos de programas\Shelltoys\Active Captions\activecaptions.exe

MSConfigStartUp-COMODO Internet Security - c:\arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

MSConfigStartUp-Google Update - c:\documents and settings\SIMONE\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

MSConfigStartUp-Orb - c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe

MSConfigStartUp-QuickTime Task - c:\arquivos de programas\QuickTime\qttask.exe

MSConfigStartUp-Shareaza - c:\arquivos de programas\Shareaza\Shareaza.exe

MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-31f37ca2-b91c-a392-0c46-01edbd2d0584 - c:\windows\system32\31f37ca2-b91c-a392-0c46-01edbd2d0584.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-28 22:49

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1,

10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\

"??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(3568)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\mmrtkrnl.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-01-28 22:56:15 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-01-29 00:56

 

Pré-execução: 18 pasta(s) 114.892.410.880 bytes disponíveis

Pós execução: 22 pasta(s) 114.786.144.256 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 07B9CB56E04F70B8614ABB726D05D502

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

Lop log

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 01/30/08 10:01:36 Ver: 08.00.10

USER : SIMONE ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:149 Go (Free:106 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( qui 28/01/2010|22:15 )

 

--------------------\\ Lista de pastas em DADOSD~1

 

[07/09/2009|21:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[20/07/2009|23:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\AlcaTech

[04/06/2009|21:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[25/01/2010|22:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[22/01/2010|15:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[02/07/2008|22:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[24/09/2009|12:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[30/07/2009|09:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[06/06/2008|21:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Hewlett-Packard

[06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant

[05/07/2008|22:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HPSSUPPLY

[21/09/2009|19:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

[19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

[19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files

[03/12/2009|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

[10/07/2009|00:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

[08/01/2010|12:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes

[11/09/2009|12:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

[10/09/2009|23:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee Security Scan

[26/01/2010|14:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[19/08/2009|22:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[06/06/2008|12:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[22/01/2010|15:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Norton

[09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NortonInstaller

[14/10/2008|20:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

[09/03/2009|22:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Tools

[25/01/2010|23:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[27/02/2009|20:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[10/07/2009|18:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[22/01/2009|21:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

[09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

[28/01/2010|21:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[21/09/2009|19:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Trymedia

[06/06/2008|21:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WEBREG

[09/08/2008|23:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[14/01/2009|12:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[06/06/2008|11:28] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[11/11/2008|09:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe

[11/11/2008|09:35] C:\DOCUME~1\LOCALS~1\DADOSD~1\Google

[11/11/2008|09:37] C:\DOCUME~1\LOCALS~1\DADOSD~1\GrabPro

[07/11/2009|16:44] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[16/12/2008|15:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\HPAppData

[07/11/2009|16:44] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[22/09/2008|17:44] C:\DOCUME~1\SIMONE\DADOSD~1\.#

[15/10/2009|17:16] C:\DOCUME~1\SIMONE\DADOSD~1\.bsnes

[09/06/2008|11:16] C:\DOCUME~1\SIMONE\DADOSD~1\Adobe

[02/10/2008|22:55] C:\DOCUME~1\SIMONE\DADOSD~1\Ahead

[20/07/2009|23:06] C:\DOCUME~1\SIMONE\DADOSD~1\AlcaTech

[09/01/2010|20:44] C:\DOCUME~1\SIMONE\DADOSD~1\Apple Computer

[19/11/2009|21:50] C:\DOCUME~1\SIMONE\DADOSD~1\Audacity

[10/01/2009|12:24] C:\DOCUME~1\SIMONE\DADOSD~1\CB Model Pro

[02/07/2008|22:21] C:\DOCUME~1\SIMONE\DADOSD~1\CyberLink

[08/01/2010|14:12] C:\DOCUME~1\SIMONE\DADOSD~1\Desktopicon

[25/01/2010|22:51] C:\DOCUME~1\SIMONE\DADOSD~1\DivX

[11/01/2009|16:18] C:\DOCUME~1\SIMONE\DADOSD~1\Enterbrain

[31/07/2009|01:05] C:\DOCUME~1\SIMONE\DADOSD~1\flightgear.org

[31/07/2009|00:53] C:\DOCUME~1\SIMONE\DADOSD~1\fltk.org

[08/09/2009|20:26] C:\DOCUME~1\SIMONE\DADOSD~1\Google

[15/06/2008|20:35] C:\DOCUME~1\SIMONE\DADOSD~1\GrabPro

[19/01/2009|14:56] C:\DOCUME~1\SIMONE\DADOSD~1\Greyfirst

[20/01/2009|19:31] C:\DOCUME~1\SIMONE\DADOSD~1\gtk-2.0

[12/09/2008|13:40] C:\DOCUME~1\SIMONE\DADOSD~1\Help

[06/06/2008|21:31] C:\DOCUME~1\SIMONE\DADOSD~1\HP

[06/06/2008|21:27] C:\DOCUME~1\SIMONE\DADOSD~1\HPAppData

[06/06/2008|11:34] C:\DOCUME~1\SIMONE\DADOSD~1\Identities

[04/10/2008|21:45] C:\DOCUME~1\SIMONE\DADOSD~1\InstallShield

[19/08/2008|19:59] C:\DOCUME~1\SIMONE\DADOSD~1\Kazaa Lite

[25/01/2009|21:10] C:\DOCUME~1\SIMONE\DADOSD~1\KompoZer

[04/10/2008|21:54] C:\DOCUME~1\SIMONE\DADOSD~1\LG Electronics

[27/01/2010|12:06] C:\DOCUME~1\SIMONE\DADOSD~1\LimeWire

[06/06/2008|13:30] C:\DOCUME~1\SIMONE\DADOSD~1\Macromedia

[08/01/2010|12:37] C:\DOCUME~1\SIMONE\DADOSD~1\Malwarebytes

[25/01/2010|22:50] C:\DOCUME~1\SIMONE\DADOSD~1\Media Player Classic

[13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\Microsoft

[03/07/2009|16:09] C:\DOCUME~1\SIMONE\DADOSD~1\Mozilla

[09/07/2009|23:07] C:\DOCUME~1\SIMONE\DADOSD~1\Opera

[13/01/2010|22:31] C:\DOCUME~1\SIMONE\DADOSD~1\Orbit

[29/07/2009|23:24] C:\DOCUME~1\SIMONE\DADOSD~1\PC Tools

[08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Publish Providers

[25/01/2010|23:35] C:\DOCUME~1\SIMONE\DADOSD~1\Real

[26/12/2008|23:19] C:\DOCUME~1\SIMONE\DADOSD~1\Remere's Map Editor

[07/01/2009|16:04] C:\DOCUME~1\SIMONE\DADOSD~1\Scirra

[30/07/2009|12:30] C:\DOCUME~1\SIMONE\DADOSD~1\SecuROM

[25/01/2010|20:53] C:\DOCUME~1\SIMONE\DADOSD~1\Shareaza

[23/06/2009|17:18] C:\DOCUME~1\SIMONE\DADOSD~1\Skype

[23/06/2009|17:08] C:\DOCUME~1\SIMONE\DADOSD~1\skypePM

[08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Sony

[04/01/2009|20:54] C:\DOCUME~1\SIMONE\DADOSD~1\sqlitestudio

[06/06/2008|12:56] C:\DOCUME~1\SIMONE\DADOSD~1\Sun

[23/01/2009|23:00] C:\DOCUME~1\SIMONE\DADOSD~1\SUPERAntiSpyware.com

[30/07/2009|17:38] C:\DOCUME~1\SIMONE\DADOSD~1\Symantec

[31/10/2008|21:22] C:\DOCUME~1\SIMONE\DADOSD~1\SynopseInfo

[12/12/2009|19:35] C:\DOCUME~1\SIMONE\DADOSD~1\Tibia

[13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\uTorrent

[30/09/2008|11:44] C:\DOCUME~1\SIMONE\DADOSD~1\Winamp

[16/09/2008|11:39] C:\DOCUME~1\SIMONE\DADOSD~1\WinRAR

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[28/01/2010 17:45][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[28/01/2010 22:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[10/01/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job

[25/01/2010 20:41][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[15/01/2010 23:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[28/01/2010 21:59][--ah-----] C:\WINDOWS\tasks\SA.DAT

[21/07/2007 19:40][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ MsgPlus SPONSOR INSTALLED !

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

"SponsorInstalled"=dword:00000000

 

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[11/06/2009|22:48] C:\Arquivos de programas\1.023. Web.informations

[28/01/2010|14:51] C:\Arquivos de programas\1.02t

[07/06/2009|13:39] C:\Arquivos de programas\3D Canvas 6

[30/07/2009|15:57] C:\Arquivos de programas\7-Zip

[07/09/2009|21:54] C:\Arquivos de programas\Adobe

[26/01/2010|22:54] C:\Arquivos de programas\Allok MOV Converter

[06/08/2008|19:23] C:\Arquivos de programas\Alwil Software

[04/06/2009|21:23] C:\Arquivos de programas\Apple Software Update

[25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns

[07/06/2009|13:39] C:\Arquivos de programas\Asprate

[01/11/2009|20:48] C:\Arquivos de programas\AVG

[22/01/2010|15:20] C:\Arquivos de programas\Avira

[10/07/2009|01:00] C:\Arquivos de programas\CCleaner

[11/08/2009|12:59] C:\Arquivos de programas\COMODO

[06/06/2008|11:25] C:\Arquivos de programas\ComPlus Applications

[23/01/2010|20:47] C:\Arquivos de programas\Conduit

[06/06/2008|12:31] C:\Arquivos de programas\CyberLink

[13/12/2009|00:54] C:\Arquivos de programas\CZ-Doc2Pdf COM

[25/01/2010|22:48] C:\Arquivos de programas\DivX

[13/01/2010|21:40] C:\Arquivos de programas\DreaMule

[02/07/2008|19:34] C:\Arquivos de programas\DVD Shrink

[26/01/2010|22:46] C:\Arquivos de programas\eMule

[28/01/2010|16:27] C:\Arquivos de programas\ESET

[07/10/2008|19:46] C:\Arquivos de programas\Gadwin Systems

[27/01/2010|12:48] C:\Arquivos de programas\Google

[06/06/2008|21:25] C:\Arquivos de programas\Hewlett-Packard

[06/06/2008|21:27] C:\Arquivos de programas\HP

[13/01/2010|21:59] C:\Arquivos de programas\InstallShield Installation Information

[06/06/2008|11:44] C:\Arquivos de programas\Intel

[09/01/2010|20:19] C:\Arquivos de programas\Internet Explorer

[19/11/2008|16:11] C:\Arquivos de programas\Java

[25/01/2010|23:28] C:\Arquivos de programas\K-Lite Codec Pack

[03/12/2009|00:03] C:\Arquivos de programas\Kodak

[04/01/2009|19:02] C:\Arquivos de programas\Kwyshell

[20/11/2009|13:49] C:\Arquivos de programas\Lavalys

[10/07/2009|00:25] C:\Arquivos de programas\Lavasoft

[04/10/2008|21:48] C:\Arquivos de programas\LG Electronics

[23/07/2009|23:44] C:\Arquivos de programas\LG PC Suite 2

[07/01/2010|15:59] C:\Arquivos de programas\LimeWire

[08/01/2010|12:37] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[21/01/2010|16:18] C:\Arquivos de programas\Megacubo

[23/07/2009|23:44] C:\Arquivos de programas\Messenger

[25/01/2010|23:50] C:\Arquivos de programas\Messenger Plus! Live

[22/06/2009|21:35] C:\Arquivos de programas\MessengerPlus! 3

[13/07/2009|23:10] C:\Arquivos de programas\Microsoft

[11/11/2008|12:14] C:\Arquivos de programas\microsoft frontpage

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft Office

[17/11/2009|19:49] C:\Arquivos de programas\Microsoft Office Outlook Connector

[17/11/2009|19:49] C:\Arquivos de programas\Microsoft Silverlight

[11/10/2008|00:23] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[13/07/2009|23:09] C:\Arquivos de programas\Microsoft Sync Framework

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft Visual Studio

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft Works

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft.NET

[06/06/2008|11:26] C:\Arquivos de programas\Movie Maker

[22/01/2010|14:22] C:\Arquivos de programas\Mozilla Firefox

[06/06/2008|11:24] C:\Arquivos de programas\MSN Gaming Zone

[19/09/2008|17:07] C:\Arquivos de programas\MSN Messenger

[06/06/2008|11:28] C:\Arquivos de programas\MSXML 4.0

[06/06/2008|11:28] C:\Arquivos de programas\MSXML 6.0

[22/09/2008|17:45] C:\Arquivos de programas\MSXML 7.0

[28/01/2010|15:06] C:\Arquivos de programas\Mu C.A Brasil 1.02t

[06/06/2008|12:36] C:\Arquivos de programas\Nero

[23/09/2009|19:16] C:\Arquivos de programas\NetMeeting

[23/07/2009|20:44] C:\Arquivos de programas\No-IP

[02/09/2008|20:30] C:\Arquivos de programas\Now3D

[31/07/2009|00:24] C:\Arquivos de programas\OpenAL

[22/08/2009|19:07] C:\Arquivos de programas\Opera

[28/10/2009|20:41] C:\Arquivos de programas\Orban

[06/06/2008|11:26] C:\Arquivos de programas\Outlook Express

[09/01/2010|20:43] C:\Arquivos de programas\QuickTime

[25/01/2010|22:48] C:\Arquivos de programas\QuickTime Alternative

[15/06/2008|20:21] C:\Arquivos de programas\Real

[06/06/2008|11:52] C:\Arquivos de programas\Realtek

[19/05/2009|17:25] C:\Arquivos de programas\Red Storm Entertainment

[30/07/2009|09:44] C:\Arquivos de programas\Remere's Map Editor

[20/11/2009|14:40] C:\Arquivos de programas\Security Process Explorer

[06/06/2008|11:27] C:\Arquivos de programas\Servi‡os on-line

[27/02/2009|20:22] C:\Arquivos de programas\Skype

[07/12/2009|23:57] C:\Arquivos de programas\Sony Setup

[31/10/2008|21:28] C:\Arquivos de programas\SoquelSoft

[22/01/2010|00:02] C:\Arquivos de programas\Spyware Doctor

[19/11/2008|16:12] C:\Arquivos de programas\Sun

[17/12/2009|16:51] C:\Arquivos de programas\SystemRequirementsLab

[11/11/2008|09:31] C:\Arquivos de programas\ThreatFire

[12/12/2009|19:35] C:\Arquivos de programas\Tibia

[30/07/2009|13:09] C:\Arquivos de programas\Ubisoft

[30/07/2009|12:16] C:\Arquivos de programas\UltraISO

[25/09/2009|10:24] C:\Arquivos de programas\Uninstall Information

[22/08/2009|19:03] C:\Arquivos de programas\Valve

[22/08/2009|18:57] C:\Arquivos de programas\Winamp

[19/08/2009|22:53] C:\Arquivos de programas\Windows Defender

[17/11/2009|19:47] C:\Arquivos de programas\Windows Live

[14/01/2009|14:38] C:\Arquivos de programas\Windows Live SkyDrive

[10/08/2008|23:53] C:\Arquivos de programas\Windows Media Connect 2

[10/08/2008|13:16] C:\Arquivos de programas\Windows Media Player

[06/06/2008|11:24] C:\Arquivos de programas\Windows NT

[06/06/2008|11:27] C:\Arquivos de programas\WindowsUpdate

[25/07/2009|00:54] C:\Arquivos de programas\WinRAR

[11/11/2008|12:14] C:\Arquivos de programas\xerox

[06/06/2008|15:10] C:\Arquivos de programas\Yahoo!

[24/01/2009|11:24] C:\Arquivos de programas\YourWare Solutions

[10/07/2009|17:56] C:\Arquivos de programas\Zone Labs

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[07/09/2009|21:54] C:\Arquivos de programas\Arquivos comuns\Adobe

[06/06/2008|12:37] C:\Arquivos de programas\Arquivos comuns\Ahead

[09/01/2010|20:38] C:\Arquivos de programas\Arquivos comuns\Apple

[09/01/2010|00:02] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[14/08/2008|12:48] C:\Arquivos de programas\Arquivos comuns\DirectX

[09/01/2010|20:12] C:\Arquivos de programas\Arquivos comuns\DivX Shared

[30/07/2009|12:16] C:\Arquivos de programas\Arquivos comuns\EZB Systems

[06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\HP

[21/09/2009|19:18] C:\Arquivos de programas\Arquivos comuns\InstallShield

[06/06/2008|12:56] C:\Arquivos de programas\Arquivos comuns\Java

[03/12/2009|00:02] C:\Arquivos de programas\Arquivos comuns\Kodak

[13/07/2009|23:06] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\MSSoap

[06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\ODBC

[29/07/2009|23:26] C:\Arquivos de programas\Arquivos comuns\PC Tools

[25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\Real

[06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[27/02/2009|20:22] C:\Arquivos de programas\Arquivos comuns\Skype

[06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[22/01/2010|15:11] C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[11/10/2008|00:27] C:\Arquivos de programas\Arquivos comuns\System

[19/09/2008|15:46] C:\Arquivos de programas\Arquivos comuns\Windows Live

[25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 37 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-28 22:16:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SIMONE\Favoritos\alex\http--www.freedownloadbr.net-2008-08-kaspersky-2009-crack-traduo-pedido.html.url

C:\DOCUME~1\SIMONE\Favoritos\Links\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url

C:\DOCUME~1\SIMONE\Favoritos\programas\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url

C:\DOCUME~1\SIMONE\Meus documentos\ImTOO Software Studio\MOV Converter\crack.js

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\EA Keygen.exe

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\speed2.exe

C:\DOCUME~1\SIMONE\Meus documentos\Xilisoft Corporation\HD Video Converter\crack.js

 

 

[F:74][D:9]-> C:\DOCUME~1\SIMONE\CONFIG~1\Temp

[F:42][D:0]-> C:\DOCUME~1\SIMONE\Cookies

[F:958][D:4]-> C:\DOCUME~1\SIMONE\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - qui 28/01/2010|22:18 - Option : [1]

 

--------------------\\ Verificação completa em 22:18:12

 

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>....

 

Hjjackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:04:49, on 28/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\mmrtkrnl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ThreatFire - Unknown owner - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe (file missing)

 

--

End of file - 9563 bytes

 

 

___________

 

vlw

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Acesse o site http://www.virustotal.com/ '>Virus Total e envie estes arquivos destacados em vermelho abaixo para serem analisados:

 

c:\windows\PSEXESVC.EXE

c:\windows\system32\drivers\sabtb.sys

c:\windows\system32\XDva258.sys

 

Se aparecer uma mensagem dizendo que o arquivo já foi analisado, peça para analisar novamente. Aguarde a conclusão da análise e copie o link que aparecerá na barra de endereços do seu navegador e poste estes links na sua próxima resposta juntamente com os outros logs pedidos.

 

Caso não seja possível visualizar os arquivos acima, faça o seguinte:

 

# Vá no menu: Iniciar > Painel de Controle > Opções de Pasta

# Selecione a aba Modo de exibição

# Selecione o botão Mostrar pastas e arquivos ocultos

# Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado)

# Clique em OK

 

Aí depois disto tente novamente enviar os arquivos para análise no site Virus Total.

 

Se o site Virus Total estiver muito congestionado ou com algum problema, envie os arquivos para serem analisados nestes sites abaixo:

 

http://virscan.org/

http://virusscan.jotti.org/

http://www.viruschief.com/

____________________________________

 

:seta: Você conhece esta porta abaixo aberta que está aberta em seu firewal?

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"= 3603:TCP:rivtsmh

____________________________________

 

:seta: Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt

 

NetSvc::

cmldof

hcvuhv

Driver::

cmldof

hcvuhv

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

___________________________________

 

:seta: No log do Lop S&D está constando que você usou apenas a opção 1, que é a de procura pelos problemas.

 

Execute novamente o Lop S&D e escolha a opção 2 para usar a opção Remoção + Hosts e pressione a tecla Enter, como mostra esta imagem:

 

lop3.jpg

 

O log será criado em C:\LopR.txt

____________________________________

 

:seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

 

Tutorial do antivírus BitDefender Online

___________________________________

 

:seta: Na sua próxima resposta poste este log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis, o log do Spyware Doctor, o log que estará em C:\LopR.txt, o log que estará em C:\ComboFix.txt, os links das análises dos arquivos no site Virus Total e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bitscan

 

 

[General]

App = "楂䑴晥湥敤⁲湏楬敮匠慣湮牥 v8"

Date = 30:01:2010

Time = 21:53:52

Scan Path = A:\;C:\;D:\;E:\;

 

[Engines Info]

Virus Definitions = 4940874

Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)"

Scan plugins = 17

Archive plugins = 44

Unpack plugins = 8

E-mail plugins = 6

System plugins = 4

 

[scan Statistics]

Folders = 6479

Files = 259660

Archives = 3269

Packed files = 14861

Identified viruses = 0

Infected files = 0

Warnings = 0

Suspect files = 0

Disinfected files = 0

Deleted files = 0

Copied files = 0

Moved files = 0

Renamed files = 0

I/O Errors = 29

 

[scan Settings]

SecondAction = Delete

FirstAction = Disinfect

Heuristics = 1

Enable Warnings = 1

Exclude Ext =

Extensions = *;

Scan Emails = 1

Scan Archives = 1

Scan Packed = 1

Scan Files = 1

Scan Boot = 1

Verify Memory = 0

 

[scan Results]

Line00000000 = "No problems found."

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:05, on 31/1/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\mmrtkrnl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe

C:\Arquivos de programas\Spyware Doctor\sdloader.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

 

--

End of file - 11032 bytes

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

Lop

 

------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : BIOS Date: 01/30/08 10:01:36 Ver: 08.00.10

USER : SIMONE ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:149 Go (Free:106 Go)

D:\ (CD or DVD)

E:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( --- 29/01/2010|14:34 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Lista de pastas em DADOSD~1

 

[07/09/2009|21:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe

[20/07/2009|23:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\AlcaTech

[04/06/2009|21:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple

[25/01/2010|22:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer

[22/01/2010|15:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira

[02/07/2008|22:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink

[24/09/2009|12:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink

[30/07/2009|09:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google

[06/06/2008|21:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Hewlett-Packard

[06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP

[06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant

[05/07/2008|22:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HPSSUPPLY

[21/09/2009|19:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield

[19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

[19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files

[03/12/2009|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak

[10/07/2009|00:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft

[08/01/2010|12:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes

[11/09/2009|12:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee

[10/09/2009|23:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee Security Scan

[26/01/2010|14:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

[19/08/2009|22:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft

[06/06/2008|12:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero

[22/01/2010|15:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Norton

[09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NortonInstaller

[14/10/2008|20:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles

[09/03/2009|22:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Tools

[25/01/2010|23:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

[27/02/2009|20:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype

[10/07/2009|18:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

[22/01/2009|21:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com

[09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec

[28/01/2010|22:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP

[21/09/2009|19:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Trymedia

[06/06/2008|21:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WEBREG

[09/08/2008|23:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage

[14/01/2009|12:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

 

[06/06/2008|11:28] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft

 

[11/11/2008|09:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe

[11/11/2008|09:35] C:\DOCUME~1\LOCALS~1\DADOSD~1\Google

[11/11/2008|09:37] C:\DOCUME~1\LOCALS~1\DADOSD~1\GrabPro

[07/11/2009|16:44] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft

 

[16/12/2008|15:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\HPAppData

[07/11/2009|16:44] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft

 

[15/10/2009|17:16] C:\DOCUME~1\SIMONE\DADOSD~1\.bsnes

[09/06/2008|11:16] C:\DOCUME~1\SIMONE\DADOSD~1\Adobe

[02/10/2008|22:55] C:\DOCUME~1\SIMONE\DADOSD~1\Ahead

[20/07/2009|23:06] C:\DOCUME~1\SIMONE\DADOSD~1\AlcaTech

[09/01/2010|20:44] C:\DOCUME~1\SIMONE\DADOSD~1\Apple Computer

[19/11/2009|21:50] C:\DOCUME~1\SIMONE\DADOSD~1\Audacity

[10/01/2009|12:24] C:\DOCUME~1\SIMONE\DADOSD~1\CB Model Pro

[02/07/2008|22:21] C:\DOCUME~1\SIMONE\DADOSD~1\CyberLink

[25/01/2010|22:51] C:\DOCUME~1\SIMONE\DADOSD~1\DivX

[11/01/2009|16:18] C:\DOCUME~1\SIMONE\DADOSD~1\Enterbrain

[31/07/2009|01:05] C:\DOCUME~1\SIMONE\DADOSD~1\flightgear.org

[31/07/2009|00:53] C:\DOCUME~1\SIMONE\DADOSD~1\fltk.org

[08/09/2009|20:26] C:\DOCUME~1\SIMONE\DADOSD~1\Google

[15/06/2008|20:35] C:\DOCUME~1\SIMONE\DADOSD~1\GrabPro

[19/01/2009|14:56] C:\DOCUME~1\SIMONE\DADOSD~1\Greyfirst

[20/01/2009|19:31] C:\DOCUME~1\SIMONE\DADOSD~1\gtk-2.0

[12/09/2008|13:40] C:\DOCUME~1\SIMONE\DADOSD~1\Help

[06/06/2008|21:31] C:\DOCUME~1\SIMONE\DADOSD~1\HP

[06/06/2008|21:27] C:\DOCUME~1\SIMONE\DADOSD~1\HPAppData

[06/06/2008|11:34] C:\DOCUME~1\SIMONE\DADOSD~1\Identities

[04/10/2008|21:45] C:\DOCUME~1\SIMONE\DADOSD~1\InstallShield

[19/08/2008|19:59] C:\DOCUME~1\SIMONE\DADOSD~1\Kazaa Lite

[25/01/2009|21:10] C:\DOCUME~1\SIMONE\DADOSD~1\KompoZer

[04/10/2008|21:54] C:\DOCUME~1\SIMONE\DADOSD~1\LG Electronics

[27/01/2010|12:06] C:\DOCUME~1\SIMONE\DADOSD~1\LimeWire

[06/06/2008|13:30] C:\DOCUME~1\SIMONE\DADOSD~1\Macromedia

[08/01/2010|12:37] C:\DOCUME~1\SIMONE\DADOSD~1\Malwarebytes

[25/01/2010|22:50] C:\DOCUME~1\SIMONE\DADOSD~1\Media Player Classic

[13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\Microsoft

[03/07/2009|16:09] C:\DOCUME~1\SIMONE\DADOSD~1\Mozilla

[09/07/2009|23:07] C:\DOCUME~1\SIMONE\DADOSD~1\Opera

[13/01/2010|22:31] C:\DOCUME~1\SIMONE\DADOSD~1\Orbit

[29/07/2009|23:24] C:\DOCUME~1\SIMONE\DADOSD~1\PC Tools

[08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Publish Providers

[25/01/2010|23:35] C:\DOCUME~1\SIMONE\DADOSD~1\Real

[26/12/2008|23:19] C:\DOCUME~1\SIMONE\DADOSD~1\Remere's Map Editor

[07/01/2009|16:04] C:\DOCUME~1\SIMONE\DADOSD~1\Scirra

[30/07/2009|12:30] C:\DOCUME~1\SIMONE\DADOSD~1\SecuROM

[25/01/2010|20:53] C:\DOCUME~1\SIMONE\DADOSD~1\Shareaza

[23/06/2009|17:18] C:\DOCUME~1\SIMONE\DADOSD~1\Skype

[23/06/2009|17:08] C:\DOCUME~1\SIMONE\DADOSD~1\skypePM

[08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Sony

[04/01/2009|20:54] C:\DOCUME~1\SIMONE\DADOSD~1\sqlitestudio

[06/06/2008|12:56] C:\DOCUME~1\SIMONE\DADOSD~1\Sun

[23/01/2009|23:00] C:\DOCUME~1\SIMONE\DADOSD~1\SUPERAntiSpyware.com

[30/07/2009|17:38] C:\DOCUME~1\SIMONE\DADOSD~1\Symantec

[31/10/2008|21:22] C:\DOCUME~1\SIMONE\DADOSD~1\SynopseInfo

[12/12/2009|19:35] C:\DOCUME~1\SIMONE\DADOSD~1\Tibia

[13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\uTorrent

[30/09/2008|11:44] C:\DOCUME~1\SIMONE\DADOSD~1\Winamp

[16/09/2008|11:39] C:\DOCUME~1\SIMONE\DADOSD~1\WinRAR

 

--------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks

 

[29/01/2010 13:45][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[29/01/2010 14:32][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[10/01/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job

[15/01/2010 23:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[29/01/2010 14:32][--ah-----] C:\WINDOWS\tasks\SA.DAT

[21/07/2007 19:40][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ MsgPlus SPONSOR INSTALLED !

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

"SponsorInstalled"=dword:00000000

 

 

--------------------\\ Lista de pastas em C:\Arquivos de programas

 

[11/06/2009|22:48] C:\Arquivos de programas\1.023. Web.informations

[28/01/2010|14:51] C:\Arquivos de programas\1.02t

[07/06/2009|13:39] C:\Arquivos de programas\3D Canvas 6

[30/07/2009|15:57] C:\Arquivos de programas\7-Zip

[07/09/2009|21:54] C:\Arquivos de programas\Adobe

[26/01/2010|22:54] C:\Arquivos de programas\Allok MOV Converter

[06/08/2008|19:23] C:\Arquivos de programas\Alwil Software

[04/06/2009|21:23] C:\Arquivos de programas\Apple Software Update

[29/01/2010|14:26] C:\Arquivos de programas\Arquivos comuns

[07/06/2009|13:39] C:\Arquivos de programas\Asprate

[01/11/2009|20:48] C:\Arquivos de programas\AVG

[22/01/2010|15:20] C:\Arquivos de programas\Avira

[10/07/2009|01:00] C:\Arquivos de programas\CCleaner

[11/08/2009|12:59] C:\Arquivos de programas\COMODO

[06/06/2008|11:25] C:\Arquivos de programas\ComPlus Applications

[23/01/2010|20:47] C:\Arquivos de programas\Conduit

[06/06/2008|12:31] C:\Arquivos de programas\CyberLink

[13/12/2009|00:54] C:\Arquivos de programas\CZ-Doc2Pdf COM

[25/01/2010|22:48] C:\Arquivos de programas\DivX

[13/01/2010|21:40] C:\Arquivos de programas\DreaMule

[02/07/2008|19:34] C:\Arquivos de programas\DVD Shrink

[26/01/2010|22:46] C:\Arquivos de programas\eMule

[28/01/2010|16:27] C:\Arquivos de programas\ESET

[07/10/2008|19:46] C:\Arquivos de programas\Gadwin Systems

[27/01/2010|12:48] C:\Arquivos de programas\Google

[06/06/2008|21:25] C:\Arquivos de programas\Hewlett-Packard

[06/06/2008|21:27] C:\Arquivos de programas\HP

[13/01/2010|21:59] C:\Arquivos de programas\InstallShield Installation Information

[06/06/2008|11:44] C:\Arquivos de programas\Intel

[09/01/2010|20:19] C:\Arquivos de programas\Internet Explorer

[19/11/2008|16:11] C:\Arquivos de programas\Java

[25/01/2010|23:28] C:\Arquivos de programas\K-Lite Codec Pack

[03/12/2009|00:03] C:\Arquivos de programas\Kodak

[04/01/2009|19:02] C:\Arquivos de programas\Kwyshell

[20/11/2009|13:49] C:\Arquivos de programas\Lavalys

[10/07/2009|00:25] C:\Arquivos de programas\Lavasoft

[04/10/2008|21:48] C:\Arquivos de programas\LG Electronics

[23/07/2009|23:44] C:\Arquivos de programas\LG PC Suite 2

[07/01/2010|15:59] C:\Arquivos de programas\LimeWire

[08/01/2010|12:37] C:\Arquivos de programas\Malwarebytes' Anti-Malware

[21/01/2010|16:18] C:\Arquivos de programas\Megacubo

[23/07/2009|23:44] C:\Arquivos de programas\Messenger

[25/01/2010|23:50] C:\Arquivos de programas\Messenger Plus! Live

[22/06/2009|21:35] C:\Arquivos de programas\MessengerPlus! 3

[13/07/2009|23:10] C:\Arquivos de programas\Microsoft

[11/11/2008|12:14] C:\Arquivos de programas\microsoft frontpage

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft Office

[17/11/2009|19:49] C:\Arquivos de programas\Microsoft Office Outlook Connector

[17/11/2009|19:49] C:\Arquivos de programas\Microsoft Silverlight

[11/10/2008|00:23] C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[13/07/2009|23:09] C:\Arquivos de programas\Microsoft Sync Framework

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft Visual Studio

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft Works

[06/06/2008|12:53] C:\Arquivos de programas\Microsoft.NET

[06/06/2008|11:26] C:\Arquivos de programas\Movie Maker

[22/01/2010|14:22] C:\Arquivos de programas\Mozilla Firefox

[06/06/2008|11:24] C:\Arquivos de programas\MSN Gaming Zone

[19/09/2008|17:07] C:\Arquivos de programas\MSN Messenger

[06/06/2008|11:28] C:\Arquivos de programas\MSXML 4.0

[06/06/2008|11:28] C:\Arquivos de programas\MSXML 6.0

[22/09/2008|17:45] C:\Arquivos de programas\MSXML 7.0

[28/01/2010|15:06] C:\Arquivos de programas\Mu C.A Brasil 1.02t

[06/06/2008|12:36] C:\Arquivos de programas\Nero

[23/09/2009|19:16] C:\Arquivos de programas\NetMeeting

[23/07/2009|20:44] C:\Arquivos de programas\No-IP

[02/09/2008|20:30] C:\Arquivos de programas\Now3D

[31/07/2009|00:24] C:\Arquivos de programas\OpenAL

[22/08/2009|19:07] C:\Arquivos de programas\Opera

[28/10/2009|20:41] C:\Arquivos de programas\Orban

[06/06/2008|11:26] C:\Arquivos de programas\Outlook Express

[09/01/2010|20:43] C:\Arquivos de programas\QuickTime

[25/01/2010|22:48] C:\Arquivos de programas\QuickTime Alternative

[15/06/2008|20:21] C:\Arquivos de programas\Real

[06/06/2008|11:52] C:\Arquivos de programas\Realtek

[19/05/2009|17:25] C:\Arquivos de programas\Red Storm Entertainment

[30/07/2009|09:44] C:\Arquivos de programas\Remere's Map Editor

[20/11/2009|14:40] C:\Arquivos de programas\Security Process Explorer

[06/06/2008|11:27] C:\Arquivos de programas\Servi‡os on-line

[27/02/2009|20:22] C:\Arquivos de programas\Skype

[07/12/2009|23:57] C:\Arquivos de programas\Sony Setup

[31/10/2008|21:28] C:\Arquivos de programas\SoquelSoft

[28/01/2010|22:27] C:\Arquivos de programas\Spyware Doctor

[19/11/2008|16:12] C:\Arquivos de programas\Sun

[17/12/2009|16:51] C:\Arquivos de programas\SystemRequirementsLab

[11/11/2008|09:31] C:\Arquivos de programas\ThreatFire

[12/12/2009|19:35] C:\Arquivos de programas\Tibia

[30/07/2009|13:09] C:\Arquivos de programas\Ubisoft

[30/07/2009|12:16] C:\Arquivos de programas\UltraISO

[25/09/2009|10:24] C:\Arquivos de programas\Uninstall Information

[22/08/2009|19:03] C:\Arquivos de programas\Valve

[22/08/2009|18:57] C:\Arquivos de programas\Winamp

[19/08/2009|22:53] C:\Arquivos de programas\Windows Defender

[17/11/2009|19:47] C:\Arquivos de programas\Windows Live

[14/01/2009|14:38] C:\Arquivos de programas\Windows Live SkyDrive

[10/08/2008|23:53] C:\Arquivos de programas\Windows Media Connect 2

[10/08/2008|13:16] C:\Arquivos de programas\Windows Media Player

[06/06/2008|11:24] C:\Arquivos de programas\Windows NT

[06/06/2008|11:27] C:\Arquivos de programas\WindowsUpdate

[25/07/2009|00:54] C:\Arquivos de programas\WinRAR

[11/11/2008|12:14] C:\Arquivos de programas\xerox

[06/06/2008|15:10] C:\Arquivos de programas\Yahoo!

[24/01/2009|11:24] C:\Arquivos de programas\YourWare Solutions

[10/07/2009|17:56] C:\Arquivos de programas\Zone Labs

 

--------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns

 

[07/09/2009|21:54] C:\Arquivos de programas\Arquivos comuns\Adobe

[06/06/2008|12:37] C:\Arquivos de programas\Arquivos comuns\Ahead

[09/01/2010|20:38] C:\Arquivos de programas\Arquivos comuns\Apple

[09/01/2010|00:02] C:\Arquivos de programas\Arquivos comuns\DESIGNER

[14/08/2008|12:48] C:\Arquivos de programas\Arquivos comuns\DirectX

[09/01/2010|20:12] C:\Arquivos de programas\Arquivos comuns\DivX Shared

[30/07/2009|12:16] C:\Arquivos de programas\Arquivos comuns\EZB Systems

[06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\HP

[21/09/2009|19:18] C:\Arquivos de programas\Arquivos comuns\InstallShield

[06/06/2008|12:56] C:\Arquivos de programas\Arquivos comuns\Java

[03/12/2009|00:02] C:\Arquivos de programas\Arquivos comuns\Kodak

[13/07/2009|23:06] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\MSSoap

[06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\ODBC

[25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\Real

[06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\Servi‡os

[27/02/2009|20:22] C:\Arquivos de programas\Arquivos comuns\Skype

[06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[22/01/2010|15:11] C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[11/10/2008|00:27] C:\Arquivos de programas\Arquivos comuns\System

[19/09/2008|15:46] C:\Arquivos de programas\Arquivos comuns\Windows Live

[25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\xing shared

 

--------------------\\ Process

 

( 37 Processes )

 

... OK !

 

--------------------\\ Procura pelo S_Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

 

Não foram encontradas pastas com o Lop!

 

--------------------\\ Procura no Registro

 

..... OK !

 

--------------------\\ Verificando o Arquivos/Ficheiros Hosts

 

Arquivos/Ficheiros Hosts LIMPO

 

 

--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-29 14:35:22

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SIMONE\Favoritos\alex\http--www.freedownloadbr.net-2008-08-kaspersky-2009-crack-traduo-pedido.html.url

C:\DOCUME~1\SIMONE\Favoritos\Links\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url

C:\DOCUME~1\SIMONE\Favoritos\programas\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url

C:\DOCUME~1\SIMONE\Meus documentos\ImTOO Software Studio\MOV Converter\crack.js

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\EA Keygen.exe

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\speed2.exe

C:\DOCUME~1\SIMONE\Meus documentos\Xilisoft Corporation\HD Video Converter\crack.js

 

 

[F:31][D:2]-> C:\DOCUME~1\SIMONE\CONFIG~1\Temp

[F:9][D:0]-> C:\DOCUME~1\SIMONE\Cookies

[F:6][D:4]-> C:\DOCUME~1\SIMONE\CONFIG~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - qui 28/01/2010|22:18 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - --- 29/01/2010|14:36 - Option : [2]

 

--------------------\\ Verificação completa em 14:36:58

 

<<<<<<<<<<<<<<><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<><<<<<<<<<<<<<<<<

 

combo (cara acho que esse é o recente, pois passei o combo e so voltei 1 dia depois)

 

ComboFix 10-01-28.04 - SIMONE 29/01/2010 14:22:48.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.554 [GMT -2:00]

Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\SIMONE\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 ))))))))))))))))))))))))))))

.

 

2010-01-29 00:14 . 2010-01-29 00:18 -------- d-----w- C:\Lop SD

2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET

2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva

2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack

2010-01-27 00:45 . 2010-01-27 14:06 -------- d-----w- C:\OutputFolder

2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll

2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter

2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll

2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic

2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit

2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira

2010-01-12 02:33 . 2010-01-13 23:40 -------- d-----w- c:\arquivos de programas\DreaMule

2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018

2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe

2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-29 00:27 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-01-29 00:26 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t

2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t

2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google

2010-01-27 14:06 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire

2010-01-27 00:46 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule

2010-01-26 16:07 . 2009-06-23 01:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-26 01:50 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX

2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX

2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza

2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-01-21 18:18 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat

2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat

2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit

2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent

2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer

2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime

2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony

2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-12-03 02:03 . 2009-12-03 02:01 -------- d-----w- c:\arquivos de programas\Kodak

2009-12-03 02:02 . 2009-12-03 02:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Kodak

2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe

2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe

2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe

2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe

2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll

2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kodak

2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE

.

 

------- Sigcheck -------

 

[-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

"nwiz"="nwiz.exe" [2008-01-08 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]

"Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK]

path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK

backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2009-08-06 00:48 647520 ----a-w- c:\arquivos de programas\Windows Live\Family Safety\fsui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]

2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"= 3603:TCP:rivtsmh

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/1/2009 14:41 54752]

S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?]

S3 XDva258;XDva258;\??\c:\windows\system32\XDva258.sys --> c:\windows\system32\XDva258.sys [?]

S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ketsujin.com\fighterace

Trusted Zone: ketsujin.com\primary

Trusted Zone: ketsujin.com\update

Trusted Zone: ketsujin.com\www

Trusted Zone: stormofaces.com\www

FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-29 14:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1,

10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\

"??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2868)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2010-01-29 14:29:48

ComboFix-quarantined-files.txt 2010-01-29 16:29

ComboFix2.txt 2010-01-29 00:56

 

Pré-execução: 21 pasta(s) 114.705.895.424 bytes disponíveis

Pós execução: 22 pasta(s) 114.673.782.784 bytes disponíveis

 

- - End Of File - - 8FCFE6E5F0E983B0EF0F121B2AA61FDF

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>...

 

LOG spyware doctor

 

ficou mt grande, pois ele achou umas 100 infecções, ae deixei em quarentena e no outro dia deletei.

se for necessario so dizer que dou um jeito de fazer upload por algum site do arquivo

 

<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

virus total:

 

o site so conseguiu achar 1 arquivo, os outros 2 (que estavam so system32) nao foram encontrado, msm fazendo oq pediu, ir em opções da pasta>mode de exibição>etc

 

http://www.virustotal.com/pt/analisis/f6bcc9e0e6a95706e7b636a001e57fc9c0fd1b5cbf6833d392e99e6fd97db03d-1264895863

 

 

>>>>>>>>>>>>>>>

 

vlw cara

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Você se esqueceu de responder esta pergunta que te fiz:

 

Você conhece esta porta abaixo aberta que está aberta em seu firewal?

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"= 3603:TCP:rivtsmh

______________________________

 

:seta: Exclua o CFScript.txt que se encontra no Desktop. Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt

 

File::

c:\windows\system32\XDva258.sys

Driver::

XDva258

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

______________________________

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SIMONE\Favoritos\alex\http--www.freedownloadbr.net-2008-08-kaspersky-2009-crack-traduo-pedido.html.url

C:\DOCUME~1\SIMONE\Favoritos\Links\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url

C:\DOCUME~1\SIMONE\Favoritos\programas\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url

C:\DOCUME~1\SIMONE\Meus documentos\ImTOO Software Studio\MOV Converter\crack.js

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\EA Keygen.exe

C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\speed2.exe

C:\DOCUME~1\SIMONE\Meus documentos\Xilisoft Corporation\HD Video Converter\crack.js

:!: É muito importante desinstalar todos os programas crackeados ou pirateados que existam no seu PC, pois a enorme maioria destes programas contém virus e/ou malwares embutidos neles. Além disto, eles costumam conter vulnerabilidades que facilitam a invasão de seu computador.

_______________________________

 

LOG spyware doctor

 

ficou mt grande, pois ele achou umas 100 infecções, ae deixei em quarentena e no outro dia deletei.

se for necessario so dizer que dou um jeito de fazer upload por algum site do arquivo

:seta: Hospede ele em um site de sua preferência, como este abaixo por exemplo:

http://www.badongo.com

 

Aí é só postar o link de onde você hospedeu o log do Spyware Doctor juntamente com o log que estará em C:\ComboFix.txt e nos diga como está seu PC depois disto.

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

log spware doctor

 

http://www.megaupload.com/?d=45VOZ7NV

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>

 

log combo

 

ComboFix 10-01-28.04 - SIMONE 01/02/2010 13:01:25.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.566 [GMT -2:00]

Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\SIMONE\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

 

FILE ::

"c:\windows\system32\XDva258.sys"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_XDVA258

-------\Service_XDva258

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))

.

 

2010-01-30 22:05 . 2010-01-30 23:53 -------- d-----w- c:\windows\BDOSCAN8

2010-01-29 17:25 . 2009-11-12 12:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2010-01-29 17:25 . 2009-11-12 12:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2010-01-29 17:25 . 2009-11-12 12:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2010-01-29 17:25 . 2009-11-10 12:26 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-29 17:25 . 2009-11-10 12:28 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-29 17:25 . 2009-11-10 12:28 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-29 17:25 . 2009-11-10 12:28 1640400 ----a-w- c:\windows\PCTBDCore.dll

2010-01-29 17:25 . 2009-10-28 03:36 1152444 ----a-w- c:\windows\UDB.zip

2010-01-29 17:25 . 2008-11-26 14:08 131 ----a-w- c:\windows\IDB.zip

2010-01-29 16:43 . 2009-10-30 13:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-01-29 16:43 . 2009-11-09 13:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-01-29 16:43 . 2009-10-06 18:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-01-29 16:43 . 2010-01-29 16:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools

2010-01-29 16:43 . 2009-09-03 11:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-01-29 00:14 . 2010-01-29 16:36 -------- d-----w- C:\Lop SD

2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET

2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva

2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack

2010-01-27 00:45 . 2010-01-30 22:40 -------- d-----w- C:\OutputFolder

2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll

2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter

2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll

2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic

2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit

2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira

2010-01-12 02:33 . 2010-01-31 14:35 -------- d-----w- c:\arquivos de programas\DreaMule

2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018

2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe

2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 15:11 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-02-01 14:52 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-01-30 22:39 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule

2010-01-30 22:02 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire

2010-01-29 18:55 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t

2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t

2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google

2010-01-26 16:07 . 2009-06-23 01:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-26 01:50 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX

2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX

2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza

2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat

2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat

2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit

2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent

2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer

2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime

2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony

2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe

2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe

2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe

2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe

2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll

2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE

.

 

------- Sigcheck -------

 

[-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

"nwiz"="nwiz.exe" [2008-01-08 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]

"Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK]

path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK

backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2009-08-06 00:48 647520 ----a-w- c:\arquivos de programas\Windows Live\Family Safety\fsui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]

2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"= 3603:TCP:rivtsmh

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/1/2010 14:43 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [29/1/2010 15:25 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [29/1/2010 15:25 59664]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/1/2010 14:43 233136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe [29/1/2010 15:25 112592]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/1/2009 14:41 54752]

S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?]

S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [29/1/2010 14:43 70408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [29/1/2010 14:43 359624]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [29/1/2010 15:25 33552]

S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?]

S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: ketsujin.com\fighterace

Trusted Zone: ketsujin.com\primary

Trusted Zone: ketsujin.com\update

Trusted Zone: ketsujin.com\www

Trusted Zone: stormofaces.com\www

FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 13:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1,

10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\

"??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(840)

c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll

 

- - - - - - - > 'explorer.exe'(2820)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\mmrtkrnl.exe

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-01 13:17:47 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-01 15:17

ComboFix2.txt 2010-01-29 16:29

ComboFix3.txt 2010-01-29 00:56

 

Pré-execução: 21 pasta(s) 114.390.429.696 bytes disponíveis

Pós execução: 22 pasta(s) 114.362.535.936 bytes disponíveis

 

- - End Of File - - 8966EE2CBD96877FF2B3C54B98A01172

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

sobre essa porta aberta eu nao conheço nao. me explica como fecha-la?

 

deletei aquelas pastas que contiam crack

 

vlws

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Exclua o CFScript.txt que está no Desktop.

 

Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt

 

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"=-

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

__________________________________

 

:seta: Siga também as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e o log que estará em C:\ComboFix.txt e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

combo

 

ComboFix 10-01-28.04 - SIMONE 01/02/2010 19:48:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.379 [GMT -2:00]

Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\SIMONE\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

A cópia de c:\windows\system32\drivers\ntfs.sys foi encontrada e desinfectada

Cópia restaurada de - c:\windows\ERDNT\cache\ntfs.sys

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))

.

 

2010-02-01 16:45 . 2010-02-01 16:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-01-30 22:05 . 2010-01-30 23:53 -------- d-----w- c:\windows\BDOSCAN8

2010-01-29 17:25 . 2009-11-12 12:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2010-01-29 17:25 . 2009-11-12 12:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2010-01-29 17:25 . 2009-11-12 12:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2010-01-29 17:25 . 2009-11-10 12:26 767952 ----a-w- c:\windows\BDTSupport.dll

2010-01-29 17:25 . 2009-11-10 12:28 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-01-29 17:25 . 2009-11-10 12:28 165840 ----a-w- c:\windows\PCTBDRes.dll

2010-01-29 17:25 . 2009-11-10 12:28 1640400 ----a-w- c:\windows\PCTBDCore.dll

2010-01-29 17:25 . 2009-10-28 03:36 1152444 ----a-w- c:\windows\UDB.zip

2010-01-29 17:25 . 2008-11-26 14:08 131 ----a-w- c:\windows\IDB.zip

2010-01-29 16:43 . 2009-10-30 13:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-01-29 16:43 . 2009-11-09 13:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-01-29 16:43 . 2009-10-06 18:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-01-29 16:43 . 2010-01-29 16:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools

2010-01-29 16:43 . 2009-09-03 11:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-01-29 00:14 . 2010-01-29 16:36 -------- d-----w- C:\Lop SD

2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET

2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva

2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack

2010-01-27 00:45 . 2010-01-30 22:40 -------- d-----w- C:\OutputFolder

2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll

2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter

2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll

2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic

2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit

2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira

2010-01-12 02:33 . 2010-01-31 14:35 -------- d-----w- c:\arquivos de programas\DreaMule

2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec

2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller

2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative

2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018

2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe

2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-01 22:09 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2010-02-01 20:33 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2010-02-01 17:08 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-02-01 17:06 . 2008-09-19 19:07 -------- d-----w- c:\arquivos de programas\Windows Live

2010-01-30 22:39 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule

2010-01-30 22:02 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire

2010-01-29 18:55 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo

2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t

2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t

2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google

2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX

2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX

2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza

2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared

2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat

2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat

2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit

2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent

2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer

2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime

2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared

2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia

2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers

2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony

2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup

2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe

2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe

2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe

2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe

2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll

2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE

.

 

------- Sigcheck -------

 

[-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys

 

[-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]

"nwiz"="nwiz.exe" [2008-01-08 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]

"Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk

backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK]

path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK

backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]

2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3603:TCP"= 3603:TCP:rivtsmh

 

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/1/2010 14:43 207792]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [29/1/2010 15:25 51984]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [29/1/2010 15:25 59664]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/1/2010 14:43 233136]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe [29/1/2010 15:25 112592]

S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?]

S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [29/1/2010 14:43 70408]

S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [29/1/2010 14:43 359624]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [29/1/2010 15:25 33552]

S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?]

S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

 

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25]

 

2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: ketsujin.com\fighterace

Trusted Zone: ketsujin.com\primary

Trusted Zone: ketsujin.com\update

Trusted Zone: ketsujin.com\www

Trusted Zone: stormofaces.com\www

FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\

FF - prefs.js: browser.search.defaulturl - 4.6.6.2

FF - prefs.js: browser.search.selectedEngine - 4.6.6.2

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - 4.6.6.2

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.search.defaultenginename - 4.6.6.2

FF - user.js: browser.search.defaulturl - 4.6.6.2

FF - user.js: browser.search.selectedEngine - 4.6.6.2

FF - user.js: keyword.URL - 4.6.6.2

FF - user.js: keyword.enabled - true

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-fssui - c:\arquivos de programas\Windows Live\Family Safety\fsui.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-01 20:11

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1,

10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\

"??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'lsass.exe'(848)

c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll

 

- - - - - - - > 'explorer.exe'(3452)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\mmrtkrnl.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-01 20:15:55 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-01 22:15

ComboFix2.txt 2010-02-01 15:17

ComboFix3.txt 2010-01-29 16:29

ComboFix4.txt 2010-01-29 00:56

 

Pré-execução: 21 pasta(s) 115.706.925.056 bytes disponíveis

Pós execução: 22 pasta(s) 115.678.576.640 bytes disponíveis

 

- - End Of File - - A48CB1C71EC100FCA83EEA295D08304A

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>

 

kav

 

Autoscan: completed 1 minute ago (events: 80, objects: 327491, time: 02:53:05)

1/2/2010 20:29:28 Task started

1/2/2010 20:45:41 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 20:45:41 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll Postponed

1/2/2010 20:45:42 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 20:45:44 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 20:45:46 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 20:45:49 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 21:29:45 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 21:29:46 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir Postponed

1/2/2010 21:29:50 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 21:29:50 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 21:29:51 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 21:29:51 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 21:47:37 Detected: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe

1/2/2010 21:47:37 Untreated: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe Postponed

1/2/2010 22:15:09 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 22:15:09 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll Postponed

1/2/2010 22:15:10 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 22:15:10 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 22:16:56 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 22:16:56 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll Postponed

1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 22:38:45 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:38:45 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll Postponed

1/2/2010 22:38:46 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:38:46 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:38:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:38:49 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:59:03 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:59:03 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll Postponed

1/2/2010 22:59:03 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:59:04 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:59:06 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 22:59:08 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:11:38 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:11:38 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir Postponed

1/2/2010 23:11:40 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:11:41 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:11:42 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:11:43 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:12:39 Detected: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe

1/2/2010 23:12:39 Untreated: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe Postponed

1/2/2010 23:16:55 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:16:55 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll Postponed

1/2/2010 23:16:55 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:16:55 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:17:05 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:17:05 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll Postponed

1/2/2010 23:17:06 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:17:07 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:17:07 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:17:08 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:20:36 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:21:48 Will be deleted on system restart: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll

1/2/2010 23:21:49 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:22:11 Deleted: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir

1/2/2010 23:22:13 Detected: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe

1/2/2010 23:22:23 Deleted: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe

1/2/2010 23:22:23 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:22:28 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:22:28 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:22:28 Deleted: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll

1/2/2010 23:22:28 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:22:33 Deleted: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll

1/2/2010 23:22:33 Task completed

 

<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:25:02, on 1/2/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20900)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\mmrtkrnl.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\SIMONE\Desktop\Virus Removal Tool\setup_9.0.0.722_01.02.2010_23-08\setup_9.0.0.722_01.02.2010_23-08.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: setup_9.0.0.722_01.02.2010_23-08.lnk = C:\Documents and Settings\SIMONE\Desktop\Virus Removal Tool\setup_9.0.0.722_01.02.2010_23-08\startup.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe

 

--

End of file - 9840 bytes

 

 

<<<<>>>

 

vlws

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Vários problemas foram detectados pelo Kaspersky Virus Removal Tool.

 

Mas você removeu todos os problemas que ele encontrou? Caso não tenha removido, remova eles usando o Kaspersky Virus Removal Tool.

_________________________________

 

:seta: Configure o seu antivirus Avira Antivir seguindo as dicas destes tutoriais:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 9 free (instalação e configuração)

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]Tutorial do Avira Antivir 9 free (como usá-lo corretamente)

 

Depois de configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento.

 

Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal.

_______________________________________________________________

 

:seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.