Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

maniagames100%

[Resolvido!] Rootkit.gen

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

maniagames100%    0

maniagames100%
Postado

Olá galerinha do forum.... :joia: B) sou nova aqui, ja dei uma pesquisada no forum mas não encontrei o que preciso pra resolver meu problema. Se eu estiver no lugar errado... peço desculpas...

É o seguinte, tenho uma lan house e uso o antivirus Avira e de uns tempos pra cá o antivirus ao ligar o pc fica identificando um virus TR/ROOTKIT.GEN, caminho C:\WINDOWS\system32\drivers\mchinjDrv.sys no qual pesso pra deletar e não adianta nada, ele não deleta. :(

Ja tentei ir ao caminho indicado pelo antivirus, mas o arquivo é oculto, ñ da pra achado de maneira alguma, ja passei outros antivirus citados abaixo, mas não resolve nada.. :angry:

 

 

 

malware antimalware

avira

avast

avg

alguns antirootkit

rijackthis

combofix

 

 

 

mais alguns que não lembro.... e nenhum resolveu.. por isso estou aqui no forum.... pra alguem me dar uma maosinha...

 

ja deixo aki o log do hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:28:28, on 21/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\nexcafe\guardis.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\WINDOWS\system32\sbfc.exe

C:\Arquivos de programas\Spyware Cease\SpywareCease.exe

C:\arquivos de programas\blok free 3\blkfc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [suNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe

O4 - HKLM\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKLM\..\Run: [spywareCease.exe] C:\Arquivos de programas\Spyware Cease\SpywareCease.exe

O4 - HKCU\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: NexCafé NexGuard.lnk = C:\nexcafe\nexguard.exe

O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Arquivos de programas\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Arquivos de programas\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Arquivos de programas\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Arquivos de programas\SmarThru 4\WebCapture.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{218BC63A-E0AD-4192-84E8-66038765DC55}: NameServer = 201.10.128.2,201.10.120.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B9B32E-D361-4F32-AD04-575AFB73D495}: NameServer = 201.10.128.2,201.10.120.3

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NexCafé IS (NexGuardIS) - Unknown owner - C:\nexcafe\guardis.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

 

--

End of file - 4252 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! maniagames100%

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> nuke.gifO ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

Boa Noite! maniagames100%

 

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> nuke.gifO ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

 

 

obrigadoo!!! seguirei suas instruções e vou postar os logs

bjs t +

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

Olá! olha é o seguinte....

rodei o combofix... Essa tela de msg ai ROOTKIT não apareceu...

quando o pc reiniciou, ao ligar o avira continuou identificando o virus (TR/ROOTKIT.GEN, caminho C:\WINDOWS\system32\drivers\mchinjDrv.sys)

 

e agora o que eu faço???

 

abaixo estão os logs

 

 

log. HIJACKTHIS

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:02, on 23/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\nexcafe\guardis.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\system32\sbfc.exe

C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\trend micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [suNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe

O4 - HKLM\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Arquivos de programas\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Arquivos de programas\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Arquivos de programas\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Arquivos de programas\SmarThru 4\WebCapture.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{218BC63A-E0AD-4192-84E8-66038765DC55}: NameServer = 201.10.128.2,201.10.120.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B9B32E-D361-4F32-AD04-575AFB73D495}: NameServer = 201.10.128.2,201.10.120.3

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NexCafé IS (NexGuardIS) - Unknown owner - C:\nexcafe\guardis.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

 

--

End of file - 4006 bytes

 

 

 

*****************************************************************************************************************

 

 

 

LOG.... COMBOFIX

 

ComboFix 10-02-22.07 - USER 23/02/2010 12:51:49.7.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1918.1550 [GMT -3:00]

Executando de: c:\documents and settings\USER\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_RKHIT

-------\Service_RkHit

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-23 to 2010-02-23 ))))))))))))))))))))))))))))

.

 

2010-02-23 15:56 . 2010-02-23 15:56 2240 ----a-w- c:\windows\system32\drivers\mchInjDrv.sys

2010-02-15 01:55 . 2010-02-15 01:58 -------- d-----w- C:\Rooter$

2010-02-15 01:19 . 2010-02-15 01:19 -------- d-----w- c:\arquivos de programas\Sophos

2010-02-15 00:49 . 2010-02-15 00:49 7680 ----a-w- c:\windows\system32\drivers\RKL6.tmp.sys

2010-02-15 00:39 . 2010-02-15 00:39 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys

2010-02-14 15:08 . 2009-06-23 19:49 1048064 ----a-w- c:\windows\system32\pdvmd.dat

2010-02-14 15:08 . 2009-06-23 19:49 427008 ----a-w- c:\windows\system32\sdvmd.dat

2010-02-14 15:08 . 2010-02-14 15:08 -------- d--h--w- c:\arquivos de programas\Blok Free 3

2010-02-14 15:07 . 2010-02-14 15:07 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-14 15:07 . 2010-02-14 15:07 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Malwarebytes

2010-02-14 15:06 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-14 15:06 . 2010-02-14 15:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-14 15:06 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-14 15:06 . 2010-02-14 15:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-14 15:06 . 2010-02-14 15:06 -------- d-----w- C:\MSNCleaner

2010-02-14 13:50 . 2010-02-21 03:28 -------- d-----w- c:\arquivos de programas\trend micro

2010-02-14 13:50 . 2010-02-14 16:56 -------- d-----w- C:\rsit

2010-02-06 16:09 . 2008-08-08 01:51 479232 ----a-w- c:\windows\ssndii.exe

2010-02-06 16:09 . 2007-08-13 05:59 82432 ----a-w- c:\windows\system32\msxml4r.dll

2010-02-06 16:09 . 2007-08-13 05:59 44544 ----a-w- c:\windows\system32\msxml4a.dll

2010-02-06 16:09 . 2007-08-13 05:59 1233920 ----a-w- c:\windows\system32\msxml4.dll

2010-02-06 16:09 . 2007-08-13 05:59 21776 ----a-w- c:\windows\system32\msxml2a.dll

2010-02-06 16:09 . 2010-02-06 16:09 -------- d-----w- c:\windows\Samsung

2010-02-06 16:09 . 2007-08-14 01:01 22723 ----a-w- c:\windows\system32\sst1cl3.dll

2010-02-06 16:09 . 2007-08-14 01:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll

2010-02-06 16:09 . 2007-08-14 00:59 151552 ----a-w- c:\windows\system32\sst1cci.exe

2010-02-06 16:09 . 2007-08-14 00:59 65536 ----a-w- c:\windows\system32\sst1cci.dll

2010-02-06 16:08 . 2007-10-23 02:53 110592 ----a-r- c:\windows\WiaInst.exe

2010-02-06 16:08 . 2008-07-08 23:43 138752 ----a-r- c:\windows\system32\SaXPWIA.dll

2010-02-06 16:08 . 2008-07-08 23:43 138240 ----a-r- c:\windows\system32\SaXPUIEx.dll

2010-02-06 16:08 . 2008-07-08 23:43 87040 ----a-r- c:\windows\system32\SaXPSTI.dll

2010-02-06 16:08 . 2008-07-08 23:43 116736 ----a-r- c:\windows\system32\SaXPIPH.dll

2010-02-06 16:08 . 2008-07-08 23:43 139776 ----a-r- c:\windows\system32\SaXPEH.dll

2010-02-06 16:08 . 2008-01-10 12:29 81920 ------w- c:\windows\system32\ssdevm.dll

2010-02-06 16:08 . 2007-08-13 08:22 49152 ----a-w- c:\windows\system32\Ssusbpn.dll

2010-02-06 16:07 . 2010-02-06 16:07 -------- d-----w- c:\windows\system32\drivers\Samsung

2010-02-06 16:07 . 2010-02-06 16:07 -------- d-----w- c:\arquivos de programas\Samsung

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-23 15:56 . 2010-01-05 15:35 493 ----a-w- c:\windows\system32cmu.dat

2010-02-06 16:10 . 2010-02-06 16:10 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\SmarThru4

2010-02-06 16:10 . 2010-02-06 16:09 -------- d-----w- c:\arquivos de programas\SmarThru 4

2010-02-06 16:10 . 2010-02-06 16:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SRC Shared

2010-02-06 16:10 . 2010-02-06 16:09 -------- d-----w- c:\arquivos de programas\Readiris10

2010-02-06 16:09 . 2009-12-28 14:05 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-31 13:21 . 2010-01-12 20:46 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-12 21:30 . 2010-01-12 21:30 -------- d-----w- c:\arquivos de programas\Cia. do Software

2010-01-12 21:03 . 2009-12-28 15:06 -------- d-----w- c:\arquivos de programas\Panda Security

2010-01-12 21:01 . 2010-01-12 21:01 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-01-12 20:46 . 2010-01-12 20:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-12 20:46 . 2010-01-12 20:46 -------- d-----w- c:\arquivos de programas\Avira

2010-01-12 20:38 . 2010-01-12 20:38 -------- d-----w- c:\arquivos de programas\D-Link VGA Webcam

2010-01-12 20:38 . 2010-01-12 20:38 -------- d-----w- c:\arquivos de programas\directx

2010-01-12 20:38 . 2009-12-28 14:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-01-05 15:35 . 2010-01-05 15:35 11 ----a-w- c:\windows\system32\hookinst.sys

2010-01-05 15:34 . 2010-01-05 15:34 -------- d-----w- c:\arquivos de programas\ShadowStor

2010-01-04 23:08 . 2009-11-27 12:34 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Vso

2009-12-28 23:01 . 2009-12-28 23:01 -------- d-----w- c:\arquivos de programas\Ps&Ps2 To Usb

2009-12-28 17:08 . 2009-12-28 15:29 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\BitTorrent

2009-12-28 15:34 . 2009-12-28 15:34 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Panda Security

2009-12-28 15:29 . 2009-12-28 15:29 -------- d-----w- c:\arquivos de programas\BitTorrent

2009-12-28 15:21 . 2009-12-28 15:21 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Auslogics

2009-12-28 15:20 . 2009-12-28 15:20 -------- d-----w- c:\arquivos de programas\Auslogics

2009-12-28 15:12 . 2009-12-28 15:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA

2009-12-28 15:07 . 2009-12-28 15:07 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\TeamViewer

2009-12-28 15:07 . 2009-12-28 15:07 -------- d-----w- c:\arquivos de programas\TeamViewer

2009-12-28 15:00 . 2001-10-28 18:07 46430 ----a-w- c:\windows\system32\perfc016.dat

2009-12-28 15:00 . 2001-10-28 18:07 338570 ----a-w- c:\windows\system32\perfh016.dat

2009-12-28 14:07 . 2009-12-28 14:07 -------- d-----w- c:\arquivos de programas\Realtek

2009-12-28 14:07 . 2009-12-28 14:07 319488 ----a-w- c:\windows\HideWin.exe

2009-12-28 14:05 . 2009-12-28 14:05 -------- d-----w- c:\arquivos de programas\AMD

2009-12-28 14:05 . 2009-12-28 14:05 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\InstallShield

2009-11-27 12:49 . 2009-11-27 12:48 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-27 12:34 . 2009-11-27 12:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-11-27 12:34 . 2009-11-27 12:34 47360 ----a-w- c:\documents and settings\USER\Dados de aplicativos\pcouffin.sys

2009-11-27 12:34 . 2009-11-27 12:34 47360 ----a-w- c:\documents and settings\USER\Dados de aplicativos\pcouffin.sys

2009-11-27 12:33 . 2009-11-27 12:33 2678 ----a-w- c:\windows\java\Packages\Data\VLN7V3FH.DAT

2009-11-27 12:33 . 2009-11-27 12:33 2232 ----a-w- c:\windows\java\Packages\Data\BPZ1RZ5B.DAT

2009-11-27 12:33 . 2009-11-27 12:33 155995 ----a-w- c:\windows\java\Packages\L7R5BRLR.ZIP

2009-11-27 12:33 . 2009-11-27 12:33 2678 ----a-w- c:\windows\java\Packages\Data\COAV9FDJ.DAT

2009-11-27 12:33 . 2009-11-27 12:33 2678 ----a-w- c:\windows\java\Packages\Data\Z97TZ5RF.DAT

2009-11-27 12:33 . 2009-11-27 12:33 2678 ----a-w- c:\windows\java\Packages\Data\GJ97JB13.DAT

2009-11-27 12:33 . 2009-11-27 12:33 2678 ----a-w- c:\windows\java\Packages\Data\A8QECJJR.DAT

2009-11-26 22:07 . 2009-11-26 21:20 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-26 21:18 . 2009-11-26 21:18 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-02-14_13.55.57 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-23 19:49 . 2009-06-23 19:49 427008 c:\windows\system32\sbfc.exe

+ 2009-06-23 19:49 . 2009-06-23 19:49 479232 c:\windows\system32\dvmd.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sbfc"="c:\windows\System32\sbfc.exe" [2009-06-23 427008]

"abfc"="c:\arquivos de programas\blok free 3\blkfc.exe" [2009-06-23 1048064]

"nexguard"="c:\nexcafe\nexguard.exe" [2010-01-05 7312896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuNotification"="c:\arquivos de programas\ShadowStor\ShadowUser\suatshut.exe" [2005-01-13 40960]

"nexguard"="c:\nexcafe\nexguard.exe" [2010-01-05 7312896]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]

"Blok Free 3"="c:\arquivos de programas\Blok Free 3\blkfc.exe" [2009-06-23 1048064]

"sbfc"="c:\windows\system32\sbfc.exe" [2009-06-23 427008]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

ShadowUser Pro Edition.lnk - c:\arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe [2005-1-12 921600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"= 0 (0x0)

"NoWorkgroupContentes"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"ForceStartMenuLogoff"= 1 (0x1)

"NoPrinters"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoActiveDesktop"= 1 (0x1)

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"= 0 (0x0)

"NoWorkgroupContentes"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"ForceStartMenuLogoff"= 1 (0x1)

"NoPrinters"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoActiveDesktop"= 1 (0x1)

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sunotify]

2005-01-13 02:49 90112 ----a-w- c:\windows\system32\sunotify.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 Shadow;Shadow;c:\windows\system32\drivers\shadow.sys [25/1/2005 19:21 114624]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28/12/2009 11:04 13696]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/1/2010 17:46 108289]

R2 NexGuardIS;NexCafé IS;c:\nexcafe\guardis.exe [5/1/2010 12:34 135168]

R2 ResDVMD;Recurso DVMD;c:\windows\system32\dvmd.exe [23/6/2009 16:49 479232]

S2 SSPORT;SSPORT; [x]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]

S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\system32\drivers\rkhdrv40.sys [14/2/2010 21:39 24448]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\arquivos de programas\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\arquivos de programas\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\arquivos de programas\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\arquivos de programas\SmarThru 4\WebCapture.dll

TCP: {218BC63A-E0AD-4192-84E8-66038765DC55} = 201.10.128.2,201.10.120.3

TCP: {D3B9B32E-D361-4F32-AD04-575AFB73D495} = 201.10.128.2,201.10.120.3

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-23 12:56

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\A.tmp"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2420)

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-23 12:57:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-23 15:57

ComboFix2.txt 2010-02-15 01:32

ComboFix3.txt 2010-02-14 15:29

ComboFix4.txt 2010-02-14 15:25

ComboFix5.txt 2010-02-23 15:51

 

Pré-execução: 12 pasta(s) 96.987.877.376 bytes disponíveis

Pós execução: 13 pasta(s) 97.467.748.352 bytes disponíveis

 

- - End Of File - - AF818030C8AE02234E24352EF104594B

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

:!: :seta: por favor! gente sei que tenho q esperar uns 5 dias pelas respostas mas.... to querendo solucionar isso logo.. affs ja tem mais de mes que to com esse prob. e não quero formatar o pc... mas se não tiver outro geito terei que fazer isso... :o :(

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

:!: :seta: por favor! gente sei que tenho q esperar uns 5 dias pelas respostas mas.... to querendo solucionar isso logo.. affs ja tem mais de mes que to com esse prob. e não quero formatar o pc... mas se não tiver outro geito terei que fazer isso... :o :(

/////////////////\\\\\\\\\\\\\\\\

Boa Noite! maniagames100%

 

<!> Desculpe-me a demora,pois fiquei sem Internet,adicionado à problemas em minha máquina.

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas.

<@> Salve-o,no desktop,com o nome: CFScript.txt

 

File::

c:\windows\system32\A.tmp

Rootkit::

c:\windows\system32\drivers\mchInjDrv.sys

c:\windows\system32\drivers\RKL6.tmp.sys

c:\windows\system32\drivers\rkhdrv40.sys

Driver::

"mchInjDrv"

"MEMSWEEP2"

"rkhdrv40"

"RKL6.tmp"

"SSPORT"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

ok...

 

:o o avira continua detectando o mesmo virus que citei "mchinjdrv.sys"

 

aqui estão os logs ;)

 

:seta: cobofix

 

ComboFix 10-02-25.02 - USER 25/02/2010 23:27:35.8.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1918.1562 [GMT -3:00]

Executando de: c:\documents and settings\USER\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\USER\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

FILE ::

"c:\windows\system32\A.tmp"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\srchasst\nls302en.lex

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MCHINJDRV

-------\Legacy_MEMSWEEP2

-------\Legacy_RKHDRV40

-------\Service_MEMSWEEP2

-------\Service_rkhdrv40

-------\Service_SSPORT

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-26 to 2010-02-26 ))))))))))))))))))))))))))))

.

 

2010-02-15 01:19 . 2010-02-15 01:19 -------- d-----w- c:\arquivos de programas\Sophos

2010-02-14 15:08 . 2009-06-23 19:49 1048064 ----a-w- c:\windows\system32\pdvmd.dat

2010-02-14 15:08 . 2009-06-23 19:49 427008 ----a-w- c:\windows\system32\sdvmd.dat

2010-02-14 15:08 . 2010-02-14 15:08 -------- d--h--w- c:\arquivos de programas\Blok Free 3

2010-02-14 15:07 . 2010-02-14 15:07 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-14 15:07 . 2010-02-14 15:07 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Malwarebytes

2010-02-14 15:06 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-14 15:06 . 2010-02-14 15:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-02-14 15:06 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-14 15:06 . 2010-02-14 15:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-14 13:50 . 2010-02-21 03:28 -------- d-----w- c:\arquivos de programas\trend micro

2010-02-06 16:09 . 2008-08-08 01:51 479232 ----a-w- c:\windows\ssndii.exe

2010-02-06 16:09 . 2007-08-13 05:59 82432 ----a-w- c:\windows\system32\msxml4r.dll

2010-02-06 16:09 . 2007-08-13 05:59 44544 ----a-w- c:\windows\system32\msxml4a.dll

2010-02-06 16:09 . 2007-08-13 05:59 1233920 ----a-w- c:\windows\system32\msxml4.dll

2010-02-06 16:09 . 2007-08-13 05:59 21776 ----a-w- c:\windows\system32\msxml2a.dll

2010-02-06 16:09 . 2010-02-06 16:09 -------- d-----w- c:\windows\Samsung

2010-02-06 16:09 . 2007-08-14 01:01 22723 ----a-w- c:\windows\system32\sst1cl3.dll

2010-02-06 16:09 . 2007-08-14 01:00 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst1cpc.dll

2010-02-06 16:09 . 2007-08-14 00:59 151552 ----a-w- c:\windows\system32\sst1cci.exe

2010-02-06 16:09 . 2007-08-14 00:59 65536 ----a-w- c:\windows\system32\sst1cci.dll

2010-02-06 16:08 . 2007-10-23 02:53 110592 ----a-r- c:\windows\WiaInst.exe

2010-02-06 16:08 . 2008-07-08 23:43 138752 ----a-r- c:\windows\system32\SaXPWIA.dll

2010-02-06 16:08 . 2008-07-08 23:43 138240 ----a-r- c:\windows\system32\SaXPUIEx.dll

2010-02-06 16:08 . 2008-07-08 23:43 87040 ----a-r- c:\windows\system32\SaXPSTI.dll

2010-02-06 16:08 . 2008-07-08 23:43 116736 ----a-r- c:\windows\system32\SaXPIPH.dll

2010-02-06 16:08 . 2008-07-08 23:43 139776 ----a-r- c:\windows\system32\SaXPEH.dll

2010-02-06 16:08 . 2008-01-10 12:29 81920 ------w- c:\windows\system32\ssdevm.dll

2010-02-06 16:08 . 2007-08-13 08:22 49152 ----a-w- c:\windows\system32\Ssusbpn.dll

2010-02-06 16:07 . 2010-02-06 16:07 -------- d-----w- c:\windows\system32\drivers\Samsung

2010-02-06 16:07 . 2010-02-06 16:07 -------- d-----w- c:\arquivos de programas\Samsung

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-26 02:31 . 2010-01-05 15:35 493 ----a-w- c:\windows\system32cmu.dat

2010-02-06 16:10 . 2010-02-06 16:10 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\SmarThru4

2010-02-06 16:10 . 2010-02-06 16:09 -------- d-----w- c:\arquivos de programas\SmarThru 4

2010-02-06 16:10 . 2010-02-06 16:10 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SRC Shared

2010-02-06 16:10 . 2010-02-06 16:09 -------- d-----w- c:\arquivos de programas\Readiris10

2010-02-06 16:09 . 2009-12-28 14:05 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-01-31 13:21 . 2010-01-12 20:46 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-01-12 21:30 . 2010-01-12 21:30 -------- d-----w- c:\arquivos de programas\Cia. do Software

2010-01-12 21:03 . 2009-12-28 15:06 -------- d-----w- c:\arquivos de programas\Panda Security

2010-01-12 21:01 . 2010-01-12 21:01 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-01-12 20:46 . 2010-01-12 20:46 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira

2010-01-12 20:46 . 2010-01-12 20:46 -------- d-----w- c:\arquivos de programas\Avira

2010-01-12 20:38 . 2010-01-12 20:38 -------- d-----w- c:\arquivos de programas\D-Link VGA Webcam

2010-01-12 20:38 . 2010-01-12 20:38 -------- d-----w- c:\arquivos de programas\directx

2010-01-12 20:38 . 2009-12-28 14:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-01-05 15:35 . 2010-01-05 15:35 11 ----a-w- c:\windows\system32\hookinst.sys

2010-01-05 15:34 . 2010-01-05 15:34 -------- d-----w- c:\arquivos de programas\ShadowStor

2010-01-04 23:08 . 2009-11-27 12:34 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Vso

2009-12-28 23:01 . 2009-12-28 23:01 -------- d-----w- c:\arquivos de programas\Ps&Ps2 To Usb

2009-12-28 17:08 . 2009-12-28 15:29 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\BitTorrent

2009-12-28 15:34 . 2009-12-28 15:34 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Panda Security

2009-12-28 15:29 . 2009-12-28 15:29 -------- d-----w- c:\arquivos de programas\BitTorrent

2009-12-28 15:21 . 2009-12-28 15:21 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\Auslogics

2009-12-28 15:20 . 2009-12-28 15:20 -------- d-----w- c:\arquivos de programas\Auslogics

2009-12-28 15:12 . 2009-12-28 15:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA

2009-12-28 15:07 . 2009-12-28 15:07 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\TeamViewer

2009-12-28 15:07 . 2009-12-28 15:07 -------- d-----w- c:\arquivos de programas\TeamViewer

2009-12-28 15:00 . 2001-10-28 18:07 46430 ----a-w- c:\windows\system32\perfc016.dat

2009-12-28 15:00 . 2001-10-28 18:07 338570 ----a-w- c:\windows\system32\perfh016.dat

2009-12-28 14:07 . 2009-12-28 14:07 -------- d-----w- c:\arquivos de programas\Realtek

2009-12-28 14:07 . 2009-12-28 14:07 319488 ----a-w- c:\windows\HideWin.exe

2009-12-28 14:05 . 2009-12-28 14:05 -------- d-----w- c:\arquivos de programas\AMD

2009-12-28 14:05 . 2009-12-28 14:05 -------- d-----w- c:\documents and settings\USER\Dados de aplicativos\InstallShield

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sbfc"="c:\windows\System32\sbfc.exe" [2009-06-23 427008]

"abfc"="c:\arquivos de programas\blok free 3\blkfc.exe" [2009-06-23 1048064]

"nexguard"="c:\nexcafe\nexguard.exe" [2010-01-05 7312896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuNotification"="c:\arquivos de programas\ShadowStor\ShadowUser\suatshut.exe" [2005-01-13 40960]

"nexguard"="c:\nexcafe\nexguard.exe" [2010-01-05 7312896]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-11 524288]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2008-08-07 495616]

"Blok Free 3"="c:\arquivos de programas\Blok Free 3\blkfc.exe" [2009-06-23 1048064]

"sbfc"="c:\windows\system32\sbfc.exe" [2009-06-23 427008]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

ShadowUser Pro Edition.lnk - c:\arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe [2005-1-12 921600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"= 0 (0x0)

"NoWorkgroupContentes"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"ForceStartMenuLogoff"= 1 (0x1)

"NoPrinters"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoActiveDesktop"= 1 (0x1)

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"= 0 (0x0)

"NoWorkgroupContentes"= 0 (0x0)

"NoEntireNetwork"= 0 (0x0)

"ForceStartMenuLogoff"= 1 (0x1)

"NoPrinters"= 0 (0x0)

"NoSMMyPictures"= 0 (0x0)

"NoStartMenuMyMusic"= 0 (0x0)

"NoActiveDesktop"= 1 (0x1)

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sunotify]

2005-01-13 02:49 90112 ----a-w- c:\windows\system32\sunotify.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 Shadow;Shadow;c:\windows\system32\drivers\shadow.sys [25/1/2005 19:21 114624]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [28/12/2009 11:04 13696]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/1/2010 17:46 108289]

R2 NexGuardIS;NexCafé IS;c:\nexcafe\guardis.exe [5/1/2010 12:34 135168]

R2 ResDVMD;Recurso DVMD;c:\windows\system32\dvmd.exe [23/6/2009 16:49 479232]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\arquivos de programas\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\arquivos de programas\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\arquivos de programas\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\arquivos de programas\SmarThru 4\WebCapture.dll

TCP: {218BC63A-E0AD-4192-84E8-66038765DC55} = 201.10.128.2,201.10.120.3

TCP: {D3B9B32E-D361-4F32-AD04-575AFB73D495} = 201.10.128.2,201.10.120.3

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-25 23:30

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1740)

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-02-25 23:31:52 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-02-26 02:31

 

Pré-execução: 8 pasta(s) 97.966.526.464 bytes disponíveis

Pós execução: 9 pasta(s) 97.922.678.784 bytes disponíveis

 

- - End Of File - - A94FE74107DA361215DF9C52F685CFC9

 

 

 

 

:seta: hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:37:16, on 25/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\nexcafe\guardis.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\WINDOWS\system32\sbfc.exe

C:\arquivos de programas\blok free 3\blkfc.exe

C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\trend micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [suNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe

O4 - HKLM\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Arquivos de programas\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Arquivos de programas\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Arquivos de programas\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Arquivos de programas\SmarThru 4\WebCapture.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{218BC63A-E0AD-4192-84E8-66038765DC55}: NameServer = 201.10.128.2,201.10.120.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B9B32E-D361-4F32-AD04-575AFB73D495}: NameServer = 201.10.128.2,201.10.120.3

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NexCafé IS (NexGuardIS) - Unknown owner - C:\nexcafe\guardis.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

 

--

End of file - 3973 bytes

 

:!: :mellow: :huh:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! maniagames100%

 

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

:seta: OTL

 

OTL logfile created on: 26/2/2010 10:07:47 - Run 1

OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\USER\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 100,01 Gb Total Space | 91,20 Gb Free Space | 91,20% Space Free | Partition Type: NTFS

Drive D: | 198,08 Gb Total Space | 188,84 Gb Free Space | 95,33% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TERMINAL03

Current User Name: USER

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\nexcafe\guardis.exe ()

PRC - C:\WINDOWS\system32\dvmd.exe (DVMD)

PRC - C:\Arquivos de programas\Blok Free 3\blkfc.exe (Gamsoft Sistemas de Informação Ltda)

PRC - C:\WINDOWS\system32\sbfc.exe ()

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

PRC - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()

PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe (ShadowStor, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (NexGuardIS) -- C:\nexcafe\guardis.exe ()

SRV - (ResDVMD) -- C:\WINDOWS\system32\dvmd.exe (DVMD)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (NBService) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)

DRV - (Shadow) -- C:\WINDOWS\system32\drivers\shadow.sys (StorageCraft, Inc.)

DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\S-1-5-21-1614895754-57989841-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2010/02/25 23:30:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()

O4 - HKLM..\Run: [blok Free 3] C:\Arquivos de programas\Blok Free 3\blkfc.exe (Gamsoft Sistemas de Informação Ltda)

O4 - HKLM..\Run: [nexguard] C:\nexcafe\nexguard.exe (Nextar)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe ()

O4 - HKLM..\Run: [suNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe (ShadowStor Corporation)

O4 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003..\Run: [abfc] c:\arquivos de programas\blok free 3\blkfc.exe (Gamsoft Sistemas de Informação Ltda)

O4 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003..\Run: [nexguard] C:\nexcafe\nexguard.exe (Nextar)

O4 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe (ShadowStor, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWorkgroupContentes = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEntireNetwork = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWorkgroupContentes = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEntireNetwork = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 1

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-1614895754-57989841-1417001333-1003_Classes\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Arquivos de programas\SmarThru 4\WEBCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Arquivos de programas\SmarThru 4\WEBCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Arquivos de programas\SmarThru 4\WEBCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Arquivos de programas\SmarThru 4\WebCapture.dll ()

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\sunotify: DllName - sunotify.dll - C:\WINDOWS\System32\sunotify.dll (ShadowStor Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alegria.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/11/26 18:21:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/02/26 10:06:35 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

[2010/02/25 23:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/02/25 23:25:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/02/20 23:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Meus documentos\Meus arquivos recebidos

[2010/02/14 22:19:19 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Sophos

[2010/02/14 20:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Identities

[2010/02/14 12:23:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/02/14 12:08:55 | 001,048,064 | ---- | C] (Gamsoft Sistemas de Informação Ltda) -- C:\WINDOWS\System32\pdvmd.dat

[2010/02/14 12:08:49 | 000,000,000 | -H-D | C] -- C:\Arquivos de programas\Blok Free 3

[2010/02/14 12:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Dados de aplicativos\Malwarebytes

[2010/02/14 12:06:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/14 12:06:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/14 12:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/02/14 12:06:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/02/14 10:50:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\trend micro

[2010/02/14 10:31:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\USER\Recent

[2010/02/06 13:50:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/02/06 13:50:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/02/06 13:50:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/02/06 13:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\S2PC

[2010/02/06 13:10:35 | 000,512,000 | ---- | C] (Samsung) -- C:\WINDOWS\System32\ssmgr.cpl

[2010/02/06 13:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Dados de aplicativos\SmarThru4

[2010/02/06 13:10:19 | 000,041,984 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\DgivEcp.sys

[2010/02/06 13:10:16 | 000,458,752 | ---- | C] (Samsung Software Center) -- C:\WINDOWS\prinst.exe

[2010/02/06 13:10:14 | 000,931,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTR13N.DLL

[2010/02/06 13:10:14 | 000,760,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltocx13n.ocx

[2010/02/06 13:10:14 | 000,533,504 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTRVW13N.OCX

[2010/02/06 13:10:14 | 000,465,920 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTRPR13n.DLL

[2010/02/06 13:10:14 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP13s.DLL

[2010/02/06 13:10:14 | 000,326,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTRIO13N.DLL

[2010/02/06 13:10:14 | 000,249,856 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFJ2K13s.dll

[2010/02/06 13:10:14 | 000,187,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfpng13s.dll

[2010/02/06 13:10:14 | 000,099,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfjbg13s.dll

[2010/02/06 13:10:14 | 000,087,552 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpsd13s.dll

[2010/02/06 13:10:14 | 000,086,528 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax13s.dll

[2010/02/06 13:10:14 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax13n.dll

[2010/02/06 13:10:14 | 000,057,856 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfeps13s.dll

[2010/02/06 13:10:14 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPNM13s.dll

[2010/02/06 13:10:14 | 000,043,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp13s.dll

[2010/02/06 13:10:14 | 000,040,448 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfiff13s.dll

[2010/02/06 13:10:14 | 000,037,888 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpcx13s.dll

[2010/02/06 13:10:14 | 000,037,376 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfclp13s.dll

[2010/02/06 13:10:14 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfani13s.dll

[2010/02/06 13:10:14 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfitg13s.dll

[2010/02/06 13:10:14 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfimg13s.dll

[2010/02/06 13:10:14 | 000,032,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpcd13s.dll

[2010/02/06 13:10:14 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfmsp13s.dll

[2010/02/06 13:10:14 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfavi13s.dll

[2010/02/06 13:10:14 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfiff13n.dll

[2010/02/06 13:10:14 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfimg13n.dll

[2010/02/06 13:10:14 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfitg13n.dll

[2010/02/06 13:10:13 | 001,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTCLR13n.dll

[2010/02/06 13:10:13 | 000,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn13n.dll

[2010/02/06 13:10:13 | 000,445,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg13n.dll

[2010/02/06 13:10:13 | 000,389,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP13n.DLL

[2010/02/06 13:10:13 | 000,265,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS13n.dll

[2010/02/06 13:10:13 | 000,246,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFJ2K13n.dll

[2010/02/06 13:10:13 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL

[2010/02/06 13:10:13 | 000,206,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx13n.dll

[2010/02/06 13:10:13 | 000,182,784 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfpng13n.dll

[2010/02/06 13:10:13 | 000,158,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltpnt13n.dll

[2010/02/06 13:10:13 | 000,152,064 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif13s.dll

[2010/02/06 13:10:13 | 000,142,848 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif13n.dll

[2010/02/06 13:10:13 | 000,114,176 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTOCR13n.dll

[2010/02/06 13:10:13 | 000,090,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfjbg13n.dll

[2010/02/06 13:10:13 | 000,077,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTTLB13n.dll

[2010/02/06 13:10:13 | 000,069,632 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltbar13n.dll

[2010/02/06 13:10:13 | 000,067,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltpdg13n.dll

[2010/02/06 13:10:13 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpsd13n.dll

[2010/02/06 13:10:13 | 000,047,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfeps13n.dll

[2010/02/06 13:10:13 | 000,044,032 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lttwn13n.dll

[2010/02/06 13:10:13 | 000,032,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lttmb13n.dll

[2010/02/06 13:10:13 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfclp13n.dll

[2010/02/06 13:10:13 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPNM13n.dll

[2010/02/06 13:10:13 | 000,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp13n.dll

[2010/02/06 13:10:13 | 000,026,624 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpcx13n.dll

[2010/02/06 13:10:13 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfani13n.dll

[2010/02/06 13:10:13 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfpcd13n.dll

[2010/02/06 13:10:13 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfavi13n.dll

[2010/02/06 13:10:13 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfmsp13n.dll

[2010/02/06 13:10:12 | 001,402,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltdlg13n.dll

[2010/02/06 13:10:12 | 001,009,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltwvc13n.dll

[2010/02/06 13:10:12 | 000,154,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil13n.DLL

[2010/02/06 13:10:12 | 000,146,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mfcoleui.dll

[2010/02/06 13:10:12 | 000,051,712 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltlst13n.dll

[2010/02/06 13:10:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\SRC Shared

[2010/02/06 13:09:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Readiris10

[2010/02/06 13:09:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\SmarThru 4

[2010/02/06 13:09:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll

[2010/02/06 13:09:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll

[2010/02/06 13:09:35 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml2a.dll

[2010/02/06 13:09:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung

[2010/02/06 13:09:04 | 000,151,552 | ---- | C] (SS) -- C:\WINDOWS\System32\sst1cci.exe

[2010/02/06 13:09:03 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\sst1cci.dll

[2010/02/06 13:08:09 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll

[2010/02/06 13:08:09 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\Ssusbpn.dll

[2010/02/06 13:07:59 | 000,404,480 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvdu.dll

[2010/02/06 13:07:59 | 000,204,800 | ---- | C] (SEC) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvcm.dll

[2010/02/06 13:07:59 | 000,196,608 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvn.dll

[2010/02/06 13:07:59 | 000,032,768 | ---- | C] (samsung) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvio.dll

[2010/02/06 13:07:59 | 000,019,968 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvpc.dll

[2010/02/06 13:07:58 | 000,990,720 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrv.dll

[2010/02/06 13:07:58 | 000,151,552 | ---- | C] (SS) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\coinst.exe

[2010/02/06 13:07:58 | 000,065,536 | ---- | C] (SS) -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\coinst.dll

[2010/02/06 13:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series

[2010/02/06 13:07:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Samsung

[2010/02/06 13:07:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Samsung

[2009/11/27 09:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/27 09:34:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\USER\Dados de aplicativos\pcouffin.sys

[2009/11/26 18:27:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/11/26 18:25:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/11/26 18:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

 

========== Files - Modified Within 30 Days ==========

 

[2010/02/26 10:06:42 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

[2010/02/26 10:03:21 | 000,000,493 | ---- | M] () -- C:\WINDOWS\system32cmu.dat

[2010/02/26 10:03:13 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/02/26 10:02:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/26 10:02:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/26 10:02:03 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT

[2010/02/26 10:02:03 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\USER\ntuser.ini

[2010/02/25 23:30:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/02/25 23:30:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/02/25 23:17:36 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/02/21 19:50:59 | 000,000,612 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/02/21 18:32:38 | 000,017,893 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\4.jpg

[2010/02/21 18:31:03 | 000,046,729 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\3.jpg

[2010/02/21 18:30:26 | 000,012,417 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\2.png

[2010/02/21 18:30:17 | 000,011,764 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\Cópia de 1.png

[2010/02/21 18:30:17 | 000,011,764 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\1.png

[2010/02/20 22:57:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/02/19 19:54:14 | 000,000,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2010/02/14 23:40:30 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\scud.udf

[2010/02/14 21:27:10 | 000,000,050 | ---- | M] () -- C:\Documents and Settings\USER\bbf3.htm

[2010/02/14 21:27:08 | 000,024,421 | ---- | M] () -- C:\Documents and Settings\USER\bbf3.jpg

[2010/02/06 13:10:30 | 000,010,917 | ---- | M] () -- C:\Documents and Settings\USER\Dados de aplicativos\SmarThruOptions.xml

[2010/02/06 13:10:11 | 000,000,141 | ---- | M] () -- C:\WINDOWS\Readiris.ini

[2010/01/31 10:21:46 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

 

========== Files Created - No Company Name ==========

 

[2010/02/21 18:42:53 | 000,011,764 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\Cópia de 1.png

[2010/02/21 18:32:38 | 000,017,893 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\4.jpg

[2010/02/21 18:31:03 | 000,046,729 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\3.jpg

[2010/02/21 18:30:26 | 000,012,417 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\2.png

[2010/02/21 18:30:17 | 000,011,764 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\1.png

[2010/02/14 23:40:30 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\scud.udf

[2010/02/14 18:53:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/02/14 12:09:08 | 000,000,050 | ---- | C] () -- C:\Documents and Settings\USER\bbf3.htm

[2010/02/14 12:09:07 | 000,024,421 | ---- | C] () -- C:\Documents and Settings\USER\bbf3.jpg

[2010/02/14 12:08:55 | 000,427,008 | ---- | C] () -- C:\WINDOWS\System32\sdvmd.dat

[2010/02/06 13:50:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/02/06 13:50:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/02/06 13:50:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/02/06 13:50:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/02/06 13:50:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/02/06 13:10:29 | 000,010,917 | ---- | C] () -- C:\Documents and Settings\USER\Dados de aplicativos\SmarThruOptions.xml

[2010/02/06 13:10:17 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll

[2010/02/06 13:10:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll

[2010/02/06 13:10:13 | 000,000,422 | ---- | C] () -- C:\WINDOWS\System32\ltocx13.lic

[2010/02/06 13:10:11 | 000,000,141 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2010/02/06 13:10:10 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2010/02/06 13:09:37 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe

[2010/02/06 13:09:07 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll

[2010/02/06 13:09:07 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.smt

[2010/02/06 13:08:52 | 000,011,502 | ---- | C] () -- C:\WINDOWS\Dr. Printer Icon.ico

[2010/02/06 13:08:11 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe

[2010/02/06 13:08:09 | 000,139,776 | R--- | C] () -- C:\WINDOWS\System32\SaXPEH.dll

[2010/02/06 13:08:09 | 000,138,752 | R--- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll

[2010/02/06 13:08:09 | 000,138,240 | R--- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll

[2010/02/06 13:08:09 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll

[2010/02/06 13:08:09 | 000,087,040 | R--- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll

[2010/02/06 13:08:09 | 000,007,409 | R--- | C] () -- C:\WINDOWS\System32\WIAUISTR.loc

[2010/02/06 13:08:00 | 001,486,059 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1csc.cts

[2010/02/06 13:08:00 | 001,032,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvum.dll

[2010/02/06 13:08:00 | 000,925,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvu.dll

[2010/02/06 13:08:00 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvu2.dll

[2010/02/06 13:08:00 | 000,626,874 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvua.bmp

[2010/02/06 13:08:00 | 000,206,278 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvub.bmp

[2010/02/06 13:08:00 | 000,083,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvsp.dat

[2010/02/06 13:08:00 | 000,077,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvtk.dat

[2010/02/06 13:08:00 | 000,077,113 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvsw.dat

[2010/02/06 13:08:00 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvuc.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucv.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucs.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucr.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucp.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvuco.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvuce.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucd.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucc.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvucb.bmp

[2010/02/06 13:08:00 | 000,058,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvuca.bmp

[2010/02/06 13:08:00 | 000,049,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1c.cat

[2010/02/06 13:08:00 | 000,033,699 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvtk.chm

[2010/02/06 13:08:00 | 000,033,573 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvsw.chm

[2010/02/06 13:08:00 | 000,024,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvug.bmp

[2010/02/06 13:08:00 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1cl3.dll

[2010/02/06 13:08:00 | 000,020,537 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvum.xml

[2010/02/06 13:08:00 | 000,009,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1c.inf

[2010/02/06 13:08:00 | 000,006,910 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1cu.ini

[2010/02/06 13:08:00 | 000,004,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvul.bmp

[2010/02/06 13:08:00 | 000,000,619 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1cpp.ver

[2010/02/06 13:08:00 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\sst1cl3.smt

[2010/02/06 13:07:59 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvsc.dll

[2010/02/06 13:07:59 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvsf.dll

[2010/02/06 13:07:59 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvm.dll

[2010/02/06 13:07:59 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvo.dll

[2010/02/06 13:07:59 | 000,087,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvfn.dat

[2010/02/06 13:07:59 | 000,084,300 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvel.dat

[2010/02/06 13:07:59 | 000,083,875 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvgr.dat

[2010/02/06 13:07:59 | 000,083,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvpt.dat

[2010/02/06 13:07:59 | 000,082,235 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvit.dat

[2010/02/06 13:07:59 | 000,081,186 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvdt.dat

[2010/02/06 13:07:59 | 000,081,003 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvhu.dat

[2010/02/06 13:07:59 | 000,080,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvru.dat

[2010/02/06 13:07:59 | 000,079,817 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvpo.dat

[2010/02/06 13:07:59 | 000,078,950 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvfi.dat

[2010/02/06 13:07:59 | 000,078,052 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvdn.dat

[2010/02/06 13:07:59 | 000,077,909 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvcz.dat

[2010/02/06 13:07:59 | 000,077,102 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvnr.dat

[2010/02/06 13:07:59 | 000,075,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrven.dat

[2010/02/06 13:07:59 | 000,071,658 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvkr.dat

[2010/02/06 13:07:59 | 000,071,430 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvhb.dat

[2010/02/06 13:07:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvlf.dll

[2010/02/06 13:07:59 | 000,064,657 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvcp.dat

[2010/02/06 13:07:59 | 000,064,478 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvct.dat

[2010/02/06 13:07:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvex.exe

[2010/02/06 13:07:59 | 000,036,019 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvel.chm

[2010/02/06 13:07:59 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvhu.chm

[2010/02/06 13:07:59 | 000,035,305 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvpo.chm

[2010/02/06 13:07:59 | 000,034,977 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvgr.chm

[2010/02/06 13:07:59 | 000,034,907 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvru.chm

[2010/02/06 13:07:59 | 000,034,711 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvcz.chm

[2010/02/06 13:07:59 | 000,034,519 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvfn.chm

[2010/02/06 13:07:59 | 000,034,257 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvdt.chm

[2010/02/06 13:07:59 | 000,034,215 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvpt.chm

[2010/02/06 13:07:59 | 000,034,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvsp.chm

[2010/02/06 13:07:59 | 000,033,931 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvit.chm

[2010/02/06 13:07:59 | 000,033,619 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvdn.chm

[2010/02/06 13:07:59 | 000,033,501 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvfi.chm

[2010/02/06 13:07:59 | 000,033,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvkr.chm

[2010/02/06 13:07:59 | 000,032,913 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvnr.chm

[2010/02/06 13:07:59 | 000,032,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvhb.chm

[2010/02/06 13:07:59 | 000,032,359 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvcp.chm

[2010/02/06 13:07:59 | 000,032,357 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrven.chm

[2010/02/06 13:07:59 | 000,032,283 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvct.chm

[2010/02/06 13:07:59 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvm3.bmp

[2010/02/06 13:07:59 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvm2.bmp

[2010/02/06 13:07:59 | 000,029,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvm1.bmp

[2010/02/06 13:07:59 | 000,015,318 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvpp.dll

[2010/02/06 13:07:58 | 000,812,486 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvcm.ctd

[2010/02/06 13:07:58 | 000,082,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvbp.dat

[2010/02/06 13:07:58 | 000,073,515 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvab.dat

[2010/02/06 13:07:58 | 000,033,689 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvbp.chm

[2010/02/06 13:07:58 | 000,033,485 | ---- | C] () -- C:\WINDOWS\System32\drivers\Samsung\Samsung CLX-3170 Series\itdrvab.chm

[2010/01/05 12:35:11 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\hookinst.sys

[2010/01/04 20:08:36 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\USER\Dados de aplicativos\vso_ts_preview.xml

[2009/11/27 09:47:40 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/11/27 09:34:57 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\USER\Dados de aplicativos\pcouffin.log

[2009/11/27 09:34:54 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\USER\Dados de aplicativos\pcouffin.cat

[2009/11/27 09:34:54 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\USER\Dados de aplicativos\pcouffin.inf

[2009/11/27 09:29:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/27 09:29:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/27 09:29:31 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/11/27 09:29:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/27 09:29:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006/10/31 14:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/31 14:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/31 14:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/31 14:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/31 14:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/31 14:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/10/31 14:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005/01/12 20:49:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\vsmvhk.dll

 

========== LOP Check ==========

 

[2009/12/28 12:21:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Auslogics

[2009/12/28 14:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\BitTorrent

[2009/11/27 09:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\BSplayer Pro

[2009/11/27 09:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Foxit Software

[2009/11/27 09:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Franckey

[2009/11/27 10:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Free Download Manager

[2009/11/27 09:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Houaiss3

[2009/12/28 12:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Panda Security

[2010/02/06 13:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\SmarThru4

[2009/12/28 12:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\TeamViewer

[2010/01/04 20:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Vso

 

========== Purity Check ==========

 

 

< End of report >

 

 

 

:seta: EXTRAS

 

 

OTL Extras logfile created on: 26/2/2010 10:07:47 - Run 1

OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\USER\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 100,01 Gb Total Space | 91,20 Gb Free Space | 91,20% Space Free | Partition Type: NTFS

Drive D: | 198,08 Gb Total Space | 188,84 Gb Free Space | 95,33% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: TERMINAL03

Current User Name: USER

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)

"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()

"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 2.99.18.970

"{8DD1701B-EEB5-4687-B442-2E5333D831EE}" = ShadowUser Pro 2.5

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F14B8ECC-BDA0-4987-9201-D7B7DBE11046}" = Nero 7 Premium

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitTorrent" = BitTorrent

"Blok Free 3" = Blok Free 3

"BSPlayer1" = BSPlayer

"CCleaner" = CCleaner

"Dicionário eletrônico Houaiss da língua portuguesa_is1" = Dicionário eletrônico Houaiss 3.0

"D-Link VGA Webcam" = D-Link VGA Webcam

"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Free Download Manager_is1" = Free Download Manager 2.1

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.1.0 Full

"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mr. RegClean_is1" = Mr. RegClean

"NexCafé NexGuard_is1" = NexGuard 3.0.0.95

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Ps&Ps2 To Usb" = Ps&Ps2 To Usb

"QuicktimeAlt_is1" = QuickTime Alternative 1.90

"RealAlt_is1" = Real Alternative 1.60

"Revo Uninstaller" = Revo Uninstaller 1.83

"Samsung CLX-3170 Series" = Samsung CLX-3170 Series

"SmarThru PC Fax" = SmarThru PC Fax

"TeamViewer 4" = TeamViewer 4

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1614895754-57989841-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/2/2010 12:51:41 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

 

Error - 6/2/2010 12:51:41 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

Error - 14/2/2010 09:55:14 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

 

Error - 14/2/2010 09:55:15 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

Error - 14/2/2010 11:24:45 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

 

Error - 14/2/2010 11:24:45 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

Error - 14/2/2010 11:28:37 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

 

Error - 14/2/2010 11:28:37 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

Error - 14/2/2010 21:29:40 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

 

Error - 14/2/2010 21:29:40 | Computer Name = TERMINAL03 | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

 

[ System Events ]

Error - 21/2/2010 17:48:20 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7034

Description = O serviço HTTP SSL foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

 

Error - 21/2/2010 17:51:21 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

Error - 22/2/2010 10:58:45 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

Error - 22/2/2010 14:20:15 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

Error - 22/2/2010 17:28:50 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

Error - 22/2/2010 19:10:28 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

Error - 23/2/2010 11:41:41 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

Error - 23/2/2010 11:51:42 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7034

Description = O serviço NexCafé IS foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

 

Error - 23/2/2010 11:54:54 | Computer Name = TERMINAL03 | Source = PlugPlayManager | ID = 11

Description = O dispositivo Root\LEGACY_RKHIT\0000 desapareceu do sistema sem ser

preparado para remoção.

 

Error - 23/2/2010 11:55:58 | Computer Name = TERMINAL03 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço SSPORT devido ao seguinte erro:

%%2

 

 

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! maniagames100%

 

<!> O relatório OTL.txt,não mostrou problemas em potencial onde a indicação da presença de rootkit é um falso positivo notificado pelo seu antivírus. Procure durante sua detecção,assinalar em sua configuração,aceitar/ignorar esse arquivo.

°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < FixPolicies > ( ...by Bill Castner )

<@> Salve-o no Desktop!

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies,que foi criada.

<@> Duplo-clique em Fix_policies.cmd.

<@> Surgirá,por breve momento,uma caixa preta.

°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°

<!> Poste: HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

DigRam

 

aqui esta o log

 

:!: o que esse fixpolices faz? ( obs: aqui na lan todos os pcs aparecem essa identificação do antivirus) :(

 

 

:seta: Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:26:18, on 26/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\nexcafe\guardis.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\System32\sbfc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\trend micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [suNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe

O4 - HKLM\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Arquivos de programas\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Arquivos de programas\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Arquivos de programas\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Arquivos de programas\SmarThru 4\WebCapture.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{218BC63A-E0AD-4192-84E8-66038765DC55}: NameServer = 201.10.128.2,201.10.120.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B9B32E-D361-4F32-AD04-575AFB73D495}: NameServer = 201.10.128.2,201.10.120.3

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NexCafé IS (NexGuardIS) - Unknown owner - C:\nexcafe\guardis.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

 

--

End of file - 3973 bytes

 

 

^_^

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! maniagames100%

 

o que esse fixpolices faz? ( obs: aqui na lan todos os pcs aparecem essa identificação do antivirus)

<!> Remove políticas restritivas impostas por malwares ou configurações inadequadas,no registro,feitas pelo usuário.

<!> Se a indicação no Avira está em todos os computadores,há que configurá-lo em cada máquina.

°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< 92674490.jpg >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°

<!> Abra o HijackThis --> Marque,abaixo,estas entradas.

 

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

 

<!> Clique em Fix checked --> Sim!

°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°

<!> Poste: HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

Boa tarde, DigRam!

 

digito o comando que me passou mas não da certo

diz que não foi encontrado. :ermm:

 

abaixo esta o log do hijackthis

 

:seta: Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:36:33, on 26/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\nexcafe\guardis.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\dvmd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe

C:\Arquivos de programas\Blok Free 3\blkfc.exe

C:\WINDOWS\system32\sbfc.exe

C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\trend micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [suNotification] C:\Arquivos de programas\ShadowStor\ShadowUser\suatshut.exe

O4 - HKLM\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"

O4 - HKLM\..\Run: [blok Free 3] "C:\Arquivos de programas\Blok Free 3\blkfc.exe"

O4 - HKLM\..\Run: [sbfc] C:\WINDOWS\system32\sbfc.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [sbfc] C:\WINDOWS\System32\sbfc.exe

O4 - HKCU\..\Run: [abfc] "c:\arquivos de programas\blok free 3\blkfc.exe"

O4 - HKCU\..\Run: [nexguard] "C:\nexcafe\nexguard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: ShadowUser Pro Edition.lnk = C:\Arquivos de programas\ShadowStor\ShadowUser\ShadowUser.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Arquivos de programas\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Arquivos de programas\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Arquivos de programas\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Arquivos de programas\SmarThru 4\WebCapture.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{218BC63A-E0AD-4192-84E8-66038765DC55}: NameServer = 201.10.128.2,201.10.120.3

O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B9B32E-D361-4F32-AD04-575AFB73D495}: NameServer = 201.10.128.2,201.10.120.3

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: NexCafé IS (NexGuardIS) - Unknown owner - C:\nexcafe\guardis.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Recurso DVMD (ResDVMD) - DVMD - C:\WINDOWS\system32\dvmd.exe

 

--

End of file - 3815 bytes

^_^ :P

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! maniagames100%

 

digito o comando que me passou mas não da certo

diz que não foi encontrado.

<!> Se digitou conforme a opção 2,não teremos a desinstalação do ComboFix:

 

<1> combofix.exe /uninstall ( Correto! )

<2> combofix.exe/uninstall ( Incorreto! )

 

ºººººººººººººººººººººº

ºººººººººººººººººººººº

<!> Seu log está limpo! :)

<!> Tudo Ok?

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

Boa noite! DigRam,

desde ja agradeço pela atençao e tempo dedicado para ajudar-nos aqui no forum

 

mas olha... continuo com o mesmo problema! :(

nada adiantou.. pode até ser que tenha dado uma boa limpada no pc.. ter tirados alguns malwares virus que não tinham sido identificado.

gostaria que o avira parasse de ficar mostrando a tela de identificação desse tal virus... pq ja fiz de tudo até ja desinstalei e instalei novamente.. sempre atualizado.. e não adianta....

ja passei o malware antimalware; os prog. antivirus, antirootkit e nada... ñ sei mais o que fazer... e não gostaria de formatar o pc só por causa de um falso alerta! :ermm: :angry:

fiz tudo como você me informou.

e agora? :mellow:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa noite! DigRam,

desde ja agradeço pela atençao e tempo dedicado para ajudar-nos aqui no forum

 

mas olha... continuo com o mesmo problema! :(

nada adiantou.. pode até ser que tenha dado uma boa limpada no pc.. ter tirados alguns malwares virus que não tinham sido identificado.

gostaria que o avira parasse de ficar mostrando a tela de identificação desse tal virus... pq ja fiz de tudo até ja desinstalei e instalei novamente.. sempre atualizado.. e não adianta....

ja passei o malware antimalware; os prog. antivirus, antirootkit e nada... ñ sei mais o que fazer... e não gostaria de formatar o pc só por causa de um falso alerta! :ermm: :angry:

fiz tudo como você me informou.

e agora? :mellow:

///////////////\\\\\\\\\\\\\\\

Bom Dia! maniagames100%

 

<!> Configure seu antivírus conforme estas dicas,logo abaixo:

 

< Tutorial do Avira Antivir 9 free >

 

< http://www.babooforum.com.br/forum/Tutorial-do-Avira-Antivir-Personal-Free-Antivirus-82-instalacao-e-configuracao-t667540.html >

 

<!> Não tendo êxito,desinstale o Avira e baixe o Avast.

<!> Baixe: < iavs4pro >

<!> Ps: Este executável instalará o Avast!

<!> Ps: Caso resolva optar pela remoção do Avira,faça logo após sua desinstalação,a limpeza do registro com esta ferramenta:

 

<@> Vá a esta página e baixe: < Avira AntiVir RegistryCleaner >

<@> Execute o utilitário,mas...não esqueça de tirá-lo do zip.

<!> Aguardo retorno!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

Ola! DigRam,

 

olha, fiz tudo certinho! e não da certo :o <_<

 

e tbm não gostaria de tirar o avira, pois ja instalei outros antivirus e inclusive esse Avast, e não gostei muito deles... o avira tava resolvendo... ha muito tempo uso ele... agora q apareceu essa tela q ñ quer sair mais. aff :huh:

 

mais alguma coisa que eu poderia fazer?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Ola! DigRam,

 

olha, fiz tudo certinho! e não da certo :o <_<

 

e tbm não gostaria de tirar o avira, pois ja instalei outros antivirus e inclusive esse Avast, e não gostei muito deles... o avira tava resolvendo... ha muito tempo uso ele... agora q apareceu essa tela q ñ quer sair mais. aff :huh:

 

mais alguma coisa que eu poderia fazer?

////////////////\\\\\\\\\\\\\\\\

Boa Tarde! maniagames100%

 

<!> A formatação será providencial,no seu caso,já que procedimentos não surtem efeito em sua máquina.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

:ermm: ok! fazer o que né, rss :ermm:

 

OBRIGADO MAIS UMA VEZ, PELO SEU TEMPO E ATENÇÃO.

 

ja que não há mais nada ser feito alem da formatação.. pode finalizar o tópico.

 

até a proxima!

 

bom trabalho...

 

obrigado mais uma vez rss :joia:

;)

Compartilhar este post

Link para o post
Compartilhar em outros sites

maniagames100%    0

maniagames100%
Postado

:ermm: ok! fazer o que né, rss :ermm:

 

OBRIGADO MAIS UMA VEZ, PELO SEU TEMPO E ATENÇÃO.

 

ja que não há mais nada ser feito alem da formatação.. pode finalizar o tópico.

 

até a proxima!

 

bom trabalho...

 

obrigado mais uma vez rss :joia:

;)

 

:clap: :joia: BOA TARDE PESSOAL... to postando aqui uma solução que encontrei para eliminar esse maldito rootkit... :joia: :clap:

 

 

Olha! é o seguinte.... depois de ter formatado umas 3 maquina aki.. affs não aguentava mais ter que ficar instalando drivers tudo de novo por causa de um irritante virus que não queria sumir.. rsrs

 

continuei pesquisando na net e em varios foruns.... em um deles a vitima rsrs baixou o norton 2010 pra teste e escaniou o pc NOSSA foi um milagre...resolveu o problema dele E TAMBÉM O MEU uffa...

 

entao to postando aki como uma dica pra quem pegou um miseravel rootkit e ta te encomodando.... baixa o norton antivirus 2010 pra teste... desinstala seu antivirus atual e mete bala..... instala o norton e escaneia seu pc .... depois de escaniar o pc e remover TODAS as pragras... desinstale o norton e recomendo que instale o avira e deixe ele sempre atualizado... pra melhor segurança... vlw

 

espero ter ajudado.... e agradeço mais uma vez quem doou seu tempo e atençao pra tentar me ajudar... B) :joia: :clap: :lol: :D

 

;)

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito