chubes 0 Denunciar post Postado Janeiro 27, 2010 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:40:08, on 27/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2233703 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: egoads - {53082ce2-5306-b270-9a1c-6ce617f0e5e1} - C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Software Kodak EasyShare.lnk = C:\Arquivos de programas\Kodak\Kodak EasyShare software\bin\EasyShare.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe -- End of file - 11201 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 27, 2010 :) Olá chubes! Seja bem-vindo ao Fórum Imasters. :seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2233703 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ________________________________________ :seta: Acesse o site '>http://www.virustotal.com/"]Virus total e envie este arquivo destacado vermelho para ser analisado: C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll Se o arquivo acima não aparecer na hora de selecioná-lo, faça o seguinte: # Vá no menu: Iniciar > Painel de Controle > Opções de Pasta # Selecione a aba Modo de exibição # Selecione o botão Mostrar pastas e arquivos ocultos # Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado) # Clique em OK E aí envie-o novamente para ser analisado. Assim que a análise acima terminar, copie o link que aparecerá na barra de endereços do seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos. Obs: Caso o site Virus Total esteja muito congestionado ou com problemas, envie o arquivo para ser analisado nestes sites abaixo: http://virscan.org/ http://virusscan.jotti.org/ http://www.viruschief.com/ __________________________________ :seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes: '>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-malwarebytes-anti-malware.html"]Tutorial do Malwarebytes Anti-Malware Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e o link da análise do arquivo no site Virus Total e nos diga como está o seu PC após estes procedimentos. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
chubes 0 Denunciar post Postado Janeiro 28, 2010 opa fiz tudo que pediu, vamos aos logs HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:56:22, on 27/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: egoads - {53082ce2-5306-b270-9a1c-6ce617f0e5e1} - C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe -- End of file - 10832 bytes ___________________________________________________ ___________________________________________________ resultado do virus total http://www.virustotal.com/pt/analisis/fc0a4e1bf21be5935ad0a1c24d6067ae823122d235e95c278bdf9f8b5b258cd7-1264637000 ___________________________________________________ ___________________________________________________ resultado do malware (ja tinha passado semana passada e fui ver hj tinha 40 arquivos no quarentena, deletei todos, pois o pc estava funcionando normalmente) Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3517 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 27/1/2010 23:33:40 mbam-log-2010-01-27 (23-33-40).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 196792 Tempo decorrido: 1 hour(s), 25 minute(s), 14 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 1 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) vlw Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 28, 2010 :) Um problema foi removido pelo Malwarebytes. _____________________________ :seta: Siga, por gentileza, as dicas destes tutoriais: Tutorial do Norman Malware Cleaner Tutorial do antivirus Nod32 Online _____________________________ :seta: Na sua próxima resposta poste este log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt juntamente com um novo log do Hijackthis, o log do Norman Malware Cleaner e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
chubes 0 Denunciar post Postado Janeiro 28, 2010 Nod32 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.20900 (vista_ldr.080820-1506) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=045f4c0baafb48479fb910ef9dca4ae5 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-01-28 07:32:14 # local_time=2010-01-28 05:32:14 (-0300, Horário brasileiro de verão) # country="Brazil" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 45728276 45728276 0 0 # compatibility_mode=1028 16777214 0 4 6162824 6612901 0 0 # compatibility_mode=1797 16775145 100 94 0 36426197 0 0 # compatibility_mode=2560 16777175 100 0 0 0 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 0 9 16529885 32052624 0 0 # scanned=80156 # found=2 # cleaned=2 # scan_time=3067 C:\downloads\MsgPlus3-Setup.exe Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\downloads\vdownloader.zip a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C <<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>> <<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>> HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:35:44, on 28/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\HP\Smart Web Printing\hpswp_clipbook.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: egoads - {53082ce2-5306-b270-9a1c-6ce617f0e5e1} - C:\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe -- End of file - 11081 bytes <<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>> <<<<<<<<>>>>>>>>>><<<<<<<<<<<<<>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>> Norman Norman Malware Cleaner Version 1.6.2 Copyright © 1990 - 2009, Norman ASA. Built 2010/01/27 08:47:04 Norman Scanner Engine Version: 6.04.03 Nvcbin.def Version: 6.04.00, Date: 2010/01/27 08:47:04, Variants: 4817693 Scan started: 28/01/2010 14:47:59 Running pre-scan cleanup routine: Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2 Logged on user: MASTER-C8963AE8\SIMONE Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispCPL = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispCPL = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoFolderOptions = 0x00000000 Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000 Changed service configuration for "wuauserv" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF Started service "wuauserv" Changed service configuration for "BITS" from 0x00000004 and 0x00000001 to 0x00000003 and 0xFFFFFFFF Started service "BITS" Scanning bootsectors... Number of sectors found: 0 Number of sectors scanned: 0 Number of sectors not scanned: 0 Number of infections found: 0 Number of infections removed: 0 Total scanning time: 0s Scanning running processes and process memory... Number of processes/threads found: 3128 Number of processes/threads scanned: 3128 Number of processes/threads not scanned: 0 Number of infected processes/threads terminated: 0 Total scanning time: 1m 17s Scanning file system... Scanning: prescan Scanning: C:\*.* C:\Arquivos de programas\1.02t\mucabrasil.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\Arquivos de programas\1.02t\mucabrasil.VIR (Infected with W32/Obfuscated.AK!genr) Deleted file C:\Arquivos de programas\Megacubo\components\bin\pv.exe (Infected with Ircbot.ANFB.dropper) Deleted file C:\Arquivos de programas\Mu C.A Brasil 1.02t\mucabrasil.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\Documents and Settings\SIMONE\Configurações locais\Temporary Internet Files\Content.IE5\4GB26JM0\mucabrasil.exe[1].rar/mucabrasil.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\Documents and Settings\SIMONE\Configurações locais\Temporary Internet Files\Content.IE5\4GB26JM0\mucabrasil.exe[1].rar (Empty archive after cleaning) Deleted file C:\Documents and Settings\SIMONE\Meus documentos\ana\Videos\[c=38][c=19][-c]Letícia[-c]_14_7_2009@18_50_58.wav (Error opening file: Not found) C:\Documents and Settings\SIMONE\Meus documentos\Meus arquivos recebidos\farkli5.jpg (Error opening file: Not found) C:\LinhaDefensiva\exec\download.exe (Infected with Suspicious_Gen.CQSA) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP11\A0004722.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP12\A0004841.exe/noname.nsis/file4617 (Error whilst scanning file: I/O Error (0x00220005)) C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP5\A0001588.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP56\A0022461.exe (Infected with Ircbot.ANFB.dropper) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP58\A0023211.dll (Infected with W32/Obfuscated.A!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024165.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024342.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024343.exe (Infected with Ircbot.ANFB.dropper) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024344.exe (Infected with W32/Obfuscated.AK!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024345.exe (Infected with Suspicious_Gen.CQSA) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP7\A0002957.exe (Infected with Ircbot.ANFB.dropper) Deleted file C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut10_43AA47BAAFAC4744A9BF278EB213A3B8.exe (Infected with W32/Obfuscated.D2!genr) Deleted file C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut11_8B92D9CDF62A467BB8BC9F2764E4B69F.exe (Infected with W32/Obfuscated.D2!genr) Deleted file C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut8_11AE7A1F25BD40F4ACDAFBB762BBAAEF.exe (Infected with W32/Obfuscated.D2!genr) Deleted file C:\WINDOWS\Installer\{A1F649A2-F97D-4BC8-97B1-E61664F00F42}\NewShortcut9_48B66D5BB6F048C38E9B8347B51AFC45.exe (Infected with W32/Obfuscated.D2!genr) Deleted file Scanning: C:\System Volume Information\*.* C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP12\A0004841.exe/noname.nsis/file4617 (Error whilst scanning file: I/O Error (0x00220005)) C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024346.exe (Infected with W32/Obfuscated.D2!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024347.exe (Infected with W32/Obfuscated.D2!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024348.exe (Infected with W32/Obfuscated.D2!genr) Deleted file C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024349.exe (Infected with W32/Obfuscated.D2!genr) Deleted file Scanning: postscan Running post-scan cleanup routine: Failed to locate shared service executable: C:\WINDOWS\system32\xzyhpi.dll Removed service: cmldof Failed to locate shared service executable: C:\WINDOWS\system32\xzyhpi.dll Removed service: hcvuhv Number of files found: 197317 Number of archives unpacked: 986 Number of files scanned: 197306 Number of files not scanned: 11 Number of files skipped due to exclude list: 0 Number of infected files found: 25 Number of infected files repaired/deleted: 25 Number of infections removed: 25 Total scanning time: 1h 13m 49s vlw Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 28, 2010 :seta: Faça o download desta ferramenta abaixo: http://lop.com/new_uninstall.exe Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro. Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando. _____________________________________ :seta: Siga as dicas deste tutorial: http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-lop-s-d.html '>Tutorial do Lop S&D No final será gerado um log que estará em C:\lopR.txt _____________________________________ :seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet: Faça o download do ComboFix Salve-o no Desktop (área de trabalho). * Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! ) * Feche todas as janelas e execute a ferramenta. * Ps: A execução, por comando, também é possível: * Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall * Clique em Ok. * Na solicitação: "Negação de garantia de software" --> Clique em Sim. * Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo. * Terminando,clique Sim ou Yes. --> Aguarde. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX :!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download. * Salve-a no Desktop,renomeada como: Kombo.exe * Ps: Nomeie durante o salvamento,e não após salvá-la! * Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link! * Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: * Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos. * Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! * Ps: Para evitar problemas, siga todas as recomendações propostas. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX * Abrir-se-á a janela Auto Scan. --> Aguarde! * Para finalizar remoções, o ComboFix poderá reiniciar o computador. * Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! * Durante o scan, evite manusear o mouse ou teclado! <-- Importante! * Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter. <><><><><><><><><><><><> Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log que estará em C:\lopR.txt e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
chubes 0 Denunciar post Postado Janeiro 29, 2010 Log do combo (obs ele nao pediu para reiniciar) ComboFix 10-01-28.04 - SIMONE 28/01/2010 22:39:07.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.623 [GMT -2:00] Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\SIMONE\Dados de aplicativos\.# c:\documents and settings\SIMONE\Dados de aplicativos\Desktopicon c:\documents and settings\SIMONE\Dados de aplicativos\Desktopicon\mc.ico c:\windows\system32\31f37ca2-b91c-a392-0c46-01edbd2d0584.exe c:\windows\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll c:\windows\system32\DROPPEDFILEOK.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))) . 2010-01-29 00:14 . 2010-01-29 00:18 -------- d-----w- C:\Lop SD 2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET 2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva 2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack 2010-01-27 00:45 . 2010-01-27 14:06 -------- d-----w- C:\OutputFolder 2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll 2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter 2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll 2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic 2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit 2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira 2010-01-12 02:33 . 2010-01-13 23:40 -------- d-----w- c:\arquivos de programas\DreaMule 2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller 2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative 2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018 2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe 2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-29 00:27 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor 2010-01-29 00:26 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t 2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t 2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google 2010-01-27 14:06 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire 2010-01-27 00:46 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule 2010-01-26 16:07 . 2009-06-23 01:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-26 01:50 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real 2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX 2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX 2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza 2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared 2010-01-21 18:18 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo 2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat 2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat 2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit 2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent 2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer 2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime 2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared 2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony 2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-12-03 02:03 . 2009-12-03 02:01 -------- d-----w- c:\arquivos de programas\Kodak 2009-12-03 02:02 . 2009-12-03 02:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Kodak 2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe 2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe 2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe 2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe 2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll 2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kodak 2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE . ------- Sigcheck ------- [-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776] "nwiz"="nwiz.exe" [2008-01-08 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920] "Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK] path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2009-08-06 00:48 647520 ----a-w- c:\arquivos de programas\Windows Live\Family Safety\fsui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] 2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3603:TCP"= 3603:TCP:rivtsmh R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/1/2009 14:41 54752] S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?] S3 XDva258;XDva258;\??\c:\windows\system32\XDva258.sys --> c:\windows\system32\XDva258.sys [?] S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs cmldof hcvuhv . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20] . . ------- Scan Suplementar ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ketsujin.com\fighterace Trusted Zone: ketsujin.com\primary Trusted Zone: ketsujin.com\update Trusted Zone: ketsujin.com\www Trusted Zone: stormofaces.com\www FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\ FF - prefs.js: browser.search.defaulturl - 4.6.6.2 FF - prefs.js: browser.search.selectedEngine - 4.6.6.2 FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - prefs.js: keyword.URL - 4.6.6.2 FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.defaultenginename - 4.6.6.2 FF - user.js: browser.search.defaulturl - 4.6.6.2 FF - user.js: browser.search.selectedEngine - 4.6.6.2 FF - user.js: keyword.URL - 4.6.6.2 FF - user.js: keyword.enabled - true c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORFÃOS REMOVIDOS - - - - BHO-{53082ce2-5306-b270-9a1c-6ce617f0e5e1} - c:\windows\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-Active Captions - c:\arquivos de programas\Shelltoys\Active Captions\activecaptions.exe MSConfigStartUp-COMODO Internet Security - c:\arquivos de programas\COMODO\COMODO Internet Security\cfp.exe MSConfigStartUp-Google Update - c:\documents and settings\SIMONE\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe MSConfigStartUp-Orb - c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe MSConfigStartUp-QuickTime Task - c:\arquivos de programas\QuickTime\qttask.exe MSConfigStartUp-Shareaza - c:\arquivos de programas\Shareaza\Shareaza.exe MSConfigStartUp-swg - c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-31f37ca2-b91c-a392-0c46-01edbd2d0584 - c:\windows\system32\31f37ca2-b91c-a392-0c46-01edbd2d0584.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 22:49 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1, 10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\ "??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(3568) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\windows\system32\mmrtkrnl.exe . ************************************************************************** . Tempo para conclusão: 2010-01-28 22:56:15 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-01-29 00:56 Pré-execução: 18 pasta(s) 114.892.410.880 bytes disponíveis Pós execução: 22 pasta(s) 114.786.144.256 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 07B9CB56E04F70B8614ABB726D05D502 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Lop log --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 01/30/08 10:01:36 Ver: 08.00.10 USER : SIMONE ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:149 Go (Free:106 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( qui 28/01/2010|22:15 ) --------------------\\ Lista de pastas em DADOSD~1 [07/09/2009|21:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe [20/07/2009|23:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\AlcaTech [04/06/2009|21:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple [25/01/2010|22:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer [22/01/2010|15:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira [02/07/2008|22:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink [24/09/2009|12:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink [30/07/2009|09:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google [06/06/2008|21:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Hewlett-Packard [06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP [06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant [05/07/2008|22:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HPSSUPPLY [21/09/2009|19:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield [19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab [19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files [03/12/2009|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak [10/07/2009|00:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft [08/01/2010|12:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes [11/09/2009|12:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee [10/09/2009|23:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee Security Scan [26/01/2010|14:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus! [19/08/2009|22:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft [06/06/2008|12:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero [22/01/2010|15:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Norton [09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NortonInstaller [14/10/2008|20:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles [09/03/2009|22:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Tools [25/01/2010|23:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real [27/02/2009|20:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype [10/07/2009|18:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy [22/01/2009|21:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com [09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec [28/01/2010|21:59] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP [21/09/2009|19:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Trymedia [06/06/2008|21:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WEBREG [09/08/2008|23:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage [14/01/2009|12:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller [06/06/2008|11:28] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft [11/11/2008|09:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe [11/11/2008|09:35] C:\DOCUME~1\LOCALS~1\DADOSD~1\Google [11/11/2008|09:37] C:\DOCUME~1\LOCALS~1\DADOSD~1\GrabPro [07/11/2009|16:44] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft [16/12/2008|15:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\HPAppData [07/11/2009|16:44] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft [22/09/2008|17:44] C:\DOCUME~1\SIMONE\DADOSD~1\.# [15/10/2009|17:16] C:\DOCUME~1\SIMONE\DADOSD~1\.bsnes [09/06/2008|11:16] C:\DOCUME~1\SIMONE\DADOSD~1\Adobe [02/10/2008|22:55] C:\DOCUME~1\SIMONE\DADOSD~1\Ahead [20/07/2009|23:06] C:\DOCUME~1\SIMONE\DADOSD~1\AlcaTech [09/01/2010|20:44] C:\DOCUME~1\SIMONE\DADOSD~1\Apple Computer [19/11/2009|21:50] C:\DOCUME~1\SIMONE\DADOSD~1\Audacity [10/01/2009|12:24] C:\DOCUME~1\SIMONE\DADOSD~1\CB Model Pro [02/07/2008|22:21] C:\DOCUME~1\SIMONE\DADOSD~1\CyberLink [08/01/2010|14:12] C:\DOCUME~1\SIMONE\DADOSD~1\Desktopicon [25/01/2010|22:51] C:\DOCUME~1\SIMONE\DADOSD~1\DivX [11/01/2009|16:18] C:\DOCUME~1\SIMONE\DADOSD~1\Enterbrain [31/07/2009|01:05] C:\DOCUME~1\SIMONE\DADOSD~1\flightgear.org [31/07/2009|00:53] C:\DOCUME~1\SIMONE\DADOSD~1\fltk.org [08/09/2009|20:26] C:\DOCUME~1\SIMONE\DADOSD~1\Google [15/06/2008|20:35] C:\DOCUME~1\SIMONE\DADOSD~1\GrabPro [19/01/2009|14:56] C:\DOCUME~1\SIMONE\DADOSD~1\Greyfirst [20/01/2009|19:31] C:\DOCUME~1\SIMONE\DADOSD~1\gtk-2.0 [12/09/2008|13:40] C:\DOCUME~1\SIMONE\DADOSD~1\Help [06/06/2008|21:31] C:\DOCUME~1\SIMONE\DADOSD~1\HP [06/06/2008|21:27] C:\DOCUME~1\SIMONE\DADOSD~1\HPAppData [06/06/2008|11:34] C:\DOCUME~1\SIMONE\DADOSD~1\Identities [04/10/2008|21:45] C:\DOCUME~1\SIMONE\DADOSD~1\InstallShield [19/08/2008|19:59] C:\DOCUME~1\SIMONE\DADOSD~1\Kazaa Lite [25/01/2009|21:10] C:\DOCUME~1\SIMONE\DADOSD~1\KompoZer [04/10/2008|21:54] C:\DOCUME~1\SIMONE\DADOSD~1\LG Electronics [27/01/2010|12:06] C:\DOCUME~1\SIMONE\DADOSD~1\LimeWire [06/06/2008|13:30] C:\DOCUME~1\SIMONE\DADOSD~1\Macromedia [08/01/2010|12:37] C:\DOCUME~1\SIMONE\DADOSD~1\Malwarebytes [25/01/2010|22:50] C:\DOCUME~1\SIMONE\DADOSD~1\Media Player Classic [13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\Microsoft [03/07/2009|16:09] C:\DOCUME~1\SIMONE\DADOSD~1\Mozilla [09/07/2009|23:07] C:\DOCUME~1\SIMONE\DADOSD~1\Opera [13/01/2010|22:31] C:\DOCUME~1\SIMONE\DADOSD~1\Orbit [29/07/2009|23:24] C:\DOCUME~1\SIMONE\DADOSD~1\PC Tools [08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Publish Providers [25/01/2010|23:35] C:\DOCUME~1\SIMONE\DADOSD~1\Real [26/12/2008|23:19] C:\DOCUME~1\SIMONE\DADOSD~1\Remere's Map Editor [07/01/2009|16:04] C:\DOCUME~1\SIMONE\DADOSD~1\Scirra [30/07/2009|12:30] C:\DOCUME~1\SIMONE\DADOSD~1\SecuROM [25/01/2010|20:53] C:\DOCUME~1\SIMONE\DADOSD~1\Shareaza [23/06/2009|17:18] C:\DOCUME~1\SIMONE\DADOSD~1\Skype [23/06/2009|17:08] C:\DOCUME~1\SIMONE\DADOSD~1\skypePM [08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Sony [04/01/2009|20:54] C:\DOCUME~1\SIMONE\DADOSD~1\sqlitestudio [06/06/2008|12:56] C:\DOCUME~1\SIMONE\DADOSD~1\Sun [23/01/2009|23:00] C:\DOCUME~1\SIMONE\DADOSD~1\SUPERAntiSpyware.com [30/07/2009|17:38] C:\DOCUME~1\SIMONE\DADOSD~1\Symantec [31/10/2008|21:22] C:\DOCUME~1\SIMONE\DADOSD~1\SynopseInfo [12/12/2009|19:35] C:\DOCUME~1\SIMONE\DADOSD~1\Tibia [13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\uTorrent [30/09/2008|11:44] C:\DOCUME~1\SIMONE\DADOSD~1\Winamp [16/09/2008|11:39] C:\DOCUME~1\SIMONE\DADOSD~1\WinRAR --------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks [28/01/2010 17:45][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [28/01/2010 22:00][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [10/01/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job [25/01/2010 20:41][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [15/01/2010 23:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [28/01/2010 21:59][--ah-----] C:\WINDOWS\tasks\SA.DAT [21/07/2007 19:40][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ MsgPlus SPONSOR INSTALLED ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin] "SponsorInstalled"=dword:00000000 --------------------\\ Lista de pastas em C:\Arquivos de programas [11/06/2009|22:48] C:\Arquivos de programas\1.023. Web.informations [28/01/2010|14:51] C:\Arquivos de programas\1.02t [07/06/2009|13:39] C:\Arquivos de programas\3D Canvas 6 [30/07/2009|15:57] C:\Arquivos de programas\7-Zip [07/09/2009|21:54] C:\Arquivos de programas\Adobe [26/01/2010|22:54] C:\Arquivos de programas\Allok MOV Converter [06/08/2008|19:23] C:\Arquivos de programas\Alwil Software [04/06/2009|21:23] C:\Arquivos de programas\Apple Software Update [25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns [07/06/2009|13:39] C:\Arquivos de programas\Asprate [01/11/2009|20:48] C:\Arquivos de programas\AVG [22/01/2010|15:20] C:\Arquivos de programas\Avira [10/07/2009|01:00] C:\Arquivos de programas\CCleaner [11/08/2009|12:59] C:\Arquivos de programas\COMODO [06/06/2008|11:25] C:\Arquivos de programas\ComPlus Applications [23/01/2010|20:47] C:\Arquivos de programas\Conduit [06/06/2008|12:31] C:\Arquivos de programas\CyberLink [13/12/2009|00:54] C:\Arquivos de programas\CZ-Doc2Pdf COM [25/01/2010|22:48] C:\Arquivos de programas\DivX [13/01/2010|21:40] C:\Arquivos de programas\DreaMule [02/07/2008|19:34] C:\Arquivos de programas\DVD Shrink [26/01/2010|22:46] C:\Arquivos de programas\eMule [28/01/2010|16:27] C:\Arquivos de programas\ESET [07/10/2008|19:46] C:\Arquivos de programas\Gadwin Systems [27/01/2010|12:48] C:\Arquivos de programas\Google [06/06/2008|21:25] C:\Arquivos de programas\Hewlett-Packard [06/06/2008|21:27] C:\Arquivos de programas\HP [13/01/2010|21:59] C:\Arquivos de programas\InstallShield Installation Information [06/06/2008|11:44] C:\Arquivos de programas\Intel [09/01/2010|20:19] C:\Arquivos de programas\Internet Explorer [19/11/2008|16:11] C:\Arquivos de programas\Java [25/01/2010|23:28] C:\Arquivos de programas\K-Lite Codec Pack [03/12/2009|00:03] C:\Arquivos de programas\Kodak [04/01/2009|19:02] C:\Arquivos de programas\Kwyshell [20/11/2009|13:49] C:\Arquivos de programas\Lavalys [10/07/2009|00:25] C:\Arquivos de programas\Lavasoft [04/10/2008|21:48] C:\Arquivos de programas\LG Electronics [23/07/2009|23:44] C:\Arquivos de programas\LG PC Suite 2 [07/01/2010|15:59] C:\Arquivos de programas\LimeWire [08/01/2010|12:37] C:\Arquivos de programas\Malwarebytes' Anti-Malware [21/01/2010|16:18] C:\Arquivos de programas\Megacubo [23/07/2009|23:44] C:\Arquivos de programas\Messenger [25/01/2010|23:50] C:\Arquivos de programas\Messenger Plus! Live [22/06/2009|21:35] C:\Arquivos de programas\MessengerPlus! 3 [13/07/2009|23:10] C:\Arquivos de programas\Microsoft [11/11/2008|12:14] C:\Arquivos de programas\microsoft frontpage [06/06/2008|12:53] C:\Arquivos de programas\Microsoft Office [17/11/2009|19:49] C:\Arquivos de programas\Microsoft Office Outlook Connector [17/11/2009|19:49] C:\Arquivos de programas\Microsoft Silverlight [11/10/2008|00:23] C:\Arquivos de programas\Microsoft SQL Server Compact Edition [13/07/2009|23:09] C:\Arquivos de programas\Microsoft Sync Framework [06/06/2008|12:53] C:\Arquivos de programas\Microsoft Visual Studio [06/06/2008|12:53] C:\Arquivos de programas\Microsoft Works [06/06/2008|12:53] C:\Arquivos de programas\Microsoft.NET [06/06/2008|11:26] C:\Arquivos de programas\Movie Maker [22/01/2010|14:22] C:\Arquivos de programas\Mozilla Firefox [06/06/2008|11:24] C:\Arquivos de programas\MSN Gaming Zone [19/09/2008|17:07] C:\Arquivos de programas\MSN Messenger [06/06/2008|11:28] C:\Arquivos de programas\MSXML 4.0 [06/06/2008|11:28] C:\Arquivos de programas\MSXML 6.0 [22/09/2008|17:45] C:\Arquivos de programas\MSXML 7.0 [28/01/2010|15:06] C:\Arquivos de programas\Mu C.A Brasil 1.02t [06/06/2008|12:36] C:\Arquivos de programas\Nero [23/09/2009|19:16] C:\Arquivos de programas\NetMeeting [23/07/2009|20:44] C:\Arquivos de programas\No-IP [02/09/2008|20:30] C:\Arquivos de programas\Now3D [31/07/2009|00:24] C:\Arquivos de programas\OpenAL [22/08/2009|19:07] C:\Arquivos de programas\Opera [28/10/2009|20:41] C:\Arquivos de programas\Orban [06/06/2008|11:26] C:\Arquivos de programas\Outlook Express [09/01/2010|20:43] C:\Arquivos de programas\QuickTime [25/01/2010|22:48] C:\Arquivos de programas\QuickTime Alternative [15/06/2008|20:21] C:\Arquivos de programas\Real [06/06/2008|11:52] C:\Arquivos de programas\Realtek [19/05/2009|17:25] C:\Arquivos de programas\Red Storm Entertainment [30/07/2009|09:44] C:\Arquivos de programas\Remere's Map Editor [20/11/2009|14:40] C:\Arquivos de programas\Security Process Explorer [06/06/2008|11:27] C:\Arquivos de programas\Servi‡os on-line [27/02/2009|20:22] C:\Arquivos de programas\Skype [07/12/2009|23:57] C:\Arquivos de programas\Sony Setup [31/10/2008|21:28] C:\Arquivos de programas\SoquelSoft [22/01/2010|00:02] C:\Arquivos de programas\Spyware Doctor [19/11/2008|16:12] C:\Arquivos de programas\Sun [17/12/2009|16:51] C:\Arquivos de programas\SystemRequirementsLab [11/11/2008|09:31] C:\Arquivos de programas\ThreatFire [12/12/2009|19:35] C:\Arquivos de programas\Tibia [30/07/2009|13:09] C:\Arquivos de programas\Ubisoft [30/07/2009|12:16] C:\Arquivos de programas\UltraISO [25/09/2009|10:24] C:\Arquivos de programas\Uninstall Information [22/08/2009|19:03] C:\Arquivos de programas\Valve [22/08/2009|18:57] C:\Arquivos de programas\Winamp [19/08/2009|22:53] C:\Arquivos de programas\Windows Defender [17/11/2009|19:47] C:\Arquivos de programas\Windows Live [14/01/2009|14:38] C:\Arquivos de programas\Windows Live SkyDrive [10/08/2008|23:53] C:\Arquivos de programas\Windows Media Connect 2 [10/08/2008|13:16] C:\Arquivos de programas\Windows Media Player [06/06/2008|11:24] C:\Arquivos de programas\Windows NT [06/06/2008|11:27] C:\Arquivos de programas\WindowsUpdate [25/07/2009|00:54] C:\Arquivos de programas\WinRAR [11/11/2008|12:14] C:\Arquivos de programas\xerox [06/06/2008|15:10] C:\Arquivos de programas\Yahoo! [24/01/2009|11:24] C:\Arquivos de programas\YourWare Solutions [10/07/2009|17:56] C:\Arquivos de programas\Zone Labs --------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns [07/09/2009|21:54] C:\Arquivos de programas\Arquivos comuns\Adobe [06/06/2008|12:37] C:\Arquivos de programas\Arquivos comuns\Ahead [09/01/2010|20:38] C:\Arquivos de programas\Arquivos comuns\Apple [09/01/2010|00:02] C:\Arquivos de programas\Arquivos comuns\DESIGNER [14/08/2008|12:48] C:\Arquivos de programas\Arquivos comuns\DirectX [09/01/2010|20:12] C:\Arquivos de programas\Arquivos comuns\DivX Shared [30/07/2009|12:16] C:\Arquivos de programas\Arquivos comuns\EZB Systems [06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard [06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\HP [21/09/2009|19:18] C:\Arquivos de programas\Arquivos comuns\InstallShield [06/06/2008|12:56] C:\Arquivos de programas\Arquivos comuns\Java [03/12/2009|00:02] C:\Arquivos de programas\Arquivos comuns\Kodak [13/07/2009|23:06] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared [06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\MSSoap [06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\ODBC [29/07/2009|23:26] C:\Arquivos de programas\Arquivos comuns\PC Tools [25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\Real [06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\Servi‡os [27/02/2009|20:22] C:\Arquivos de programas\Arquivos comuns\Skype [06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\SpeechEngines [22/01/2010|15:11] C:\Arquivos de programas\Arquivos comuns\Symantec Shared [11/10/2008|00:27] C:\Arquivos de programas\Arquivos comuns\System [19/09/2008|15:46] C:\Arquivos de programas\Arquivos comuns\Windows Live [25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\xing shared --------------------\\ Process ( 37 Processes ) ... OK ! --------------------\\ Procura pelo S_Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura no Registro ..... OK ! --------------------\\ Verificando o Arquivos/Ficheiros Hosts Arquivos/Ficheiros Hosts LIMPO --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-28 22:16:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Procurando por outras infecções --------------------\\ Cracks & Keygens .. C:\DOCUME~1\SIMONE\Favoritos\alex\http--www.freedownloadbr.net-2008-08-kaspersky-2009-crack-traduo-pedido.html.url C:\DOCUME~1\SIMONE\Favoritos\Links\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url C:\DOCUME~1\SIMONE\Favoritos\programas\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url C:\DOCUME~1\SIMONE\Meus documentos\ImTOO Software Studio\MOV Converter\crack.js C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\EA Keygen.exe C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\speed2.exe C:\DOCUME~1\SIMONE\Meus documentos\Xilisoft Corporation\HD Video Converter\crack.js [F:74][D:9]-> C:\DOCUME~1\SIMONE\CONFIG~1\Temp [F:42][D:0]-> C:\DOCUME~1\SIMONE\Cookies [F:958][D:4]-> C:\DOCUME~1\SIMONE\CONFIG~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - qui 28/01/2010|22:18 - Option : [1] --------------------\\ Verificação completa em 22:18:12 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.... Hjjackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:04:49, on 28/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: ThreatFire - Unknown owner - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe (file missing) -- End of file - 9563 bytes ___________ vlw Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Janeiro 29, 2010 :seta: Acesse o site http://www.virustotal.com/ '>Virus Total e envie estes arquivos destacados em vermelho abaixo para serem analisados: c:\windows\PSEXESVC.EXE c:\windows\system32\drivers\sabtb.sys c:\windows\system32\XDva258.sys Se aparecer uma mensagem dizendo que o arquivo já foi analisado, peça para analisar novamente. Aguarde a conclusão da análise e copie o link que aparecerá na barra de endereços do seu navegador e poste estes links na sua próxima resposta juntamente com os outros logs pedidos. Caso não seja possível visualizar os arquivos acima, faça o seguinte: # Vá no menu: Iniciar > Painel de Controle > Opções de Pasta # Selecione a aba Modo de exibição # Selecione o botão Mostrar pastas e arquivos ocultos # Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado) # Clique em OK Aí depois disto tente novamente enviar os arquivos para análise no site Virus Total. Se o site Virus Total estiver muito congestionado ou com algum problema, envie os arquivos para serem analisados nestes sites abaixo: http://virscan.org/ http://virusscan.jotti.org/ http://www.viruschief.com/ ____________________________________ :seta: Você conhece esta porta abaixo aberta que está aberta em seu firewal? [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3603:TCP"= 3603:TCP:rivtsmh ____________________________________ :seta: Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt NetSvc:: cmldof hcvuhv Driver:: cmldof hcvuhv Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo: O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. ___________________________________ :seta: No log do Lop S&D está constando que você usou apenas a opção 1, que é a de procura pelos problemas. Execute novamente o Lop S&D e escolha a opção 2 para usar a opção Remoção + Hosts e pressione a tecla Enter, como mostra esta imagem: O log será criado em C:\LopR.txt ____________________________________ :seta: Siga, por gentileza as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor: Tutorial do Spyware Doctor Starter Edition Tutorial do antivírus BitDefender Online ___________________________________ :seta: Na sua próxima resposta poste este log do BitDefender Online que estará em C:\Windows\BDOSCAN8\bdoscan.log juntamente com um novo log do Hijackthis, o log do Spyware Doctor, o log que estará em C:\LopR.txt, o log que estará em C:\ComboFix.txt, os links das análises dos arquivos no site Virus Total e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
chubes 0 Denunciar post Postado Janeiro 31, 2010 Bitscan [General] App = "楂䑴晥湥敤湏楬敮匠慣湮牥 v8" Date = 30:01:2010 Time = 21:53:52 Scan Path = A:\;C:\;D:\;E:\; [Engines Info] Virus Definitions = 4940874 Engine build = "AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)" Scan plugins = 17 Archive plugins = 44 Unpack plugins = 8 E-mail plugins = 6 System plugins = 4 [scan Statistics] Folders = 6479 Files = 259660 Archives = 3269 Packed files = 14861 Identified viruses = 0 Infected files = 0 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 0 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 29 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = *; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000000 = "No problems found." <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:05, on 31/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe C:\Arquivos de programas\Spyware Doctor\pctsTray.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe C:\Arquivos de programas\Spyware Doctor\sdloader.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe -- End of file - 11032 bytes <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Lop ------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz ) BIOS : BIOS Date: 01/30/08 10:01:36 Ver: 08.00.10 USER : SIMONE ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:149 Go (Free:106 Go) D:\ (CD or DVD) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( --- 29/01/2010|14:34 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Lista de pastas em DADOSD~1 [07/09/2009|21:54] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Adobe [20/07/2009|23:05] C:\DOCUME~1\ALLUSE~1\DADOSD~1\AlcaTech [04/06/2009|21:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple [25/01/2010|22:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Apple Computer [22/01/2010|15:20] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Avira [02/07/2008|22:21] C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink [24/09/2009|12:47] C:\DOCUME~1\ALLUSE~1\DADOSD~1\DVD Shrink [30/07/2009|09:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Google [06/06/2008|21:30] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Hewlett-Packard [06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP [06/06/2008|21:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP Product Assistant [05/07/2008|22:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\HPSSUPPLY [21/09/2009|19:23] C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallShield [19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab [19/08/2009|22:58] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab Setup Files [03/12/2009|00:00] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kodak [10/07/2009|00:25] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Lavasoft [08/01/2010|12:37] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Malwarebytes [11/09/2009|12:02] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee [10/09/2009|23:18] C:\DOCUME~1\ALLUSE~1\DADOSD~1\McAfee Security Scan [26/01/2010|14:07] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus! [19/08/2009|22:53] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Microsoft [06/06/2008|12:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Nero [22/01/2010|15:11] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Norton [09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\NortonInstaller [14/10/2008|20:43] C:\DOCUME~1\ALLUSE~1\DADOSD~1\nView_Profiles [09/03/2009|22:10] C:\DOCUME~1\ALLUSE~1\DADOSD~1\PC Tools [25/01/2010|23:40] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real [27/02/2009|20:22] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Skype [10/07/2009|18:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy [22/01/2009|21:42] C:\DOCUME~1\ALLUSE~1\DADOSD~1\SUPERAntiSpyware.com [09/01/2010|23:12] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Symantec [28/01/2010|22:26] C:\DOCUME~1\ALLUSE~1\DADOSD~1\TEMP [21/09/2009|19:36] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Trymedia [06/06/2008|21:31] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WEBREG [09/08/2008|23:19] C:\DOCUME~1\ALLUSE~1\DADOSD~1\Windows Genuine Advantage [14/01/2009|12:08] C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller [06/06/2008|11:28] C:\DOCUME~1\DEFAUL~1\DADOSD~1\Microsoft [11/11/2008|09:36] C:\DOCUME~1\LOCALS~1\DADOSD~1\Adobe [11/11/2008|09:35] C:\DOCUME~1\LOCALS~1\DADOSD~1\Google [11/11/2008|09:37] C:\DOCUME~1\LOCALS~1\DADOSD~1\GrabPro [07/11/2009|16:44] C:\DOCUME~1\LOCALS~1\DADOSD~1\Microsoft [16/12/2008|15:48] C:\DOCUME~1\NETWOR~1\DADOSD~1\HPAppData [07/11/2009|16:44] C:\DOCUME~1\NETWOR~1\DADOSD~1\Microsoft [15/10/2009|17:16] C:\DOCUME~1\SIMONE\DADOSD~1\.bsnes [09/06/2008|11:16] C:\DOCUME~1\SIMONE\DADOSD~1\Adobe [02/10/2008|22:55] C:\DOCUME~1\SIMONE\DADOSD~1\Ahead [20/07/2009|23:06] C:\DOCUME~1\SIMONE\DADOSD~1\AlcaTech [09/01/2010|20:44] C:\DOCUME~1\SIMONE\DADOSD~1\Apple Computer [19/11/2009|21:50] C:\DOCUME~1\SIMONE\DADOSD~1\Audacity [10/01/2009|12:24] C:\DOCUME~1\SIMONE\DADOSD~1\CB Model Pro [02/07/2008|22:21] C:\DOCUME~1\SIMONE\DADOSD~1\CyberLink [25/01/2010|22:51] C:\DOCUME~1\SIMONE\DADOSD~1\DivX [11/01/2009|16:18] C:\DOCUME~1\SIMONE\DADOSD~1\Enterbrain [31/07/2009|01:05] C:\DOCUME~1\SIMONE\DADOSD~1\flightgear.org [31/07/2009|00:53] C:\DOCUME~1\SIMONE\DADOSD~1\fltk.org [08/09/2009|20:26] C:\DOCUME~1\SIMONE\DADOSD~1\Google [15/06/2008|20:35] C:\DOCUME~1\SIMONE\DADOSD~1\GrabPro [19/01/2009|14:56] C:\DOCUME~1\SIMONE\DADOSD~1\Greyfirst [20/01/2009|19:31] C:\DOCUME~1\SIMONE\DADOSD~1\gtk-2.0 [12/09/2008|13:40] C:\DOCUME~1\SIMONE\DADOSD~1\Help [06/06/2008|21:31] C:\DOCUME~1\SIMONE\DADOSD~1\HP [06/06/2008|21:27] C:\DOCUME~1\SIMONE\DADOSD~1\HPAppData [06/06/2008|11:34] C:\DOCUME~1\SIMONE\DADOSD~1\Identities [04/10/2008|21:45] C:\DOCUME~1\SIMONE\DADOSD~1\InstallShield [19/08/2008|19:59] C:\DOCUME~1\SIMONE\DADOSD~1\Kazaa Lite [25/01/2009|21:10] C:\DOCUME~1\SIMONE\DADOSD~1\KompoZer [04/10/2008|21:54] C:\DOCUME~1\SIMONE\DADOSD~1\LG Electronics [27/01/2010|12:06] C:\DOCUME~1\SIMONE\DADOSD~1\LimeWire [06/06/2008|13:30] C:\DOCUME~1\SIMONE\DADOSD~1\Macromedia [08/01/2010|12:37] C:\DOCUME~1\SIMONE\DADOSD~1\Malwarebytes [25/01/2010|22:50] C:\DOCUME~1\SIMONE\DADOSD~1\Media Player Classic [13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\Microsoft [03/07/2009|16:09] C:\DOCUME~1\SIMONE\DADOSD~1\Mozilla [09/07/2009|23:07] C:\DOCUME~1\SIMONE\DADOSD~1\Opera [13/01/2010|22:31] C:\DOCUME~1\SIMONE\DADOSD~1\Orbit [29/07/2009|23:24] C:\DOCUME~1\SIMONE\DADOSD~1\PC Tools [08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Publish Providers [25/01/2010|23:35] C:\DOCUME~1\SIMONE\DADOSD~1\Real [26/12/2008|23:19] C:\DOCUME~1\SIMONE\DADOSD~1\Remere's Map Editor [07/01/2009|16:04] C:\DOCUME~1\SIMONE\DADOSD~1\Scirra [30/07/2009|12:30] C:\DOCUME~1\SIMONE\DADOSD~1\SecuROM [25/01/2010|20:53] C:\DOCUME~1\SIMONE\DADOSD~1\Shareaza [23/06/2009|17:18] C:\DOCUME~1\SIMONE\DADOSD~1\Skype [23/06/2009|17:08] C:\DOCUME~1\SIMONE\DADOSD~1\skypePM [08/12/2009|00:00] C:\DOCUME~1\SIMONE\DADOSD~1\Sony [04/01/2009|20:54] C:\DOCUME~1\SIMONE\DADOSD~1\sqlitestudio [06/06/2008|12:56] C:\DOCUME~1\SIMONE\DADOSD~1\Sun [23/01/2009|23:00] C:\DOCUME~1\SIMONE\DADOSD~1\SUPERAntiSpyware.com [30/07/2009|17:38] C:\DOCUME~1\SIMONE\DADOSD~1\Symantec [31/10/2008|21:22] C:\DOCUME~1\SIMONE\DADOSD~1\SynopseInfo [12/12/2009|19:35] C:\DOCUME~1\SIMONE\DADOSD~1\Tibia [13/01/2010|16:54] C:\DOCUME~1\SIMONE\DADOSD~1\uTorrent [30/09/2008|11:44] C:\DOCUME~1\SIMONE\DADOSD~1\Winamp [16/09/2008|11:39] C:\DOCUME~1\SIMONE\DADOSD~1\WinRAR --------------------\\ Tarefas Agendadas na pasta C:\WINDOWS\Tasks [29/01/2010 13:45][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [29/01/2010 14:32][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [10/01/2010 02:14][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job [15/01/2010 23:34][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [29/01/2010 14:32][--ah-----] C:\WINDOWS\tasks\SA.DAT [21/07/2007 19:40][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ MsgPlus SPONSOR INSTALLED ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin] "SponsorInstalled"=dword:00000000 --------------------\\ Lista de pastas em C:\Arquivos de programas [11/06/2009|22:48] C:\Arquivos de programas\1.023. Web.informations [28/01/2010|14:51] C:\Arquivos de programas\1.02t [07/06/2009|13:39] C:\Arquivos de programas\3D Canvas 6 [30/07/2009|15:57] C:\Arquivos de programas\7-Zip [07/09/2009|21:54] C:\Arquivos de programas\Adobe [26/01/2010|22:54] C:\Arquivos de programas\Allok MOV Converter [06/08/2008|19:23] C:\Arquivos de programas\Alwil Software [04/06/2009|21:23] C:\Arquivos de programas\Apple Software Update [29/01/2010|14:26] C:\Arquivos de programas\Arquivos comuns [07/06/2009|13:39] C:\Arquivos de programas\Asprate [01/11/2009|20:48] C:\Arquivos de programas\AVG [22/01/2010|15:20] C:\Arquivos de programas\Avira [10/07/2009|01:00] C:\Arquivos de programas\CCleaner [11/08/2009|12:59] C:\Arquivos de programas\COMODO [06/06/2008|11:25] C:\Arquivos de programas\ComPlus Applications [23/01/2010|20:47] C:\Arquivos de programas\Conduit [06/06/2008|12:31] C:\Arquivos de programas\CyberLink [13/12/2009|00:54] C:\Arquivos de programas\CZ-Doc2Pdf COM [25/01/2010|22:48] C:\Arquivos de programas\DivX [13/01/2010|21:40] C:\Arquivos de programas\DreaMule [02/07/2008|19:34] C:\Arquivos de programas\DVD Shrink [26/01/2010|22:46] C:\Arquivos de programas\eMule [28/01/2010|16:27] C:\Arquivos de programas\ESET [07/10/2008|19:46] C:\Arquivos de programas\Gadwin Systems [27/01/2010|12:48] C:\Arquivos de programas\Google [06/06/2008|21:25] C:\Arquivos de programas\Hewlett-Packard [06/06/2008|21:27] C:\Arquivos de programas\HP [13/01/2010|21:59] C:\Arquivos de programas\InstallShield Installation Information [06/06/2008|11:44] C:\Arquivos de programas\Intel [09/01/2010|20:19] C:\Arquivos de programas\Internet Explorer [19/11/2008|16:11] C:\Arquivos de programas\Java [25/01/2010|23:28] C:\Arquivos de programas\K-Lite Codec Pack [03/12/2009|00:03] C:\Arquivos de programas\Kodak [04/01/2009|19:02] C:\Arquivos de programas\Kwyshell [20/11/2009|13:49] C:\Arquivos de programas\Lavalys [10/07/2009|00:25] C:\Arquivos de programas\Lavasoft [04/10/2008|21:48] C:\Arquivos de programas\LG Electronics [23/07/2009|23:44] C:\Arquivos de programas\LG PC Suite 2 [07/01/2010|15:59] C:\Arquivos de programas\LimeWire [08/01/2010|12:37] C:\Arquivos de programas\Malwarebytes' Anti-Malware [21/01/2010|16:18] C:\Arquivos de programas\Megacubo [23/07/2009|23:44] C:\Arquivos de programas\Messenger [25/01/2010|23:50] C:\Arquivos de programas\Messenger Plus! Live [22/06/2009|21:35] C:\Arquivos de programas\MessengerPlus! 3 [13/07/2009|23:10] C:\Arquivos de programas\Microsoft [11/11/2008|12:14] C:\Arquivos de programas\microsoft frontpage [06/06/2008|12:53] C:\Arquivos de programas\Microsoft Office [17/11/2009|19:49] C:\Arquivos de programas\Microsoft Office Outlook Connector [17/11/2009|19:49] C:\Arquivos de programas\Microsoft Silverlight [11/10/2008|00:23] C:\Arquivos de programas\Microsoft SQL Server Compact Edition [13/07/2009|23:09] C:\Arquivos de programas\Microsoft Sync Framework [06/06/2008|12:53] C:\Arquivos de programas\Microsoft Visual Studio [06/06/2008|12:53] C:\Arquivos de programas\Microsoft Works [06/06/2008|12:53] C:\Arquivos de programas\Microsoft.NET [06/06/2008|11:26] C:\Arquivos de programas\Movie Maker [22/01/2010|14:22] C:\Arquivos de programas\Mozilla Firefox [06/06/2008|11:24] C:\Arquivos de programas\MSN Gaming Zone [19/09/2008|17:07] C:\Arquivos de programas\MSN Messenger [06/06/2008|11:28] C:\Arquivos de programas\MSXML 4.0 [06/06/2008|11:28] C:\Arquivos de programas\MSXML 6.0 [22/09/2008|17:45] C:\Arquivos de programas\MSXML 7.0 [28/01/2010|15:06] C:\Arquivos de programas\Mu C.A Brasil 1.02t [06/06/2008|12:36] C:\Arquivos de programas\Nero [23/09/2009|19:16] C:\Arquivos de programas\NetMeeting [23/07/2009|20:44] C:\Arquivos de programas\No-IP [02/09/2008|20:30] C:\Arquivos de programas\Now3D [31/07/2009|00:24] C:\Arquivos de programas\OpenAL [22/08/2009|19:07] C:\Arquivos de programas\Opera [28/10/2009|20:41] C:\Arquivos de programas\Orban [06/06/2008|11:26] C:\Arquivos de programas\Outlook Express [09/01/2010|20:43] C:\Arquivos de programas\QuickTime [25/01/2010|22:48] C:\Arquivos de programas\QuickTime Alternative [15/06/2008|20:21] C:\Arquivos de programas\Real [06/06/2008|11:52] C:\Arquivos de programas\Realtek [19/05/2009|17:25] C:\Arquivos de programas\Red Storm Entertainment [30/07/2009|09:44] C:\Arquivos de programas\Remere's Map Editor [20/11/2009|14:40] C:\Arquivos de programas\Security Process Explorer [06/06/2008|11:27] C:\Arquivos de programas\Servi‡os on-line [27/02/2009|20:22] C:\Arquivos de programas\Skype [07/12/2009|23:57] C:\Arquivos de programas\Sony Setup [31/10/2008|21:28] C:\Arquivos de programas\SoquelSoft [28/01/2010|22:27] C:\Arquivos de programas\Spyware Doctor [19/11/2008|16:12] C:\Arquivos de programas\Sun [17/12/2009|16:51] C:\Arquivos de programas\SystemRequirementsLab [11/11/2008|09:31] C:\Arquivos de programas\ThreatFire [12/12/2009|19:35] C:\Arquivos de programas\Tibia [30/07/2009|13:09] C:\Arquivos de programas\Ubisoft [30/07/2009|12:16] C:\Arquivos de programas\UltraISO [25/09/2009|10:24] C:\Arquivos de programas\Uninstall Information [22/08/2009|19:03] C:\Arquivos de programas\Valve [22/08/2009|18:57] C:\Arquivos de programas\Winamp [19/08/2009|22:53] C:\Arquivos de programas\Windows Defender [17/11/2009|19:47] C:\Arquivos de programas\Windows Live [14/01/2009|14:38] C:\Arquivos de programas\Windows Live SkyDrive [10/08/2008|23:53] C:\Arquivos de programas\Windows Media Connect 2 [10/08/2008|13:16] C:\Arquivos de programas\Windows Media Player [06/06/2008|11:24] C:\Arquivos de programas\Windows NT [06/06/2008|11:27] C:\Arquivos de programas\WindowsUpdate [25/07/2009|00:54] C:\Arquivos de programas\WinRAR [11/11/2008|12:14] C:\Arquivos de programas\xerox [06/06/2008|15:10] C:\Arquivos de programas\Yahoo! [24/01/2009|11:24] C:\Arquivos de programas\YourWare Solutions [10/07/2009|17:56] C:\Arquivos de programas\Zone Labs --------------------\\ Lista de pastas em C:\Arquivos de programas\Arquivos comuns [07/09/2009|21:54] C:\Arquivos de programas\Arquivos comuns\Adobe [06/06/2008|12:37] C:\Arquivos de programas\Arquivos comuns\Ahead [09/01/2010|20:38] C:\Arquivos de programas\Arquivos comuns\Apple [09/01/2010|00:02] C:\Arquivos de programas\Arquivos comuns\DESIGNER [14/08/2008|12:48] C:\Arquivos de programas\Arquivos comuns\DirectX [09/01/2010|20:12] C:\Arquivos de programas\Arquivos comuns\DivX Shared [30/07/2009|12:16] C:\Arquivos de programas\Arquivos comuns\EZB Systems [06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard [06/06/2008|21:25] C:\Arquivos de programas\Arquivos comuns\HP [21/09/2009|19:18] C:\Arquivos de programas\Arquivos comuns\InstallShield [06/06/2008|12:56] C:\Arquivos de programas\Arquivos comuns\Java [03/12/2009|00:02] C:\Arquivos de programas\Arquivos comuns\Kodak [13/07/2009|23:06] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared [06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\MSSoap [06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\ODBC [25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\Real [06/06/2008|11:26] C:\Arquivos de programas\Arquivos comuns\Servi‡os [27/02/2009|20:22] C:\Arquivos de programas\Arquivos comuns\Skype [06/06/2008|08:18] C:\Arquivos de programas\Arquivos comuns\SpeechEngines [22/01/2010|15:11] C:\Arquivos de programas\Arquivos comuns\Symantec Shared [11/10/2008|00:27] C:\Arquivos de programas\Arquivos comuns\System [19/09/2008|15:46] C:\Arquivos de programas\Arquivos comuns\Windows Live [25/01/2010|23:35] C:\Arquivos de programas\Arquivos comuns\xing shared --------------------\\ Process ( 37 Processes ) ... OK ! --------------------\\ Procura pelo S_Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop Não foram encontradas pastas com o Lop! --------------------\\ Procura no Registro ..... OK ! --------------------\\ Verificando o Arquivos/Ficheiros Hosts Arquivos/Ficheiros Hosts LIMPO --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-29 14:35:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Procurando por outras infecções --------------------\\ Cracks & Keygens .. C:\DOCUME~1\SIMONE\Favoritos\alex\http--www.freedownloadbr.net-2008-08-kaspersky-2009-crack-traduo-pedido.html.url C:\DOCUME~1\SIMONE\Favoritos\Links\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url C:\DOCUME~1\SIMONE\Favoritos\programas\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url C:\DOCUME~1\SIMONE\Meus documentos\ImTOO Software Studio\MOV Converter\crack.js C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\EA Keygen.exe C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\speed2.exe C:\DOCUME~1\SIMONE\Meus documentos\Xilisoft Corporation\HD Video Converter\crack.js [F:31][D:2]-> C:\DOCUME~1\SIMONE\CONFIG~1\Temp [F:9][D:0]-> C:\DOCUME~1\SIMONE\Cookies [F:6][D:4]-> C:\DOCUME~1\SIMONE\CONFIG~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - qui 28/01/2010|22:18 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - --- 29/01/2010|14:36 - Option : [2] --------------------\\ Verificação completa em 14:36:58 <<<<<<<<<<<<<<><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<><<<<<<<<<<<<<<<< combo (cara acho que esse é o recente, pois passei o combo e so voltei 1 dia depois) ComboFix 10-01-28.04 - SIMONE 29/01/2010 14:22:48.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.554 [GMT -2:00] Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\SIMONE\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((( Arquivos/Ficheiros criados de 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))) . 2010-01-29 00:14 . 2010-01-29 00:18 -------- d-----w- C:\Lop SD 2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET 2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva 2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack 2010-01-27 00:45 . 2010-01-27 14:06 -------- d-----w- C:\OutputFolder 2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll 2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter 2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll 2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic 2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit 2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira 2010-01-12 02:33 . 2010-01-13 23:40 -------- d-----w- c:\arquivos de programas\DreaMule 2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller 2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative 2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018 2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe 2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-29 00:27 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor 2010-01-29 00:26 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t 2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t 2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google 2010-01-27 14:06 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire 2010-01-27 00:46 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule 2010-01-26 16:07 . 2009-06-23 01:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-26 01:50 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real 2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX 2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX 2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza 2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared 2010-01-21 18:18 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo 2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat 2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat 2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit 2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent 2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer 2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime 2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared 2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony 2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-12-03 02:03 . 2009-12-03 02:01 -------- d-----w- c:\arquivos de programas\Kodak 2009-12-03 02:02 . 2009-12-03 02:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Kodak 2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe 2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe 2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe 2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe 2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll 2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Kodak 2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE . ------- Sigcheck ------- [-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776] "nwiz"="nwiz.exe" [2008-01-08 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920] "Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK] path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2009-08-06 00:48 647520 ----a-w- c:\arquivos de programas\Windows Live\Family Safety\fsui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] 2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3603:TCP"= 3603:TCP:rivtsmh R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/1/2009 14:41 54752] S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?] S3 XDva258;XDva258;\??\c:\windows\system32\XDva258.sys --> c:\windows\system32\XDva258.sys [?] S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20] . . ------- Scan Suplementar ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Trusted Zone: ketsujin.com\fighterace Trusted Zone: ketsujin.com\primary Trusted Zone: ketsujin.com\update Trusted Zone: ketsujin.com\www Trusted Zone: stormofaces.com\www FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\ FF - prefs.js: browser.search.defaulturl - 4.6.6.2 FF - prefs.js: browser.search.selectedEngine - 4.6.6.2 FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - prefs.js: keyword.URL - 4.6.6.2 FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.defaultenginename - 4.6.6.2 FF - user.js: browser.search.defaulturl - 4.6.6.2 FF - user.js: browser.search.selectedEngine - 4.6.6.2 FF - user.js: keyword.URL - 4.6.6.2 FF - user.js: keyword.enabled - true c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-29 14:27 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1, 10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\ "??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'explorer.exe'(2868) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2010-01-29 14:29:48 ComboFix-quarantined-files.txt 2010-01-29 16:29 ComboFix2.txt 2010-01-29 00:56 Pré-execução: 21 pasta(s) 114.705.895.424 bytes disponíveis Pós execução: 22 pasta(s) 114.673.782.784 bytes disponíveis - - End Of File - - 8FCFE6E5F0E983B0EF0F121B2AA61FDF <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>... LOG spyware doctor ficou mt grande, pois ele achou umas 100 infecções, ae deixei em quarentena e no outro dia deletei. se for necessario so dizer que dou um jeito de fazer upload por algum site do arquivo <<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> virus total: o site so conseguiu achar 1 arquivo, os outros 2 (que estavam so system32) nao foram encontrado, msm fazendo oq pediu, ir em opções da pasta>mode de exibição>etc http://www.virustotal.com/pt/analisis/f6bcc9e0e6a95706e7b636a001e57fc9c0fd1b5cbf6833d392e99e6fd97db03d-1264895863 >>>>>>>>>>>>>>> vlw cara Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Fevereiro 1, 2010 :seta: Você se esqueceu de responder esta pergunta que te fiz: Você conhece esta porta abaixo aberta que está aberta em seu firewal? [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3603:TCP"= 3603:TCP:rivtsmh ______________________________ :seta: Exclua o CFScript.txt que se encontra no Desktop. Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt File:: c:\windows\system32\XDva258.sys Driver:: XDva258 Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo: O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. ______________________________ --------------------\\ Cracks & Keygens .. C:\DOCUME~1\SIMONE\Favoritos\alex\http--www.freedownloadbr.net-2008-08-kaspersky-2009-crack-traduo-pedido.html.url C:\DOCUME~1\SIMONE\Favoritos\Links\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url C:\DOCUME~1\SIMONE\Favoritos\programas\Grupo Cacup‚ Kaspersky Anti-Virus 7.0.0.125 PT-BR + Keygen.url C:\DOCUME~1\SIMONE\Meus documentos\ImTOO Software Studio\MOV Converter\crack.js C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\EA Keygen.exe C:\DOCUME~1\SIMONE\Meus documentos\My ISO Files\crack\speed2.exe C:\DOCUME~1\SIMONE\Meus documentos\Xilisoft Corporation\HD Video Converter\crack.js :!: É muito importante desinstalar todos os programas crackeados ou pirateados que existam no seu PC, pois a enorme maioria destes programas contém virus e/ou malwares embutidos neles. Além disto, eles costumam conter vulnerabilidades que facilitam a invasão de seu computador. _______________________________ LOG spyware doctor ficou mt grande, pois ele achou umas 100 infecções, ae deixei em quarentena e no outro dia deletei. se for necessario so dizer que dou um jeito de fazer upload por algum site do arquivo :seta: Hospede ele em um site de sua preferência, como este abaixo por exemplo: http://www.badongo.com Aí é só postar o link de onde você hospedeu o log do Spyware Doctor juntamente com o log que estará em C:\ComboFix.txt e nos diga como está seu PC depois disto. Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
chubes 0 Denunciar post Postado Fevereiro 1, 2010 log spware doctor http://www.megaupload.com/?d=45VOZ7NV <<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>> log combo ComboFix 10-01-28.04 - SIMONE 01/02/2010 13:01:25.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.566 [GMT -2:00] Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\SIMONE\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FILE :: "c:\windows\system32\XDva258.sys" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XDVA258 -------\Service_XDva258 (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))) . 2010-01-30 22:05 . 2010-01-30 23:53 -------- d-----w- c:\windows\BDOSCAN8 2010-01-29 17:25 . 2009-11-12 12:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2010-01-29 17:25 . 2009-11-12 12:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2010-01-29 17:25 . 2009-11-12 12:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2010-01-29 17:25 . 2009-11-10 12:26 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-29 17:25 . 2009-11-10 12:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-29 17:25 . 2009-11-10 12:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-29 17:25 . 2009-11-10 12:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2010-01-29 17:25 . 2009-10-28 03:36 1152444 ----a-w- c:\windows\UDB.zip 2010-01-29 17:25 . 2008-11-26 14:08 131 ----a-w- c:\windows\IDB.zip 2010-01-29 16:43 . 2009-10-30 13:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-01-29 16:43 . 2009-11-09 13:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-01-29 16:43 . 2009-10-06 18:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-01-29 16:43 . 2010-01-29 16:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools 2010-01-29 16:43 . 2009-09-03 11:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-01-29 00:14 . 2010-01-29 16:36 -------- d-----w- C:\Lop SD 2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET 2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva 2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack 2010-01-27 00:45 . 2010-01-30 22:40 -------- d-----w- C:\OutputFolder 2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll 2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter 2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll 2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic 2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit 2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira 2010-01-12 02:33 . 2010-01-31 14:35 -------- d-----w- c:\arquivos de programas\DreaMule 2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller 2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative 2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018 2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe 2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 15:11 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-02-01 14:52 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor 2010-01-30 22:39 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule 2010-01-30 22:02 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire 2010-01-29 18:55 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo 2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t 2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t 2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google 2010-01-26 16:07 . 2009-06-23 01:13 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-26 01:50 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real 2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX 2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX 2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza 2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared 2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat 2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat 2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit 2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent 2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer 2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime 2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared 2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony 2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe 2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe 2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe 2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe 2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll 2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE . ------- Sigcheck ------- [-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776] "nwiz"="nwiz.exe" [2008-01-08 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920] "Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK] path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2009-08-06 00:48 647520 ----a-w- c:\arquivos de programas\Windows Live\Family Safety\fsui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] 2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3603:TCP"= 3603:TCP:rivtsmh R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/1/2010 14:43 207792] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [29/1/2010 15:25 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [29/1/2010 15:25 59664] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/1/2010 14:43 233136] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289] R2 Browser Defender Update Service;Browser Defender Update Service;c:\arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe [29/1/2010 15:25 112592] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14/1/2009 14:41 54752] S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?] S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104] S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe [5/8/2009 22:48 704864] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [29/1/2010 14:43 70408] S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [29/1/2010 14:43 359624] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [29/1/2010 15:25 33552] S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?] S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 LSP: c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll Trusted Zone: ketsujin.com\fighterace Trusted Zone: ketsujin.com\primary Trusted Zone: ketsujin.com\update Trusted Zone: ketsujin.com\www Trusted Zone: stormofaces.com\www FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\ FF - prefs.js: browser.search.defaulturl - 4.6.6.2 FF - prefs.js: browser.search.selectedEngine - 4.6.6.2 FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - prefs.js: keyword.URL - 4.6.6.2 FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.defaultenginename - 4.6.6.2 FF - user.js: browser.search.defaulturl - 4.6.6.2 FF - user.js: browser.search.selectedEngine - 4.6.6.2 FF - user.js: keyword.URL - 4.6.6.2 FF - user.js: keyword.enabled - true c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 13:11 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1, 10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\ "??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(840) c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\windows\system32\mmrtkrnl.exe c:\windows\system32\nvsvc32.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tempo para conclusão: 2010-02-01 13:17:47 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-02-01 15:17 ComboFix2.txt 2010-01-29 16:29 ComboFix3.txt 2010-01-29 00:56 Pré-execução: 21 pasta(s) 114.390.429.696 bytes disponíveis Pós execução: 22 pasta(s) 114.362.535.936 bytes disponíveis - - End Of File - - 8966EE2CBD96877FF2B3C54B98A01172 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> sobre essa porta aberta eu nao conheço nao. me explica como fecha-la? deletei aquelas pastas que contiam crack vlws Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Fevereiro 1, 2010 :seta: Exclua o CFScript.txt que está no Desktop. Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3603:TCP"=- Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo: O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso ele não reinicie automaticamente depois de um tempo, reinicie-o manualmente. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. __________________________________ :seta: Siga também as dicas deste tutorial: Tutorial do Kaspersky Virus Removal Tool Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e o log que estará em C:\ComboFix.txt e nos diga como está o seu Pc depois disto. Ficamos no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
chubes 0 Denunciar post Postado Fevereiro 2, 2010 combo ComboFix 10-01-28.04 - SIMONE 01/02/2010 19:48:46.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1023.379 [GMT -2:00] Executando de: c:\documents and settings\SIMONE\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\SIMONE\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . A cópia de c:\windows\system32\drivers\ntfs.sys foi encontrada e desinfectada Cópia restaurada de - c:\windows\ERDNT\cache\ntfs.sys . (((((((((((((((( Arquivos/Ficheiros criados de 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))) . 2010-02-01 16:45 . 2010-02-01 16:45 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2010-01-30 22:05 . 2010-01-30 23:53 -------- d-----w- c:\windows\BDOSCAN8 2010-01-29 17:25 . 2009-11-12 12:03 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys 2010-01-29 17:25 . 2009-11-12 12:03 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys 2010-01-29 17:25 . 2009-11-12 12:03 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys 2010-01-29 17:25 . 2009-11-10 12:26 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-29 17:25 . 2009-11-10 12:28 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-29 17:25 . 2009-11-10 12:28 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-29 17:25 . 2009-11-10 12:28 1640400 ----a-w- c:\windows\PCTBDCore.dll 2010-01-29 17:25 . 2009-10-28 03:36 1152444 ----a-w- c:\windows\UDB.zip 2010-01-29 17:25 . 2008-11-26 14:08 131 ----a-w- c:\windows\IDB.zip 2010-01-29 16:43 . 2009-10-30 13:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-01-29 16:43 . 2009-11-09 13:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-01-29 16:43 . 2009-10-06 18:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-01-29 16:43 . 2010-01-29 16:49 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools 2010-01-29 16:43 . 2009-09-03 11:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-01-29 00:14 . 2010-01-29 16:36 -------- d-----w- C:\Lop SD 2010-01-28 18:27 . 2010-01-28 18:27 -------- d-----w- c:\arquivos de programas\ESET 2010-01-27 15:35 . 2010-01-27 15:36 -------- d-----w- C:\LinhaDefensiva 2010-01-27 15:30 . 2010-01-27 15:32 -------- d-----w- C:\Hijack 2010-01-27 00:45 . 2010-01-30 22:40 -------- d-----w- C:\OutputFolder 2010-01-27 00:44 . 2006-09-26 15:57 28672 ----a-w- c:\windows\system32\AVEQT.dll 2010-01-27 00:44 . 2010-01-27 00:54 -------- d-----w- c:\arquivos de programas\Allok MOV Converter 2010-01-26 01:35 . 2010-01-26 01:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2010-01-26 01:29 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll 2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack 2010-01-26 00:50 . 2010-01-26 00:50 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Media Player Classic 2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\arquivos de programas\Conduit 2010-01-22 17:20 . 2009-03-30 11:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-22 17:20 . 2009-02-13 13:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-22 17:20 . 2009-02-13 13:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-01-22 17:20 . 2010-01-22 17:20 -------- d-----w- c:\arquivos de programas\Avira 2010-01-12 02:33 . 2010-01-31 14:35 -------- d-----w- c:\arquivos de programas\DreaMule 2010-01-10 01:12 . 2010-01-22 17:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Norton 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Symantec 2010-01-10 01:12 . 2010-01-10 01:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NortonInstaller 2010-01-09 22:44 . 2010-01-26 00:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2010-01-09 22:44 . 2010-01-26 00:48 -------- d-----w- c:\arquivos de programas\QuickTime Alternative 2010-01-09 22:38 . 2010-01-09 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple 2010-01-09 22:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2010-01-09 22:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-01-09 22:21 . 2010-01-09 22:22 -------- d-----w- C:\cf8c911bcffef712ad116d72c2cdf018 2010-01-09 02:02 . 2010-01-09 02:02 286720 ------w- c:\windows\Setup1.exe 2010-01-09 02:02 . 2010-01-09 02:02 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-01-08 14:37 . 2010-01-08 14:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-01-08 14:37 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:58 . 2010-01-07 17:59 -------- d-----w- c:\arquivos de programas\LimeWire . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 22:09 . 2008-06-16 14:12 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-02-01 20:33 . 2009-07-30 01:24 -------- d-----w- c:\arquivos de programas\Spyware Doctor 2010-02-01 17:08 . 2009-06-22 23:46 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2010-02-01 17:06 . 2008-09-19 19:07 -------- d-----w- c:\arquivos de programas\Windows Live 2010-01-30 22:39 . 2008-06-19 23:57 -------- d-----w- c:\arquivos de programas\eMule 2010-01-30 22:02 . 2009-07-03 18:08 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\LimeWire 2010-01-29 18:55 . 2009-11-02 00:42 -------- d-----w- c:\arquivos de programas\Megacubo 2010-01-28 17:06 . 2009-03-26 14:33 -------- d-----w- c:\arquivos de programas\Mu C.A Brasil 1.02t 2010-01-28 16:51 . 2009-03-10 14:15 -------- d-----w- c:\arquivos de programas\1.02t 2010-01-27 14:48 . 2008-06-06 15:31 -------- d-----w- c:\arquivos de programas\Google 2010-01-26 01:35 . 2008-06-15 22:21 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real 2010-01-26 01:34 . 2008-06-06 14:30 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-01-26 00:51 . 2008-10-04 23:53 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\DivX 2010-01-26 00:48 . 2008-10-04 23:47 -------- d-----w- c:\arquivos de programas\DivX 2010-01-25 22:53 . 2008-08-20 14:01 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Shareaza 2010-01-23 00:23 . 2009-06-15 21:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-22 17:11 . 2009-07-30 19:15 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Symantec Shared 2010-01-15 15:42 . 2007-07-21 21:40 76514 ----a-w- c:\windows\system32\perfc016.dat 2010-01-15 15:42 . 2007-07-21 21:40 445180 ----a-w- c:\windows\system32\perfh016.dat 2010-01-14 00:31 . 2008-06-15 22:31 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Orbit 2010-01-13 23:59 . 2008-06-06 13:52 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-01-13 18:54 . 2009-07-29 14:20 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\uTorrent 2010-01-09 22:44 . 2009-06-06 01:56 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Apple Computer 2010-01-09 22:43 . 2009-06-04 23:23 -------- d-----w- c:\arquivos de programas\QuickTime 2010-01-09 22:12 . 2009-11-23 22:58 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared 2009-12-17 18:51 . 2009-12-17 18:51 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab 2009-12-13 02:54 . 2009-12-13 02:53 -------- d-----w- c:\arquivos de programas\CZ-Doc2Pdf COM 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Tibia 2009-12-12 21:35 . 2009-12-12 21:35 -------- d-----w- c:\arquivos de programas\Tibia 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Publish Providers 2009-12-08 02:00 . 2009-12-08 02:00 -------- d-----w- c:\documents and settings\SIMONE\Dados de aplicativos\Sony 2009-12-08 01:57 . 2009-12-08 01:57 -------- d-----w- c:\arquivos de programas\Sony Setup 2009-12-03 02:00 . 2009-12-03 02:00 77824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\ESS\bindbins\BindBins.exe 2009-12-03 02:00 . 2009-12-03 02:00 14813832 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe 2009-12-03 02:00 . 2009-12-03 02:00 69632 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\Ksu\ksustop.exe 2009-12-03 02:00 . 2009-12-03 02:00 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\CCS\CCSStop.exe 2009-12-03 02:00 . 2009-12-03 02:00 983040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Kodak\EasyShareSetup\$SETUP_140010_2fe27b\EasyShrx.Dll 2009-11-15 18:51 . 2009-11-08 18:30 180488 ----a-w- c:\windows\PSEXESVC.EXE . ------- Sigcheck ------- [-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-09-02 . DB3AA410ED1228B9DF98C06549AE0763 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776] "nwiz"="nwiz.exe" [2008-01-08 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920] "Realtime Audio Engine"="mmrtkrnl.exe" [2008-06-23 70144] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\arquivos de programas\QuickTime Alternative\QTTask.exe" [2009-11-11 417792] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-01-26 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-21 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Software Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Software Kodak EasyShare.lnk backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^SIMONE^Menu Iniciar^Programas^Inicializar^Registration IL-2 Sturmovik 1946.LNK] path=c:\documents and settings\SIMONE\Menu Iniciar\Programas\Inicializar\Registration IL-2 Sturmovik 1946.LNK backup=c:\windows\pss\Registration IL-2 Sturmovik 1946.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 04:04 39792 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] 2007-07-02 08:15 495616 ----a-w- c:\arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-12 00:34 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-06 01:55 54832 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 12:21 1694208 ------w- c:\arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 18:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 18:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 18:10 56928 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-06-10 06:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-01-26 01:34 198160 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"= "c:\\Arquivos de programas\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Arquivos de programas\\eMule\\emule.exe"= "c:\\Arquivos de programas\\Megacubo\\megacubo.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3603:TCP"= 3603:TCP:rivtsmh R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [29/1/2010 14:43 207792] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [29/1/2010 15:25 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [29/1/2010 15:25 59664] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [29/1/2010 14:43 233136] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [22/1/2010 15:20 108289] R2 Browser Defender Update Service;Browser Defender Update Service;c:\arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe [29/1/2010 15:25 112592] S0 afhhg;afhhg;c:\windows\system32\drivers\sabtb.sys --> c:\windows\system32\drivers\sabtb.sys [?] S2 gupdate1ca79d6f28da7d4;Google Update Service (gupdate1ca79d6f28da7d4);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/12/2009 18:25 133104] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [29/1/2010 14:43 70408] S3 sdAuxService;PC Tools Auxiliary Service;c:\arquivos de programas\Spyware Doctor\pctsAuxs.exe [29/1/2010 14:43 359624] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [29/1/2010 15:25 33552] S3 ThreatFire;ThreatFire;c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service --> c:\arquivos de programas\Spyware Doctor\TFEngine\TFService.exe service [?] S4 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 20:19 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-12-10 20:25] 2010-01-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = local IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 LSP: c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll Trusted Zone: ketsujin.com\fighterace Trusted Zone: ketsujin.com\primary Trusted Zone: ketsujin.com\update Trusted Zone: ketsujin.com\www Trusted Zone: stormofaces.com\www FF - ProfilePath - c:\documents and settings\SIMONE\Dados de aplicativos\Mozilla\Firefox\Profiles\a9oo5a0r.default\ FF - prefs.js: browser.search.defaulturl - 4.6.6.2 FF - prefs.js: browser.search.selectedEngine - 4.6.6.2 FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - 4.6.6.2 FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.defaultenginename - 4.6.6.2 FF - user.js: browser.search.defaulturl - 4.6.6.2 FF - user.js: browser.search.selectedEngine - 4.6.6.2 FF - user.js: keyword.URL - 4.6.6.2 FF - user.js: keyword.enabled - true c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORFÃOS REMOVIDOS - - - - MSConfigStartUp-fssui - c:\arquivos de programas\Windows Live\Family Safety\fsui.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 20:11 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1547161642-1482476501-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,92,d3,62,54,d7,66,6a,d9,ca,84,6b,6e,2a,81,a8,78,d9,ad,95,eb,97,e1, 10,72,16,60,3f,c5,f0,de,d2,4d,ad,b0,c9,e0,75,5f,43,bc,6d,84,14,f5,56,88,e7,\ "??"=hex:1d,47,26,64,46,3e,31,b7,35,fb,9d,c6,4d,23,0d,fc . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(848) c:\arquivos de programas\Arquivos comuns\PC Tools\Lsp\PCTLsp.dll - - - - - - - > 'explorer.exe'(3452) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\windows\system32\mmrtkrnl.exe . ************************************************************************** . Tempo para conclusão: 2010-02-01 20:15:55 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-02-01 22:15 ComboFix2.txt 2010-02-01 15:17 ComboFix3.txt 2010-01-29 16:29 ComboFix4.txt 2010-01-29 00:56 Pré-execução: 21 pasta(s) 115.706.925.056 bytes disponíveis Pós execução: 22 pasta(s) 115.678.576.640 bytes disponíveis - - End Of File - - A48CB1C71EC100FCA83EEA295D08304A <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>> kav Autoscan: completed 1 minute ago (events: 80, objects: 327491, time: 02:53:05) 1/2/2010 20:29:28 Task started 1/2/2010 20:45:41 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 20:45:41 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll Postponed 1/2/2010 20:45:42 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 20:45:44 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 20:45:46 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 20:45:49 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 21:29:45 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 21:29:46 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir Postponed 1/2/2010 21:29:50 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 21:29:50 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 21:29:51 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 21:29:51 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 21:47:37 Detected: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe 1/2/2010 21:47:37 Untreated: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe Postponed 1/2/2010 22:15:09 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 22:15:09 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll Postponed 1/2/2010 22:15:10 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 22:15:10 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 22:16:56 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 22:16:56 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll Postponed 1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 22:16:57 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 22:38:45 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:38:45 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll Postponed 1/2/2010 22:38:46 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:38:46 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:38:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:38:49 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:59:03 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:59:03 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll Postponed 1/2/2010 22:59:03 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:59:04 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:59:06 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 22:59:08 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:11:38 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:11:38 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir Postponed 1/2/2010 23:11:40 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:11:41 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:11:42 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:11:43 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:12:39 Detected: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe 1/2/2010 23:12:39 Untreated: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe Postponed 1/2/2010 23:16:55 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:16:55 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll Postponed 1/2/2010 23:16:55 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:16:55 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:17:05 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:17:05 Untreated: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll Postponed 1/2/2010 23:17:06 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:17:07 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:17:07 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:17:08 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:20:36 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:21:48 Will be deleted on system restart: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:21:48 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Arquivos de programas\Mozilla Firefox\extensions\{e7dff8d4-17d2-eb91-b7de-94fb9fec10b6}\components\a2aec3cb-3f44-04f3-242e-2bc08f1bf2d3.dll 1/2/2010 23:21:49 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:22:11 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:22:11 Deleted: not-a-virus:AdWare.Win32.EZula.heur C:\Qoobox\Quarantine\C\WINDOWS\system32\41e96751-8919-eb7e-0b69-d601803e21a5.dll.vir 1/2/2010 23:22:13 Detected: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe 1/2/2010 23:22:23 Deleted: Trojan-Dropper.Win32.Agent.bkbf C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP24\A0008675.exe 1/2/2010 23:22:23 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:22:28 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:22:28 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:22:28 Deleted: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP60\A0024140.dll 1/2/2010 23:22:28 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:22:33 Detected: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:22:33 Deleted: not-a-virus:AdWare.Win32.EZula.heur C:\System Volume Information\_restore{68C0E24A-C685-406C-885D-845CA8B71345}\RP61\A0024664.dll 1/2/2010 23:22:33 Task completed <<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:02, on 1/2/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20900) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\mmrtkrnl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\SIMONE\Desktop\Virus Removal Tool\setup_9.0.0.722_01.02.2010_23-08\setup_9.0.0.722_01.02.2010_23-08.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\SIMONE\Desktop\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime Alternative\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: setup_9.0.0.722_01.02.2010_23-08.lnk = C:\Documents and Settings\SIMONE\Desktop\Virus Removal Tool\setup_9.0.0.722_01.02.2010_23-08\startup.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221694525265 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Arquivos de programas\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Google Update Service (gupdate1ca79d6f28da7d4) (gupdate1ca79d6f28da7d4) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\Spyware Doctor\TFEngine\TFService.exe -- End of file - 9840 bytes <<<<>>> vlws Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Fevereiro 2, 2010 :seta: Vários problemas foram detectados pelo Kaspersky Virus Removal Tool. Mas você removeu todos os problemas que ele encontrou? Caso não tenha removido, remova eles usando o Kaspersky Virus Removal Tool. _________________________________ :seta: Configure o seu antivirus Avira Antivir seguindo as dicas destes tutoriais: '>http://dicasetutoriaisparapc.blogspot.com/2009/03/tutorial-de-instalacao-e-configuracao.html"]Tutorial do Avira Antivir 9 free (instalação e configuração) '>http://dicasetutoriaisparapc.blogspot.com/2009/03/escaneando-seu-computador-com-o-avira.html"]Tutorial do Avira Antivir 9 free (como usá-lo corretamente) Depois de configurar o Avira Antivir seguindo as dicas dos tutoriais acima, atualize-o (faça um update) e reinicie o seu computador e entre pelo Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança). Aí quando o computador tiver reiniciado, clique com o botão direito do mouse sobre o símbolo do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Scan system now > e aguarde a conclusão do escaneamento. Obs: Caso não seja possível fazer o escaneamento com o Avira Antivir no Modo Seguro do Windows, faça-o no modo normal. _______________________________________________________________ :seta: Quando você tiver removido os virus que o Avira Antivir encontrar, reinicie o computador normalmente. Clique com o botão direito do mouse sobre o ícone do Avira (aquele guarda-chuva vermelho aberto ao lado do relógio do Windows) e escolha a opção Start Antivir > clique na opção Reports > dê um duplo clique com o botão esquerdo do mouse sobre o log mais recente e clique no botão Report file > Depois será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar) > Depois disso é só voltar aqui no fórum e postar este log do Avira Antivir juntamente com um novo log do Hijackthis para que eles possam ser analizados. Ficamos no aguardo de sua resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Março 2, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites