Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Bechir Bitar

[Resolvido!] Navegadores dando erro e travando

Recommended Posts

Ola ! Pessoal estou com um problema que não consigo resolver já fiz de tudo mas está elem do meu alcance e conhecimento por isso vou relatar o problema para ver se alguem me da uma ajuda:

 

Toda vez que tento abrir qualquer um navgador IE8, Mozila ou Google ele da uma mensagem dizendo que a ulima sessão da abertura do "Nome do navegador" não foi fechada ... "se houver necessidade mando uma imagem do erro" uso por alguns instantes mais acaba travando e tenho que dar um boot desligando a maquina pela chave liga/desliga e numa destas vezes ele mudou o descktop por um tão antigo que já nem lebro quanto tempo faz que eu usei, não sei de onde ele pegou este descktop, e tambám ficou muito lento o boot.

 

 

Vou colocar um log para que possam analizar e quem sabe solucionar o meu problema e de alguem que esteja passando pelo mesmo.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:05:05, on 18/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\Hsiqua.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\B&J Cyber\kapeg.exe

C:\Documents and Settings\B&J Cyber\lgqig.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EASYSERVER.EXE

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\DOCUME~1\B&JCYB~1\CONFIG~1\Temp\Hbl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.9:918;http://192.168.1.9:918

O1 - Hosts: 12.129.206.130 us.logon.battle.net

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {594FACEB-1595-43A6-AAEF-CC383662D31A}AAEF-CC383662D31A} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kapeg] C:\Documents and Settings\B&J Cyber\kapeg.exe

O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\B&J Cyber\lgqig.exe

O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\DOCUME~1\B&JCYB~1\CONFIG~1\Temp\Hbl.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: hpzsetup.LNK = C:\Arquivos de programas\HP\Temp\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\hpzstub.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.ead.sebrae.com.br

O15 - Trusted Zone: www.webaula.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7406FA5-7351-496B-92E4-D557BAB81CAE}: NameServer = 192.168.1.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 7743 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Bechir Bitar

 

<@> Baixe: < marcinsig.gif > Link!

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<><><><><><><><><><><>

<@> Poste,os relatórios: mbam-log-2010-xx-xx (00-00-00).txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Removeu uns arquivos, o problema persiste.

 

Tem uma forma de enviar as telas de erro que é mostrada ?

 

-------------------------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:28:10, on 19/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\B&J Cyber\kapeg.exe

C:\Documents and Settings\B&J Cyber\lgqig.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE

D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EASYSERVER.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.9:918;http://192.168.1.9:918

O1 - Hosts: 12.129.206.130 us.logon.battle.net

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {594FACEB-1595-43A6-AAEF-CC383662D31A}AAEF-CC383662D31A} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [kapeg] C:\Documents and Settings\B&J Cyber\kapeg.exe

O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\B&J Cyber\lgqig.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.ead.sebrae.com.br

O15 - Trusted Zone: www.webaula.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7406FA5-7351-496B-92E4-D557BAB81CAE}: NameServer = 192.168.1.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 7286 bytes

 

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3886

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

19/03/2010 19:02:29

mbam-log-2010-03-19 (19-02-28).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 173515

Tempo decorrido: 49 minute(s), 31 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 1

Ítens do Registro infectados: 2

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Boa noite DigRAM e obrigado pela atenção !!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Bechir Bitar

 

Tem uma forma de enviar as telas de erro que é mostrada ?

<!> Não há necessidade! Pelo menos por enquanto.

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite DigRam

-------------------------------------------------------------------------------------------------

 

Durante a execução do combofix deu varias vezes o erro:

pv.cfxx encontrou um problema e precisa ser fechado, pelo menos umas 10 vezes.

 

Uma das mensagens que dava parou. O Windows não consegue encontrar csrs.exe ....

 

Segue log´s

 

ComboFix 10-03-19.06 - B&J Cyber 19/03/2010 22:34:17.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.480 [GMT -3:00]

Executando de: d:\a-download\Programas\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\B&J Cyber\autorun.inf

c:\documents and settings\B&J Cyber\kapeg.exe

c:\documents and settings\B&J Cyber\kapeg.scr

C:\khq

C:\LOG.TXT

c:\recycler\k-1-3542-4232123213-7676767-8888886

C:\Thumbs.db

c:\windows\explorer.exe.local

c:\windows\Sa.exe

c:\windows\system32\AutoRun.inf

c:\windows\winhelp26.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASC3360PR

-------\Legacy_SSHNAS

-------\Service_asc3360pr

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-20 to 2010-03-20 ))))))))))))))))))))))))))))

.

 

2010-03-20 00:48 . 2010-03-20 00:48 50504 ----a-w- c:\windows\system32\drivers\pxrts.sys

2010-03-20 00:48 . 2010-03-20 00:48 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys

2010-03-19 23:50 . 2010-03-19 23:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2010-03-19 23:17 . 2010-03-19 23:17 -------- d-----w- c:\arquivos de programas\IObit

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2010-03-18 18:49 . 2010-03-18 18:53 176745 ----a-w- c:\windows\hpoins28.dat

2010-03-18 18:49 . 2008-05-12 03:49 796 ------w- c:\windows\hpomdl28.dat

2010-03-18 16:04 . 2010-03-18 16:04 -------- d-----w- C:\Program Files

2010-03-17 13:17 . 2010-03-17 13:17 360584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-03-17 13:17 . 2010-03-17 13:17 28424 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgmfx86.sys

2010-03-17 13:17 . 2010-03-17 13:17 333192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-03-17 13:17 . 2010-03-17 13:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-17 01:09 . 2010-03-17 01:09 45056 --sh--r- c:\documents and settings\B&J Cyber\lgqig.exe

2010-03-16 22:55 . 2010-03-16 22:55 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-03-16 20:17 . 2010-03-20 00:47 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\HPAppData

2010-03-16 01:12 . 2010-03-16 01:12 -------- d-----w- c:\windows\ie8updates

2010-03-16 01:10 . 2010-03-16 01:11 -------- dc-h--w- c:\windows\ie8

2010-03-16 01:01 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-03-16 01:00 . 2009-12-21 19:07 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-03-16 01:00 . 2009-12-21 19:07 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-03-16 01:00 . 2009-12-21 19:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-03-16 01:00 . 2009-12-21 19:07 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-03-16 01:00 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-03-16 01:00 . 2009-12-21 19:07 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-03-09 17:41 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-03-09 17:41 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-03-09 17:41 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-03-09 17:41 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-03-09 17:41 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-03-09 17:38 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-09 17:38 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-09 17:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-09 16:32 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-03-09 16:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-09 16:26 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-09 16:21 . 2008-09-04 17:16 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-08 20:54 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2010-03-08 20:54 . 2009-11-27 17:13 1296384 -c----w- c:\windows\system32\dllcache\quartz.dll

2010-03-08 20:51 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll

2010-03-08 20:49 . 2009-12-17 07:41 345600 -c----w- c:\windows\system32\dllcache\mspaint.exe

2010-03-08 20:45 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-08 20:41 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-08 16:47 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-08 16:47 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-03-05 12:07 . 2010-03-08 01:47 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\6C3FD098D8.sys

2010-03-05 12:07 . 2010-03-08 01:48 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-03-05 11:28 . 2010-03-05 11:28 -------- d-----w- c:\arquivos de programas\Corel

2010-02-26 16:35 . 2010-02-26 16:35 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-26 16:26 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 16:26 . 2010-02-26 16:36 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 16:26 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 15:58 . 2010-02-26 15:58 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-02-26 14:10 . 2010-02-26 14:12 -------- d-----w- C:\LinhaDefensiva

2010-02-26 00:42 . 2010-02-26 00:42 423 ----a-w- c:\windows\system\SERVIDOR4007master_.sys

2010-02-26 00:42 . 2010-02-26 00:42 -------- d-----w- C:\BancoBrasil

2010-02-23 00:19 . 2010-02-23 00:19 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\Yahoo!

2010-02-23 00:19 . 2010-03-19 23:50 -------- d-----w- c:\arquivos de programas\Yahoo!

2010-02-23 00:19 . 2010-02-23 00:19 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-21 22:47 . 2010-02-21 22:47 -------- d-----w- c:\windows\Time Stopper

2010-02-19 01:10 . 2001-09-06 02:20 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-02-19 01:10 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-02-19 01:10 . 2008-04-13 14:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-02-19 01:10 . 2008-04-13 14:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-20 00:17 . 2009-08-17 18:14 -------- d-----w- c:\arquivos de programas\HP

2010-03-19 23:17 . 2009-10-21 23:44 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\IObit

2010-03-19 20:41 . 2009-12-13 13:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-03-17 19:45 . 2008-01-04 04:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-03-17 13:17 . 2009-12-13 13:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-17 13:17 . 2009-12-13 13:44 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-17 13:16 . 2009-12-13 13:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-16 20:08 . 2009-08-17 18:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-03-16 00:40 . 2008-01-04 04:37 -------- d-----w- c:\arquivos de programas\Google

2010-03-16 00:17 . 2008-01-04 04:35 -------- d-----w- c:\arquivos de programas\Symantec

2010-03-09 17:23 . 2009-12-11 20:30 -------- d-----w- c:\arquivos de programas\Mozilla Firefox 3.6 Beta 4

2010-03-07 02:53 . 2010-01-18 01:06 -------- d-----w- c:\arquivos de programas\Puxa Rápido

2010-03-07 02:52 . 2009-06-23 00:16 -------- d-----w- c:\arquivos de programas\BitComet

2010-02-24 22:43 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\U3

2010-02-24 00:25 . 2009-10-21 22:45 -------- d-----w- c:\arquivos de programas\TweakNow WinSecret 2009

2010-02-24 00:25 . 2009-10-21 22:45 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\TweakNow WinSecret 2009

2010-01-29 02:01 . 2010-01-15 15:13 -------- d-----w- c:\arquivos de programas\BitTorrent Ultra Accelerator

2010-01-29 02:01 . 2010-01-29 02:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2010-01-08 14:01 . 2001-10-28 18:07 57834 ----a-w- c:\windows\system32\perfc016.dat

2010-01-08 14:01 . 2001-10-28 18:07 422870 ----a-w- c:\windows\system32\perfh016.dat

2009-12-31 16:50 . 2004-08-04 03:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:08 . 2004-08-04 04:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-09 12:52 . 2009-12-08 01:26 8263712 --sha-w- c:\windows\system32\drivers\fidbox.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

"lgqig"="c:\documents and settings\B&J Cyber\lgqig.exe" [2010-03-17 45056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"SiSPower"="SiSPower.dll" [2005-07-12 49152]

"00DSKSVR01"="c:\arquivos de programas\Easy Desktop Keeper\desksaver.exe" [2004-01-23 1188352]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"00DSKSVR00"="c:\arquivos de programas\Easy Desktop Keeper\desksaver.exe" [2004-01-23 1188352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 77824]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-1-4 262144]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoPwdpage"= 0 (0x0)

"NoProfilePage"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigpage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-17 13:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\TinaSoft\\Easy Cafe Client\\client.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=

"d:\\Ferramentas\\TeamViewerPortable_pt\\TeamViewer.exe"=

"c:\\Documents and Settings\\B&J Cyber\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"d:\\eMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7292:TCP"= 7292:TCP:rbzqz

"7756:TCP"= 7756:TCP:BitComet 7756 TCP

"7756:UDP"= 7756:UDP:BitComet 7756 UDP

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/12/2009 10:44 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/12/2009 10:44 242696]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [17/03/2010 10:17 308064]

S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/05/2009 23:30 108289]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = hxxp://192.168.0.9:918;http://192.168.1.9:918

uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: sebrae.com.br\www.ead

Trusted Zone: webaula.com.br\www

TCP: {C7406FA5-7351-496B-92E4-D557BAB81CAE} = 192.168.1.1

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

FF - ProfilePath - c:\documents and settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{594FACEB-1595-43A6-AAEF-CC383662D31A}AAEF-CC383662D31A} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-kapeg - c:\documents and settings\B&J Cyber\kapeg.exe

Notify-WgaLogon - (no file)

MSConfigStartUp-kapeg - c:\documents and settings\B&J Cyber\kapeg.exe

MSConfigStartUp-Winsyst_Ob - c:\rvedc\xtb.exe

MSConfigStartUp-Winsyst_On - c:\rvedc\xtn.exe

MSConfigStartUp-Winsyst_Or - c:\rvedc\xtr.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-19 22:43

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1547161642-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}\InProcServer32*]

"dbdhkphonbejecchgbehhicfmejpleifgfeoilib"=hex:6a,61,62,63,63,6b,6a,6f,6e,69,

70,6a,6b,63,66,67,69,61,61,6b,00,00

"cbdhadnhlemkncknadcmcnfoikielgojcpiefm"=hex:69,61,65,64,64,6c,62,68,6f,64,65,

70,64,63,6c,63,64,63,00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2892)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-19 22:57:59 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-20 01:57

 

Pré-execução: 6.488.715.264 bytes disponíveis

Pós execução: 6.271.979.520 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 56E8BF7BA3F5282AE9A0CAB7802C0812

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:06:38, on 19/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Documents and Settings\B&J Cyber\lgqig.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.9:918;http://192.168.1.9:918

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [00DSKSVR01] C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [00DSKSVR00] "C:\Arquivos de programas\Easy Desktop Keeper\desksaver.exe" saskda

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\B&J Cyber\lgqig.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.ead.sebrae.com.br

O15 - Trusted Zone: www.webaula.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7406FA5-7351-496B-92E4-D557BAB81CAE}: NameServer = 192.168.1.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

 

--

End of file - 7348 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Bechir Bitar

 

<@> Submeta estes ficheiros,abaixo,à uma análise em: < VirSCAN.org >

 

c:\documents and settings\All Users\Dados de aplicativos\6C3FD098D8.sys

 

C:\Documents and Settings\B&J Cyber\lgqig.exe

 

C:\Documents and Settings\B&J Cyber\kapeg.exe

 

<@> Clique em "Enviar arquivo...".

<@> Localizado os ficheiros,em seu PC,clique em "Upload" --> Aguarde!

<@> Na mensagem,clique em: "Verificar novamente"

<@> Concluindo,copie e envie-nos os links aos relatórios.

<@> Exemplo: Foi verificado o arquivo NodeRefresh.dll,cujo link ao relatório segue abaixo:

<@> Link: --> < logo.gif >

°°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°°

<!> Desinstale:

 

C:\Arquivos de programas\IObit\Advanced SystemCare 3

C:\Arquivos de programas\Easy Desktop Keeper

°°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°°

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

C:\DOCUME~1\B&JCYB~1\CONFIG~1\Temp\Hbl.exe

Rootkit::

c:\windows\system32\drivers\pxrts.sys

c:\windows\system32\drivers\pxkbf.sys

Driver::

"pxkbf"

"pxrts"

"AntiVirSchedulerService"

Folder::

C:\LinhaDefensiva

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7292:TCP"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

RegLock::

[HKEY_USERS\S-1-5-21-1547161642-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}\InProcServer32*]

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam boa noite!!!

 

Estes arquivos não foram encotrados por esta razão não dei sequencia ao processo que você me indicou para proseguir.

 

c:\documents and settings\All Users\Dados de aplicativos\6C3FD098D8.sys

 

C:\Documents and Settings\B&J Cyber\lgqig.exe

 

C:\Documents and Settings\B&J Cyber\kapeg.exe

 

 

Fico aguardando o que devo fazer...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi DigRam boa noite!!!

 

Estes arquivos não foram encotrados por esta razão não dei sequencia ao processo que você me indicou para proseguir.

 

c:\documents and settings\All Users\Dados de aplicativos\6C3FD098D8.sys

 

C:\Documents and Settings\B&J Cyber\lgqig.exe

 

C:\Documents and Settings\B&J Cyber\kapeg.exe

 

 

Fico aguardando o que devo fazer...

///////////\\\\\\\\\\\\

Opa! Bechir Bitar

 

<!> Siga com os demais procedimentos!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam !!!

 

Ao proseguir com a rotina do ComboFix Surge um form com o alerta:

 

ComboFix detectou o seguinte programa de proteção residente(s) ativo:

 

Antivírus: Antivir Descktop

 

Antivírus e programas de prevenção podem podem interferir na execução do combofix. Isto pode interferir nos resultados ou possível mente danificar a maquina. Porfavor desabilite estes programas antes de clicar OK.

 

Fui no registro e localizei é uma pasta do avira antivirus, como não uso este antivirus tentei excluir mas não consegui por que dá erro.

 

Agurdo uma nova ação para proseguir...

 

Obrigado pela atenção.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite DigRam !!!

 

Ao proseguir com a rotina do ComboFix Surge um form com o alerta:

 

ComboFix detectou o seguinte programa de proteção residente(s) ativo:

 

Antivírus: Antivir Descktop

 

Antivírus e programas de prevenção podem podem interferir na execução do combofix. Isto pode interferir nos resultados ou possível mente danificar a maquina. Porfavor desabilite estes programas antes de clicar OK.

 

Fui no registro e localizei é uma pasta do avira antivirus, como não uso este antivirus tentei excluir mas não consegui por que dá erro.

 

Agurdo uma nova ação para proseguir...

 

Obrigado pela atenção.

////////////\\\\\\\\\\\\

Opa! Bechir Bitar

 

<@> Vá a esta página e baixe: < Avira AntiVir RegistryCleaner > ( 887 KB )

<@> Execute o utilitário,mas...não esqueça de tirá-lo do zip.

<@> Concluindo,arraste o script ao ComboFix.exe.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam !!!

 

A coisa não está fácil...

 

Fui na Página do avira baixei e rodei o progtama "Avira AntiVir RegistryCleaner".

Foram excluidos algumas chaves e outras não e o alerta antes citado no ComboFix Continua.

 

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam !!!

 

A coisa não está fácil...

 

Fui na Página do avira baixei e rodei o progtama "Avira AntiVir RegistryCleaner".

Foram excluidos algumas chaves e outras não e o alerta antes citado no ComboFix Continua.

 

 

Abraços.

///////////\\\\\\\\\\\

Opa! Bechir Bitar

 

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança".

<!> Ps: A mesma recomendação serve ao rodar o script.

°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < SafeBootKeyRepair >

<@> Salve-a,diretamente,no Disco-local ©.

<@> Execute-a!E,ao terminar,gerará um relatório: C:\SafeBoot_Repair.txt <-- Não poste!

<@> Reinicie em Modo de Segurança e arraste o CFScript.txt,conforme instruções.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam !

 

Apartir da primeira vez que rodei o ComboFix na tela de entrada do xp ficaram duas opções de carga tipo:

 

Microsoft Windows Recovery console

Microsoft Windows XP professional

 

Como faço para eliminar a primeira ?

 

----------------------------------------------------------------------------------------------------------

 

Quanto ao SafeBootKeyRepair.exe Só mostrou uma tela negra que aparece muito rapidamente como um flash, não entendi o uso ou se é assim mesmo!!!

 

Rodei o ComboFix mesmo com o erro do Antivir desktop...

 

Mais uma vez obrigado pela atenção !

 

----------------------------------------------------------------------------------------------------------

Segue o log dos dois

 

ComboFix 10-03-19.06 - B&J Cyber 22/03/2010 8:25.2.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.778 [GMT -3:00]

Executando de: d:\a-download\Programas\ComboFix.exe

Comandos utilizados :: c:\documents and settings\All Users\Desktop\CfScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\docume~1\B&JCYB~1\CONFIG~1\Temp\Hbl.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\B&J Cyber\ggjfkh.exe

c:\documents and settings\B&J Cyber\jnkntuus.exe

c:\documents and settings\B&J Cyber\tpbystx.exe

C:\LinhaDefensiva

c:\linhadefensiva\banker.bat

c:\linhadefensiva\BankerFix.vbs

c:\linhadefensiva\credits\exec.txt

c:\linhadefensiva\exec\download.exe

c:\linhadefensiva\exec\md5.exe

c:\linhadefensiva\exec\MoveEx.exe

c:\linhadefensiva\exec\pv.exe

c:\linhadefensiva\exec\unzip.exe

c:\linhadefensiva\func\lang.vbs

c:\linhadefensiva\func\reg.vbs

c:\linhadefensiva\func\scan.vbs

c:\linhadefensiva\func\strings.vbs

c:\linhadefensiva\Iniciar-BankerFix.vbs

c:\linhadefensiva\lang\bat\antivirusnote.txt

c:\linhadefensiva\lang\bat\changepass.txt

c:\linhadefensiva\lang\bat\error-removing.txt

c:\linhadefensiva\lang\bat\filesremoved.txt

c:\linhadefensiva\lang\bat\logend.txt

c:\linhadefensiva\lang\bat\logremhelp.txt

c:\linhadefensiva\lang\bat\logremtif.txt

c:\linhadefensiva\lang\bat\noproblems.txt

c:\linhadefensiva\lang\bat\opening.txt

c:\linhadefensiva\lang\bat\rebootrequired.txt

c:\linhadefensiva\lang\bat\seeforum.txt

c:\linhadefensiva\lang\bat\wait.txt

c:\linhadefensiva\lang\bat\win95.txt

c:\linhadefensiva\lang\init\en.txt

c:\linhadefensiva\lang\init\ptb.txt

c:\linhadefensiva\lang\vb\bankerfix.txt

c:\linhadefensiva\lang\vb\loader.txt

c:\linhadefensiva\lang\vb\postreboot.txt

c:\linhadefensiva\leiame.txt

c:\linhadefensiva\QUA\backup.reg

c:\linhadefensiva\readme.txt

c:\linhadefensiva\reflist\fx.reg

c:\linhadefensiva\reflist\ref-allu

c:\linhadefensiva\reflist\ref-appdata

c:\linhadefensiva\reflist\ref-commonfiles

c:\linhadefensiva\reflist\ref-hosts

c:\linhadefensiva\reflist\ref-md5

c:\linhadefensiva\reflist\ref-mydoc

c:\linhadefensiva\reflist\ref-profile

c:\linhadefensiva\reflist\ref-programfiles

c:\linhadefensiva\reflist\ref-reg

c:\linhadefensiva\reflist\ref-start

c:\linhadefensiva\reflist\ref-startup

c:\linhadefensiva\reflist\ref-sysdrive

c:\linhadefensiva\reflist\ref-system

c:\linhadefensiva\reflist\ref-system32

c:\linhadefensiva\reflist\ref-tasks

c:\linhadefensiva\reflist\ref-temp

c:\linhadefensiva\reflist\ref-wincommon

c:\linhadefensiva\reflist\ref-windows

c:\linhadefensiva\reflist\reft-startup

c:\linhadefensiva\reflist\reg-proxy

c:\linhadefensiva\relatorio.txt

c:\linhadefensiva\relatorios\2010-02-26.txt

c:\linhadefensiva\relatorios\errorlog.txt

c:\linhadefensiva\rotinas\arquiva-relatorio.vbs

c:\linhadefensiva\rotinas\postreboot.bat

c:\linhadefensiva\rotinas\postreboot.vbs

c:\linhadefensiva\rotinas\remocao\driver.vbs

c:\linhadefensiva\rotinas\remocao\shell.vbs

c:\linhadefensiva\rotinas\remocao\userinit.vbs

c:\linhadefensiva\rotinas\remocao\winlogon.vbs

c:\linhadefensiva\rotinas\update.vbs

c:\linhadefensiva\VERSION

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ANTIVIRSCHEDULERSERVICE

-------\Legacy_PXKBF

-------\Legacy_PXRTS

-------\Service_AntiVirSchedulerService

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-22 to 2010-03-22 ))))))))))))))))))))))))))))

.

 

2010-03-22 11:20 . 2010-03-22 11:12 288654 ----a-w- C:\SafeBootKeyRepair.exe

2010-03-22 11:16 . 2010-03-22 11:17 -------- d-----w- c:\documents and settings\Administrador

2010-03-21 22:03 . 2008-01-24 21:22 729088 ----a-r- c:\windows\system32\hpowiax7.dll

2010-03-21 22:03 . 2008-01-24 21:22 303104 ----a-r- c:\windows\system32\hpovst15.dll

2010-03-21 22:03 . 2008-01-24 21:22 581632 ----a-r- c:\windows\system32\hpotscl6.dll

2010-03-21 22:03 . 2008-01-24 21:22 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-03-21 22:03 . 2008-01-24 21:22 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-03-21 00:11 . 2010-03-21 00:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-03-20 23:16 . 2010-03-17 11:33 226304 ----a-w- c:\windows\juchecka.exe

2010-03-19 23:50 . 2010-03-19 23:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2010-03-19 23:17 . 2010-03-19 23:17 -------- d-----w- c:\arquivos de programas\IObit

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2010-03-18 18:49 . 2010-03-18 18:53 176745 ----a-w- c:\windows\hpoins28.dat

2010-03-18 18:49 . 2008-05-12 03:49 796 ------w- c:\windows\hpomdl28.dat

2010-03-18 16:04 . 2010-03-18 16:04 -------- d-----w- C:\Program Files

2010-03-17 13:17 . 2010-03-17 13:17 360584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-03-17 13:17 . 2010-03-17 13:17 28424 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgmfx86.sys

2010-03-17 13:17 . 2010-03-17 13:17 333192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-03-17 13:17 . 2010-03-17 13:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-17 01:09 . 2010-03-17 01:09 45056 --sh--r- c:\documents and settings\B&J Cyber\lgqig.exe

2010-03-16 22:55 . 2010-03-16 22:55 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-03-16 20:17 . 2010-03-20 00:47 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\HPAppData

2010-03-16 01:12 . 2010-03-16 01:12 -------- d-----w- c:\windows\ie8updates

2010-03-16 01:10 . 2010-03-16 01:11 -------- dc-h--w- c:\windows\ie8

2010-03-16 01:01 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-03-16 01:00 . 2009-12-21 19:07 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-03-16 01:00 . 2009-12-21 19:07 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-03-16 01:00 . 2009-12-21 19:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-03-16 01:00 . 2009-12-21 19:07 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-03-16 01:00 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-03-16 01:00 . 2009-12-21 19:07 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-03-09 17:41 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-03-09 17:41 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-03-09 17:41 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-03-09 17:41 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-03-09 17:41 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-03-09 17:38 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-09 17:38 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-09 17:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-09 16:32 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-03-09 16:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-09 16:26 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-09 16:21 . 2008-09-04 17:16 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-08 20:54 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2010-03-08 20:54 . 2009-11-27 17:13 1296384 -c----w- c:\windows\system32\dllcache\quartz.dll

2010-03-08 20:51 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll

2010-03-08 20:49 . 2009-12-17 07:41 345600 -c----w- c:\windows\system32\dllcache\mspaint.exe

2010-03-08 20:45 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-08 20:41 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-08 16:47 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-08 16:47 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-03-05 12:07 . 2010-03-08 01:47 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\6C3FD098D8.sys

2010-03-05 12:07 . 2010-03-08 01:48 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-03-05 11:28 . 2010-03-05 11:28 -------- d-----w- c:\arquivos de programas\Corel

2010-02-26 16:35 . 2010-02-26 16:35 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-26 16:26 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 16:26 . 2010-02-26 16:36 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 16:26 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 15:58 . 2010-02-26 15:58 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-02-26 00:42 . 2010-02-26 00:42 423 ----a-w- c:\windows\system\SERVIDOR4007master_.sys

2010-02-26 00:42 . 2010-02-26 00:42 -------- d-----w- C:\BancoBrasil

2010-02-23 00:19 . 2010-02-23 00:19 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\Yahoo!

2010-02-23 00:19 . 2010-03-19 23:50 -------- d-----w- c:\arquivos de programas\Yahoo!

2010-02-23 00:19 . 2010-02-23 00:19 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-21 22:47 . 2010-02-21 22:47 -------- d-----w- c:\windows\Time Stopper

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-21 00:09 . 2008-01-04 03:28 -------- d-----w- c:\arquivos de programas\Java

2010-03-20 00:17 . 2009-08-17 18:14 -------- d-----w- c:\arquivos de programas\HP

2010-03-19 23:17 . 2009-10-21 23:44 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\IObit

2010-03-19 20:41 . 2009-12-13 13:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-03-17 19:45 . 2008-01-04 04:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-03-17 13:17 . 2009-12-13 13:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-17 13:17 . 2009-12-13 13:44 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-17 13:16 . 2009-12-13 13:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-16 20:08 . 2009-08-17 18:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-03-16 00:40 . 2008-01-04 04:37 -------- d-----w- c:\arquivos de programas\Google

2010-03-16 00:17 . 2008-01-04 04:35 -------- d-----w- c:\arquivos de programas\Symantec

2010-03-09 17:23 . 2009-12-11 20:30 -------- d-----w- c:\arquivos de programas\Mozilla Firefox 3.6 Beta 4

2010-03-07 02:53 . 2010-01-18 01:06 -------- d-----w- c:\arquivos de programas\Puxa Rápido

2010-03-07 02:52 . 2009-06-23 00:16 -------- d-----w- c:\arquivos de programas\BitComet

2010-02-24 22:43 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\U3

2010-02-24 00:25 . 2009-10-21 22:45 -------- d-----w- c:\arquivos de programas\TweakNow WinSecret 2009

2010-02-24 00:25 . 2009-10-21 22:45 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\TweakNow WinSecret 2009

2010-01-29 02:01 . 2010-01-15 15:13 -------- d-----w- c:\arquivos de programas\BitTorrent Ultra Accelerator

2010-01-29 02:01 . 2010-01-29 02:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2010-01-08 14:01 . 2001-10-28 18:07 57834 ----a-w- c:\windows\system32\perfc016.dat

2010-01-08 14:01 . 2001-10-28 18:07 422870 ----a-w- c:\windows\system32\perfh016.dat

2009-12-31 16:50 . 2004-08-04 03:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-09 12:52 . 2009-12-08 01:26 8263712 --sha-w- c:\windows\system32\drivers\fidbox.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-20_01.43.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-20 18:23 . 2010-03-20 18:23 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2010-03-21 22:58 . 2010-03-21 22:58 85019 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe

+ 2010-03-21 00:11 . 2010-03-21 00:11 180224 c:\windows\Installer\2a834cf.msi

+ 2010-01-26 19:59 . 2010-01-26 19:59 1955384 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lgqig"="c:\documents and settings\B&J Cyber\lgqig.exe" [2010-03-17 45056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-07-12 49152]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"juchecka.exe"="c:\windows\juchecka.exe" [2010-03-17 226304]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 77824]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-1-4 262144]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoPwdpage"= 0 (0x0)

"NoProfilePage"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigpage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-17 13:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\TinaSoft\\Easy Cafe Client\\client.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=

"d:\\Ferramentas\\TeamViewerPortable_pt\\TeamViewer.exe"=

"c:\\Documents and Settings\\B&J Cyber\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"d:\\eMule\\emule.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7756:TCP"= 7756:TCP:BitComet 7756 TCP

"7756:UDP"= 7756:UDP:BitComet 7756 UDP

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/12/2009 10:44 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/12/2009 10:44 242696]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [17/03/2010 10:17 308064]

S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-21 c:\windows\Tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = hxxp://192.168.0.9:918;http://192.168.1.9:918

uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: sebrae.com.br\www.ead

Trusted Zone: webaula.com.br\www

TCP: {C7406FA5-7351-496B-92E4-D557BAB81CAE} = 192.168.1.1

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

FF - ProfilePath - c:\documents and settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-22 08:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1547161642-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}\InProcServer32*]

"dbdhkphonbejecchgbehhicfmejpleifgfeoilib"=hex:6a,61,62,63,63,6b,6a,6f,6e,69,

70,6a,6b,63,66,67,69,61,61,6b,00,00

"cbdhadnhlemkncknadcmcnfoikielgojcpiefm"=hex:69,61,65,64,64,6c,62,68,6f,64,65,

70,64,63,6c,63,64,63,00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(2896)

c:\windows\system32\WININET.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-03-22 08:48:10 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-03-22 11:48

ComboFix2.txt 2010-03-20 01:58

 

Pré-execução: 6.609.821.696 bytes disponíveis

Pós execução: 6.627.168.256 bytes disponíveis

 

- - End Of File - - 15ED983FCC4D080FB80CD6DEFD286288

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:52:08, on 22/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\juchecka.exe

C:\Documents and Settings\B&J Cyber\lgqig.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.9:918;http://192.168.1.9:918

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [juchecka.exe] C:\WINDOWS\juchecka.exe

O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\B&J Cyber\lgqig.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.ead.sebrae.com.br

O15 - Trusted Zone: www.webaula.com.br

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C7406FA5-7351-496B-92E4-D557BAB81CAE}: NameServer = 192.168.1.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

 

--

End of file - 6335 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Bechir Bitar

 

<@> Copie estas informações,sob o CODE,para o Bloco de Notas.

 

; DelDomains.inf © 11-28-04 | Revised 01-15-06; Created by: Mike Burgess Microsoft MVP; http://mvps.org/winhelp2002/;; Warning: Deletes all entries in the Restricted & Trusted Zone list; http://mvps.org/winh.../restricted.htm;; Revised to include the EscDomains key;; To execute this file: in Explorer - right-click (this file); Select Install from the Menu.; Note: you will not see any onscreen action.[version]signature="$CHICAGO$"[DefaultInstall]DelReg=DelTempsAddReg=AddTemps[DelTemps]HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"; Recreate the keys to avoid a restart[AddTemps]HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

<@> Em "Salvar como tipo",coloque: "Todos os arquivos"

<@> Em "Nome do arquivo",digite: DelDomains.inf <-- Não esqueça o ( .inf )

<@> Salve-o no desktop.

<@> Agora,siga com sua instalação!

<@> Vá ao arquivo --> Clique direito nesse arquivo --> Instalar <-- Clique esquerdo!

<@> Ps: Sua ação é silenciosa observando-se,apenas,um leve tremor na tela do computador.

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Abra o Firefox.

<@> Vá em Ferramentas -> Opções -> Avançado -> Rede -> Configurar Conexão.

<@> Clique em "Sem Proxy".

<@> Abra o IE8.

<@> Vá em Ferramentas -> Opções da Internet -> Conexões -> Configurações da LAN.

<@> Desmarque: "Usar Servidor Proxy"

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Abra o HijackThis -> Clique em "Do a system scan only" .

<@> Marque,abaixo,estas entradas!

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://192.168.0.9:9...192.168.1.9:918

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

 

O4 - HKLM\..\Run: [juchecka.exe] C:\WINDOWS\juchecka.exe

 

O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\B&J Cyber\lgqig.exe

 

<@> Clique em "Fix Checked" -> Sim! -> Reinicie o computador!

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RegNull::

[HKEY_USERS\S-1-5-21-1547161642-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B48D0C4F-CD22-F606-A2E1-D8729ABE43DE}\InProcServer32*]

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"juchecka.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant]

"juchecka.exe"=-

File::

C:\Documents and Settings\B&J Cyber\lgqig.exe

C:\WINDOWS\juchecka.exe

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Bechir Bitar

 

<@> Copie estas informações,sob o CODE,para o Bloco de Notas.

 

 

; DelDomains.inf © 11-28-04 | Revised 01-15-06; Created by: Mike Burgess Microsoft MVP; http://mvps.org/winhelp2002/;; Warning: Deletes all entries in the Restricted & Trusted Zone list; http://mvps.org/winh.../restricted.htm;; Revised to include the EscDomains key;; To execute this file: in Explorer - right-click (this file); Select Install from the Menu.; Note: you will not see any onscreen action.[version]signature="$CHICAGO$"[DefaultInstall]DelReg=DelTempsAddReg=AddTemps[DelTemps]HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"; Recreate the keys to avoid a restart[AddTemps]HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains"

<@> Em "Salvar como tipo",coloque: "Todos os arquivos"

<@> Em "Nome do arquivo",digite: DelDomains.inf <-- Não esqueça o ( .inf )

<@> Salve-o no desktop.

<@> Agora,siga com sua instalação!

<@> Vá ao arquivo --> Clique direito nesse arquivo --> Instalar <-- Clique esquerdo!

<@> Ps: Sua ação é silenciosa observando-se,apenas,um leve tremor na tela do computador.

 

Esta instrução deu a mensagem:

 

Falha na instalação

 

Aguardo Instruções

 

Abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

////////////\\\\\\\\\\\\\

Opa! Bechir Bitar

 

<!> Pode seguir com os outros procedimentos e pular esse.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu DigRam, Obrigado !!!

 

Os erros e os travamentos cessaram...

 

Segue os log´s

 

 

ComboFix 10-03-19.06 - B&J Cyber 22/03/2010 21:58:57.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.513 [GMT -3:00]

Executando de: d:\a-download\Programas\ComboFix.exe

Comandos utilizados :: c:\documents and settings\B&J Cyber\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

FILE ::

"c:\documents and settings\B&J Cyber\lgqig.exe"

"c:\windows\juchecka.exe"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\juchecka.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-02-23 to 2010-03-23 ))))))))))))))))))))))))))))

.

 

2010-03-22 15:12 . 2008-01-24 21:22 729088 ----a-r- c:\windows\system32\hpowiax7.dll

2010-03-22 15:12 . 2008-01-24 21:22 303104 ----a-r- c:\windows\system32\hpovst15.dll

2010-03-22 15:12 . 2008-01-24 21:22 581632 ----a-r- c:\windows\system32\hpotscl6.dll

2010-03-22 15:12 . 2008-01-24 21:22 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-03-22 15:12 . 2008-01-24 21:22 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-03-22 15:08 . 2010-03-22 15:08 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-03-22 15:08 . 2010-03-22 15:08 -------- d-----w- c:\arquivos de programas\Hewlett-Packard

2010-03-22 15:07 . 2010-03-22 15:07 -------- d-----w- c:\windows\LastGood

2010-03-22 15:01 . 2010-03-22 15:14 176846 ----a-w- c:\windows\hpoins28.dat

2010-03-22 15:01 . 2008-05-12 03:49 796 ------w- c:\windows\hpomdl28.dat

2010-03-22 11:20 . 2010-03-22 11:12 288654 ----a-w- C:\SafeBootKeyRepair.exe

2010-03-22 11:16 . 2010-03-22 11:17 -------- d-----w- c:\documents and settings\Administrador

2010-03-21 00:11 . 2010-03-21 00:11 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-03-19 23:50 . 2010-03-19 23:50 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2010-03-19 23:17 . 2010-03-19 23:17 -------- d-----w- c:\arquivos de programas\IObit

2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-03-18 16:04 . 2010-03-18 16:04 -------- d-----w- C:\Program Files

2010-03-17 13:17 . 2010-03-17 13:17 360584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-03-17 13:17 . 2010-03-17 13:17 28424 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgmfx86.sys

2010-03-17 13:17 . 2010-03-17 13:17 333192 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-03-17 13:17 . 2010-03-17 13:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-16 22:55 . 2010-03-16 22:55 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-03-16 20:17 . 2010-03-20 00:47 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\HPAppData

2010-03-16 01:12 . 2010-03-16 01:12 -------- d-----w- c:\windows\ie8updates

2010-03-16 01:10 . 2010-03-16 01:11 -------- dc-h--w- c:\windows\ie8

2010-03-16 01:01 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-03-16 01:00 . 2009-12-21 19:07 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-03-16 01:00 . 2009-12-21 19:07 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-03-16 01:00 . 2009-12-21 19:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-03-16 01:00 . 2009-12-21 19:07 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-03-16 01:00 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-03-16 01:00 . 2009-12-21 19:07 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-03-09 17:41 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll

2010-03-09 17:41 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll

2010-03-09 17:41 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll

2010-03-09 17:41 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe

2010-03-09 17:41 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe

2010-03-09 17:38 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-03-09 17:38 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-03-09 17:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-03-09 16:32 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2010-03-09 16:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-03-09 16:26 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-03-09 16:21 . 2008-09-04 17:16 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll

2010-03-08 20:54 . 2009-11-27 17:13 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll

2010-03-08 20:54 . 2009-11-27 17:13 1296384 -c----w- c:\windows\system32\dllcache\quartz.dll

2010-03-08 20:51 . 2009-10-13 10:34 271360 -c----w- c:\windows\system32\dllcache\oakley.dll

2010-03-08 20:49 . 2009-12-17 07:41 345600 -c----w- c:\windows\system32\dllcache\mspaint.exe

2010-03-08 20:45 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-03-08 20:41 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-03-08 16:47 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-03-08 16:47 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-03-05 12:07 . 2010-03-08 01:47 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\6C3FD098D8.sys

2010-03-05 12:07 . 2010-03-08 01:48 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys

2010-03-05 11:28 . 2010-03-05 11:28 -------- d-----w- c:\arquivos de programas\Corel

2010-02-26 16:35 . 2010-02-26 16:35 5115824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-26 16:26 . 2010-01-07 19:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 16:26 . 2010-02-26 16:36 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-02-26 16:26 . 2010-01-07 19:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 15:58 . 2010-02-26 15:58 -------- d-----w- c:\arquivos de programas\Trend Micro

2010-02-26 00:42 . 2010-02-26 00:42 423 ----a-w- c:\windows\system\SERVIDOR4007master_.sys

2010-02-26 00:42 . 2010-02-26 00:42 -------- d-----w- C:\BancoBrasil

2010-02-23 00:19 . 2010-02-23 00:19 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\Yahoo!

2010-02-23 00:19 . 2010-03-19 23:50 -------- d-----w- c:\arquivos de programas\Yahoo!

2010-02-23 00:19 . 2010-02-23 00:19 -------- d-----w- c:\arquivos de programas\CCleaner

2010-02-21 22:47 . 2010-02-21 22:47 -------- d-----w- c:\windows\Time Stopper

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-22 15:10 . 2009-08-17 18:14 -------- d-----w- c:\arquivos de programas\HP

2010-03-22 13:46 . 2009-12-13 13:44 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-03-21 00:09 . 2008-01-04 03:28 -------- d-----w- c:\arquivos de programas\Java

2010-03-19 23:17 . 2009-10-21 23:44 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\IObit

2010-03-17 19:45 . 2008-01-04 04:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-03-17 13:17 . 2009-12-13 13:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-17 13:17 . 2009-12-13 13:44 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-17 13:16 . 2009-12-13 13:44 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-16 20:08 . 2009-08-17 18:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-03-16 00:40 . 2008-01-04 04:37 -------- d-----w- c:\arquivos de programas\Google

2010-03-16 00:17 . 2008-01-04 04:35 -------- d-----w- c:\arquivos de programas\Symantec

2010-03-09 17:23 . 2009-12-11 20:30 -------- d-----w- c:\arquivos de programas\Mozilla Firefox 3.6 Beta 4

2010-03-07 02:53 . 2010-01-18 01:06 -------- d-----w- c:\arquivos de programas\Puxa Rápido

2010-03-07 02:52 . 2009-06-23 00:16 -------- d-----w- c:\arquivos de programas\BitComet

2010-02-24 22:43 . 2009-07-11 17:13 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\U3

2010-02-24 00:25 . 2009-10-21 22:45 -------- d-----w- c:\arquivos de programas\TweakNow WinSecret 2009

2010-02-24 00:25 . 2009-10-21 22:45 -------- d-----w- c:\documents and settings\B&J Cyber\Dados de aplicativos\TweakNow WinSecret 2009

2010-01-29 02:01 . 2010-01-15 15:13 -------- d-----w- c:\arquivos de programas\BitTorrent Ultra Accelerator

2010-01-29 02:01 . 2010-01-29 02:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Hagel Technologies

2010-01-08 14:01 . 2001-10-28 18:07 57834 ----a-w- c:\windows\system32\perfc016.dat

2010-01-08 14:01 . 2001-10-28 18:07 422870 ----a-w- c:\windows\system32\perfh016.dat

2009-12-31 16:50 . 2004-08-04 03:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-09 12:52 . 2009-12-08 01:26 8263712 --sha-w- c:\windows\system32\drivers\fidbox.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-03-20_01.43.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-25 23:49 . 2008-03-25 23:49 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll

+ 2008-03-25 23:49 . 2008-03-25 23:49 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll

+ 2010-03-22 15:08 . 2010-03-22 15:08 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll

- 2010-03-18 18:53 . 2010-03-18 18:53 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll

+ 2010-03-20 18:23 . 2010-03-20 18:23 85173 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2010-03-21 22:58 . 2010-03-21 22:58 85019 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2010-03-22 15:11 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2010-03-22 15:11 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2010-03-22 15:11 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

- 2009-08-17 18:25 . 2010-03-16 20:00 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2009-08-17 18:25 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe

+ 2010-03-22 15:11 . 2010-03-22 15:11 25214 c:\windows\Installer\{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}\ARPPRODUCTICON.exe

+ 2010-03-22 15:10 . 2010-03-22 15:10 65536 c:\windows\Installer\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}\ARPPRODUCTICON.exe

+ 2010-03-22 15:09 . 2010-03-22 15:09 65536 c:\windows\Installer\{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe

+ 2010-03-22 15:10 . 2010-03-22 15:10 25214 c:\windows\Installer\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}\NewShortcut11.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe

+ 2010-03-22 15:10 . 2010-03-22 15:10 25214 c:\windows\Installer\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}\NewShortcut1.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe

+ 2010-03-22 15:10 . 2010-03-22 15:10 25214 c:\windows\Installer\{09633A5E-3089-41A8-9FF1-382171423C5D}\ARPPRODUCTICON.exe

+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe

+ 2010-03-22 15:07 . 2008-01-24 21:22 729088 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpowiax7.dll

- 2010-03-18 18:51 . 2008-01-24 21:22 729088 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpowiax7.dll

- 2010-03-18 18:51 . 2008-01-24 21:22 303104 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpovst15.dll

+ 2010-03-22 15:07 . 2008-01-24 21:22 303104 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpovst15.dll

- 2010-03-18 18:51 . 2008-01-24 21:22 229376 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpotsti1.dll

+ 2010-03-22 15:07 . 2008-01-24 21:22 229376 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpotsti1.dll

+ 2010-03-22 15:07 . 2008-01-24 21:22 581632 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpotscl6.dll

- 2010-03-18 18:51 . 2008-01-24 21:22 581632 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpotscl6.dll

- 2010-03-18 18:51 . 2008-01-24 21:22 372736 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000\hppldcoi.dll

+ 2010-03-22 15:07 . 2008-01-24 21:22 372736 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000\hppldcoi.dll

+ 2010-03-22 15:07 . 2008-01-24 21:22 309760 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000\difxapi.dll

- 2010-03-18 18:51 . 2008-01-24 21:22 309760 c:\windows\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000\difxapi.dll

- 2010-03-18 18:51 . 2008-01-24 21:23 271704 c:\windows\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\hpzids01.dll

+ 2010-03-22 15:07 . 2008-01-24 21:23 271704 c:\windows\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\hpzids01.dll

+ 2010-03-22 15:14 . 2010-03-22 15:14 324608 c:\windows\Installer\38210.msi

+ 2010-03-22 15:13 . 2010-03-22 15:13 303616 c:\windows\Installer\3820a.msi

+ 2010-03-22 15:13 . 2010-03-22 15:13 635392 c:\windows\Installer\38204.msi

+ 2010-03-22 15:11 . 2010-03-22 15:11 303616 c:\windows\Installer\381f8.msi

+ 2010-03-22 15:10 . 2010-03-22 15:10 373248 c:\windows\Installer\381bc.msi

+ 2010-03-22 15:10 . 2010-03-22 15:10 596480 c:\windows\Installer\381b6.msi

+ 2010-03-22 15:09 . 2010-03-22 15:09 121344 c:\windows\Installer\381ac.msi

+ 2010-03-22 15:09 . 2010-03-22 15:09 472576 c:\windows\Installer\381a6.msi

+ 2010-03-22 15:09 . 2010-03-22 15:09 444416 c:\windows\Installer\3819c.msi

+ 2010-03-22 15:09 . 2010-03-22 15:09 613376 c:\windows\Installer\38196.msi

+ 2010-03-22 15:09 . 2010-03-22 15:09 550912 c:\windows\Installer\3818f.msi

+ 2010-03-22 15:09 . 2010-03-22 15:09 648192 c:\windows\Installer\38188.msi

+ 2010-03-22 15:08 . 2010-03-22 15:08 121344 c:\windows\Installer\3817e.msi

+ 2010-03-22 15:08 . 2010-03-22 15:08 802816 c:\windows\Installer\38173.msi

+ 2010-03-22 15:08 . 2010-03-22 15:08 322048 c:\windows\Installer\3816d.msi

+ 2010-03-22 15:08 . 2010-03-22 15:08 591360 c:\windows\Installer\38167.msi

+ 2010-03-22 15:07 . 2010-03-22 15:07 326144 c:\windows\Installer\38161.msi

+ 2010-03-22 15:07 . 2010-03-22 15:07 501760 c:\windows\Installer\3815b.msi

+ 2010-03-21 00:11 . 2010-03-21 00:11 180224 c:\windows\Installer\2a834cf.msi

+ 2010-03-22 15:10 . 2010-03-22 15:10 693552 c:\windows\Installer\{D063F201-FAC4-4D5C-B10B-615058ADE5A7}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe

- 2010-03-18 18:53 . 2010-03-18 18:53 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll

+ 2010-03-22 15:08 . 2010-03-22 15:08 1230336 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll

+ 2010-03-22 15:11 . 2010-03-22 15:11 1273344 c:\windows\Installer\381fe.msi

+ 2010-03-22 15:11 . 2010-03-22 15:11 1302528 c:\windows\Installer\381dc.msi

+ 2010-03-22 15:10 . 2010-03-22 15:10 1113600 c:\windows\Installer\381d6.msi

+ 2010-03-22 15:10 . 2010-03-22 15:10 1510400 c:\windows\Installer\381c3.msi

+ 2010-01-26 19:59 . 2010-01-26 19:59 1955384 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-07-12 49152]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 77824]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-1-4 262144]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoSecCPL"= 0 (0x0)

"NoPwdpage"= 0 (0x0)

"NoProfilePage"= 0 (0x0)

"NoDevMgrPage"= 0 (0x0)

"NoConfigpage"= 0 (0x0)

"NoFileSysPage"= 0 (0x0)

"NoVirtMemPage"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-17 13:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\TinaSoft\\Easy Cafe Client\\client.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Arquivos de programas\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"=

"d:\\Ferramentas\\TeamViewerPortable_pt\\TeamViewer.exe"=

"c:\\Documents and Settings\\B&J Cyber\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"d:\\eMule\\emule.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7756:TCP"= 7756:TCP:BitComet 7756 TCP

"7756:UDP"= 7756:UDP:BitComet 7756 UDP

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/12/2009 10:44 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/12/2009 10:44 242696]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [17/03/2010 10:17 308064]

S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - HPQCXS08

*NewlyCreated* - HPQDDSVC

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-03-22 c:\windows\Tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: sebrae.com.br\www.ead

Trusted Zone: webaula.com.br\www

TCP: {C7406FA5-7351-496B-92E4-D557BAB81CAE} = 192.168.1.1

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab

FF - ProfilePath - c:\documents and settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-22 22:03

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2010-03-22 22:05:06

ComboFix-quarantined-files.txt 2010-03-23 01:05

ComboFix2.txt 2010-03-22 11:48

ComboFix3.txt 2010-03-20 01:58

 

Pré-execução: 6.419.300.352 bytes disponíveis

Pós execução: 6.384.414.720 bytes disponíveis

 

- - End Of File - - 699A51AEBB4BE2FD8F31595E2957F617

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Bechir Bitar

 

Microsoft Windows Recovery console

Microsoft Windows XP professional

 

Como faço para eliminar a primeira ?

<!> Não recomendo sua remoção! Mas...,caso queira,vai aqui: < Como excluir o Console de recuperação >

°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< 92674490.jpg >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < otlDesktopIcon.png > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

OTLI-scan.png

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam.

 

Os navegadores tanto estão funcionando 100% e sem travamentos, mais tem ums probleminhas que gostaria de ver se poderiamos melhorar:

 

1 - Quando está dando o boot, demora até 2 minutos do momento que ligo até a carga total do Windows.

2 - Iconi que indica a ativação da rede leva uns 2 minutos para aparece, resumindo até que a internet fica disponivel leva uns 4 minutos.

 

Segue resultado do OTL, gostaria de saber pra que serve ?

 

 

OTL logfile created on: 23/03/2010 09:58:55 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = D:\A-Download\Programas

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

959,00 Mb Total Physical Memory | 503,00 Mb Available Physical Memory | 52,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 20,02 Gb Total Space | 6,01 Gb Free Space | 30,04% Space Free | Partition Type: NTFS

Drive D: | 17,27 Gb Total Space | 8,05 Gb Free Space | 46,61% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SERVIDOR400

Current User Name: B&J Cyber

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - D:\A-Download\Programas\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

PRC - D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe ()

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - D:\A-Download\Programas\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (avg9wd) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (Microsoft Corporation)

DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)

DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)

DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)

DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-1547161642-789336058-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1547161642-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - prefs.js..network.proxy.ftp: "localhost"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "localhost"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "http://192.168.0.9:918,http://192.168.1.9:918"

FF - prefs.js..network.proxy.socks: "localhost"

FF - prefs.js..network.proxy.socks_port: 1080

FF - prefs.js..network.proxy.ssl: "localhost"

FF - prefs.js..network.proxy.ssl_port: 8080

 

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Arquivos de programas\AVG\AVG9\Firefox [2010/03/17 12:35:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/03/16 16:58:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/03/17 16:49:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/03/17 16:48:35 | 000,000,000 | ---D | M]

 

[2010/03/17 16:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Extensions

[2009/08/10 14:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2009/06/22 20:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\extensions

[2009/06/24 18:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/03/17 16:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Mozilla\Firefox\Profiles\rzhc27jr.default\extensions

[2010/03/21 14:48:53 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2008/11/11 04:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npBitCometAgent.dll

[2010/01/15 22:18:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/01/15 22:18:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/01/15 22:18:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/01/15 22:18:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/03/22 08:35:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCPL = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoPwdpage = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigpage = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0

O7 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O15 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\..Trusted Domains: sebrae.com.br ([www.ead] http in Trusted sites)

O15 - HKU\S-1-5-21-1547161642-789336058-725345543-1003\..Trusted Domains: webaula.com.br ([www] * in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} https://cpne.bradesco.com.br/certifexp.cab (ValidaUsuario Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Microsoft\Internet Explorer\internet explorer wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Microsoft\Internet Explorer\internet explorer wallpaper.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/04 01:11:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/03/22 22:37:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/03/22 22:05:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/03/22 12:12:32 | 000,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpowiax7.dll

[2010/03/22 12:12:32 | 000,581,632 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpotscl6.dll

[2010/03/22 12:12:32 | 000,372,736 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll

[2010/03/22 12:12:32 | 000,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll

[2010/03/22 12:12:32 | 000,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst15.dll

[2010/03/22 12:08:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\HP

[2010/03/22 12:08:21 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hewlett-Packard

[2010/03/22 08:20:03 | 000,288,654 | ---- | C] ( ) -- C:\SafeBootKeyRepair.exe

[2010/03/21 15:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Meus documentos\crime organizado

[2010/03/20 21:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sun

[2010/03/20 21:11:40 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java

[2010/03/19 22:33:17 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/03/19 22:29:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/03/19 22:29:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/03/19 22:29:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/03/19 22:29:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/03/19 22:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/03/19 22:24:34 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/03/19 21:19:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B&J Cyber\Recent

[2010/03/19 20:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

[2010/03/19 20:17:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\IObit

[2010/03/18 17:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

[2010/03/18 13:04:43 | 000,000,000 | ---D | C] -- C:\Program Files

[2010/03/18 10:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Meus documentos\Diversos

[2010/03/18 10:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Meus documentos\Trabalhos Universidade BJ

[2010/03/18 09:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Meus documentos\Declarações

[2010/03/17 17:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\WinRAR

[2010/03/17 10:17:15 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/03/16 19:55:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\VS Revo Group

[2010/03/16 17:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\HPAppData

[2010/03/15 22:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/03/15 22:10:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/03/15 22:00:56 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010/03/15 22:00:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010/03/15 22:00:54 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2010/03/15 22:00:51 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2010/03/09 14:41:16 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll

[2010/03/09 14:41:16 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll

[2010/03/09 14:41:16 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll

[2010/03/09 14:41:15 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe

[2010/03/09 14:41:15 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe

[2010/03/09 14:38:57 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll

[2010/03/09 14:38:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll

[2010/03/09 14:36:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2010/03/09 13:32:38 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll

[2010/03/09 13:26:31 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll

[2010/03/09 13:21:50 | 001,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2010/03/09 13:16:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2010/03/08 17:54:08 | 001,296,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll

[2010/03/08 17:54:08 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll

[2010/03/08 17:51:30 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll

[2010/03/08 17:49:10 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe

[2010/03/08 17:45:48 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2010/03/08 13:47:41 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2010/03/08 13:47:41 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2010/03/05 08:28:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Corel

[2010/02/26 13:26:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/26 13:26:28 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/26 13:26:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/02/26 12:58:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro

[2010/02/25 21:42:31 | 000,000,000 | ---D | C] -- C:\BancoBrasil

[2010/02/24 20:39:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/02/22 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Yahoo!

[2010/02/22 21:19:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Yahoo!

[2010/02/22 21:19:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2010/02/21 19:47:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Time Stopper

[2010/01/12 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Hagel Technologies

[2009/12/13 10:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/12/13 10:42:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/12/13 10:42:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/12/13 10:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/09/08 11:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google

[2009/09/08 11:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google

[2009/07/02 09:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\TeamViewer

[2009/05/13 12:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

[2008/01/05 11:23:13 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/03/23 09:43:13 | 057,556,517 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/03/23 08:15:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Ÿ9Ÿ9

[2010/03/23 08:13:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/23 08:13:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/22 22:42:28 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\ntuser.dat

[2010/03/22 22:42:28 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\B&J Cyber\ntuser.ini

[2010/03/22 22:35:10 | 004,300,486 | -H-- | M] () -- C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\IconCache.db

[2010/03/22 22:03:23 | 000,000,379 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/03/22 21:47:50 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2010/03/22 14:55:46 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\o fazendeiro, o compadre e o burro.doc

[2010/03/22 13:36:36 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job

[2010/03/22 12:51:44 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\CONDUÇÃO ESCOLAR.doc

[2010/03/22 12:14:18 | 000,176,846 | ---- | M] () -- C:\WINDOWS\hpoins28.dat

[2010/03/22 12:13:38 | 000,000,784 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/03/22 12:11:08 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk

[2010/03/22 12:10:16 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk

[2010/03/22 12:09:17 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

[2010/03/22 12:02:55 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/03/22 11:21:07 | 000,000,309 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Rastreamento-T&T Correios.url

[2010/03/22 08:35:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/03/22 08:12:46 | 000,288,654 | ---- | M] ( ) -- C:\SafeBootKeyRepair.exe

[2010/03/21 15:57:29 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Microsoft PowerPoint.lnk

[2010/03/21 14:38:48 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\escala de enfermagem.doc

[2010/03/21 14:25:41 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Microsoft Word.lnk

[2010/03/21 12:52:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/20 15:39:12 | 000,023,713 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\jc.jpg

[2010/03/19 23:34:52 | 000,001,630 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\CCleaner.lnk

[2010/03/19 22:33:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/03/19 22:14:34 | 000,000,527 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Atalho para ComboFix.exe.lnk

[2010/03/19 20:07:08 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Simulado.lnk

[2010/03/19 20:05:18 | 000,001,011 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Revo Remove.lnk

[2010/03/19 19:32:13 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Navegadores dando erro e travando - iMasters Fóruns.url

[2010/03/19 17:51:32 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Malwarebytes.lnk

[2010/03/18 21:29:32 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Easy Café Server.lnk

[2010/03/18 20:51:06 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\Fenomenos Vento e onda.doc

[2010/03/18 15:54:10 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk

[2010/03/18 13:04:45 | 000,001,728 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\HijackThis.lnk

[2010/03/18 11:38:24 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Desktop\Atalho para Controle De Entrada.xls.lnk

[2010/03/17 22:14:36 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/03/17 10:17:17 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010/03/17 10:17:15 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010/03/17 10:17:15 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010/03/17 10:16:18 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010/03/16 22:17:09 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\photorec.cfg

[2010/03/16 16:42:07 | 000,176,745 | ---- | M] () -- C:\WINDOWS\hpoins28.dat.temp

[2010/03/15 10:42:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9

[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2010/03/10 21:45:10 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documentos\khw

[2010/03/09 15:54:23 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/03/08 22:17:29 | 000,021,408 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/03/08 22:17:12 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Video.lnk

[2010/03/08 22:17:12 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Pictures.lnk

[2010/03/08 22:17:12 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Passwords.lnk

[2010/03/08 22:17:12 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\New Folder.lnk

[2010/03/08 22:17:12 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Music.lnk

[2010/03/08 22:17:12 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Documents.lnk

[2010/03/08 17:57:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/03/08 13:42:06 | 000,021,408 | ---- | M] () -- C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/03/07 22:48:20 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

[2010/03/07 22:47:19 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\6C3FD098D8.sys

[2010/02/26 11:50:05 | 000,000,000 | RHS- | M] () -- C:\khw

[2010/02/25 21:42:31 | 000,000,423 | ---- | M] () -- C:\WINDOWS\System\SERVIDOR4007master_.sys

[2010/02/24 16:44:07 | 000,000,972 | RHS- | M] () -- C:\WINDOWS\System32\autorun.i

[2010/02/24 16:44:07 | 000,000,524 | RHS- | M] () -- C:\WINDOWS\System32\autorun.in

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/03/22 12:51:44 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\CONDUÇÃO ESCOLAR.doc

[2010/03/22 12:11:08 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk

[2010/03/22 12:10:16 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk

[2010/03/22 12:09:17 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

[2010/03/22 12:01:42 | 000,176,846 | ---- | C] () -- C:\WINDOWS\hpoins28.dat

[2010/03/22 12:01:40 | 000,000,796 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat

[2010/03/22 11:21:07 | 000,000,309 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Rastreamento-T&T Correios.url

[2010/03/21 14:38:48 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\escala de enfermagem.doc

[2010/03/20 15:39:11 | 000,023,713 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\jc.jpg

[2010/03/20 12:32:23 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\o fazendeiro, o compadre e o burro.doc

[2010/03/19 22:33:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/03/19 22:33:18 | 000,261,856 | ---- | C] () -- C:\cmldr

[2010/03/19 22:29:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/03/19 22:29:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/03/19 22:29:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/03/19 22:29:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/03/19 22:29:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/03/19 22:14:34 | 000,000,527 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Atalho para ComboFix.exe.lnk

[2010/03/19 21:47:32 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/03/19 20:07:08 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Simulado.lnk

[2010/03/19 20:05:18 | 000,001,011 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Revo Remove.lnk

[2010/03/19 20:04:29 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\CCleaner.lnk

[2010/03/19 17:51:32 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Malwarebytes.lnk

[2010/03/18 22:10:10 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Navegadores dando erro e travando - iMasters Fóruns.url

[2010/03/18 20:51:06 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Meus documentos\Fenomenos Vento e onda.doc

[2010/03/18 15:54:10 | 000,001,070 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Central de Soluções HP.lnk

[2010/03/18 13:04:45 | 000,001,728 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\HijackThis.lnk

[2010/03/18 11:38:24 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Atalho para Controle De Entrada.xls.lnk

[2010/03/17 22:14:36 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/03/17 21:29:00 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Iniciar o Google Earth.lnk

[2010/03/17 21:29:00 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/03/17 21:28:59 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Desktop\Easy Café Server.lnk

[2010/03/16 22:17:09 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\photorec.cfg

[2010/03/10 21:45:10 | 000,000,000 | RHS- | C] () -- C:\Documents and Settings\All Users\Documentos\khw

[2010/03/08 22:12:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Video.lnk

[2010/03/08 22:12:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Pictures.lnk

[2010/03/08 22:12:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Passwords.lnk

[2010/03/08 22:12:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\New Folder.lnk

[2010/03/08 22:12:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Music.lnk

[2010/03/08 22:12:20 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Documents.lnk

[2010/03/05 09:07:23 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\6C3FD098D8.sys

[2010/03/05 09:07:22 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys

[2010/02/26 11:50:05 | 000,000,000 | RHS- | C] () -- C:\khw

[2010/02/25 21:42:31 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System\SERVIDOR4007master_.sys

[2010/02/24 20:56:45 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk

[2010/02/24 20:56:45 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk

[2010/02/24 16:44:07 | 000,000,972 | RHS- | C] () -- C:\WINDOWS\System32\autorun.i

[2010/02/24 16:44:07 | 000,000,524 | RHS- | C] () -- C:\WINDOWS\System32\autorun.in

[2010/01/08 11:00:58 | 000,056,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2009/11/17 11:20:46 | 000,000,156 | ---- | C] () -- C:\WINDOWS\cavscan.INI

[2009/10/21 11:22:38 | 000,000,253 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI

[2009/10/18 14:39:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/09/18 15:21:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009/08/17 15:12:50 | 000,013,493 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log

[2009/07/14 16:34:18 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/01/04 01:56:43 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/01/04 01:29:25 | 000,075,230 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2008/01/04 01:29:10 | 000,074,453 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2008/01/04 01:28:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2008/01/04 01:27:58 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

 

========== LOP Check ==========

 

[2010/03/22 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

[2010/01/28 23:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hagel Technologies

[2009/10/20 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Rising

[2009/07/06 21:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

[2009/10/17 11:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/06/24 18:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\DNA

[2009/09/29 10:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Haihaisoft

[2009/09/29 10:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Haihaisoft Universal Player

[2010/03/19 20:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\IObit

[2009/10/06 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\LimeWire

[2009/07/28 20:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Remote Queue Manager

[2009/10/14 14:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\Shadow Defender

[2009/07/01 13:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\TeamViewer

[2010/02/23 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\TweakNow WinSecret 2009

[2010/01/08 11:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B&J Cyber\Dados de aplicativos\uniblue

[2009/07/02 09:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\TeamViewer

[2010/03/22 13:36:36 | 000,000,462 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D80D9FDE-CA24-47BA-A6A5-278907BFFD93}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A9662AE0

< End of report >

 

 

 

OTL Extras logfile created on: 23/03/2010 09:58:55 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = D:\A-Download\Programas

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

959,00 Mb Total Physical Memory | 503,00 Mb Available Physical Memory | 52,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 20,02 Gb Total Space | 6,01 Gb Free Space | 30,04% Space Free | Partition Type: NTFS

Drive D: | 17,27 Gb Total Space | 8,05 Gb Free Space | 46,61% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SERVIDOR400

Current User Name: B&J Cyber

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 1

"UpdatesDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"7756:TCP" = 7756:TCP:*:Enabled:BitComet 7756 TCP

"7756:UDP" = 7756:UDP:*:Enabled:BitComet 7756 UDP

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe" = C:\Arquivos de programas\TinaSoft\Easy Cafe Client\client.exe:*:Enabled:client -- ()

"D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe" = D:\Arquivos de programas\TinaSoft\Easy Cafe Server\EasyServer.exe:*:Enabled:EasyServer -- ()

"D:\Ferramentas\TeamViewerPortable_pt\TeamViewer.exe" = D:\Ferramentas\TeamViewerPortable_pt\TeamViewer.exe:*:Enabled:Aplicação de controle remoto TeamViewer -- (TeamViewer GmbH)

"C:\Documents and Settings\B&J Cyber\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\B&J Cyber\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)

"C:\Arquivos de programas\AVG\AVG9\avgupd.exe" = C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG9\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"D:\eMule\emule.exe" = D:\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE

"{1185566F-12ED-3EF0-89CC-38866DCE1EEE}" = Microsoft .NET Framework 3.0 Client Service Pack 2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01

"{2695AE49-2FA7-3D48-BD77-23439E688F63}" = Microsoft .NET Framework 3.5 Client Profile - Language Pack (PTB)

"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant

"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter

"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software

"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{80E0DA10-F4F6-34B3-8840-D5B5058DF8EF}" = Microsoft .NET Framework 2.0 Client Service Pack 2 - Language Pack (PTB)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX

"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage

"{923DED41-1143-11D4-B133-0000B434DE24}" = Simulado

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager

"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.1 - Português

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200

"{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1" = CoolSMS 2.05 beta

"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min

"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm

"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3

"{C645AAA5-DA3D-3CDB-82BA-ABC1D078676A}" = Microsoft .NET Framework 3.0 Client Profile - Language Pack (PTB)

"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan

"{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}" = Microsoft .NET Framework 2.0 Client Service Pack 2

"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting

"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update

"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService

"{D617A4DC-C915-3F25-BE43-57E5FD99B441}" = Microsoft .NET Framework 3.5 Client Service Pack 1

"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy

"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout

"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4200_Help

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pacote de Driver do Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pacote de Driver do Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG9Uninstall" = AVG Free 9.0

"CCleaner" = CCleaner

"EasyCafe Server 2.2 (Firewall Edition)" = EasyCafe Server 2.2 (Firewall Edition)

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 11.0

"HP Photosmart Essential" = HP Photosmart Essential 3.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0

"HPExtendedCapabilities" = HP Customer Participation Program 11.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile

"Microsoft.Net.Client.3.5.LangPack.ptb" = Pacote de Idiomas do Microsoft .NET Framework Client Profile - PTB

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Revo Uninstaller" = Revo Uninstaller 1.85

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Shop for HP Supplies" = Shop for HP Supplies

"SiS VGA Driver" = SiS VGA Utilities

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Compressor WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1547161642-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21/03/2010 22:31:23 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x000003e3.

 

Error - 22/03/2010 07:02:44 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x000003e3.

 

Error - 22/03/2010 07:03:06 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x000003e3.

 

Error - 22/03/2010 07:14:58 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x000003e3.

 

Error - 22/03/2010 07:37:33 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha pv.cfxxe, versão 0.0.0.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 22/03/2010 07:46:50 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha pv.cfxxe, versão 0.0.0.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 22/03/2010 07:48:01 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha pv.cfxxe, versão 0.0.0.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 22/03/2010 07:48:04 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha pv.cfxxe, versão 0.0.0.0, módulo com falha unknown,

versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 22/03/2010 08:06:25 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x000003e3.

 

Error - 22/03/2010 08:27:40 | Computer Name = SERVIDOR400 | Source = Application Error | ID = 1000

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x000003e3.

 

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

 

 

Mais uma vez obrigado pela atenção.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Bechir Bitar

 

Os navegadores tanto estão funcionando 100% e sem travamentos, mais tem ums probleminhas que gostaria de ver se poderiamos melhorar:

 

1 - Quando está dando o boot, demora até 2 minutos do momento que ligo até a carga total do Windows.

2 - Iconi que indica a ativação da rede leva uns 2 minutos para aparece, resumindo até que a internet fica disponivel leva uns 4 minutos.

 

Segue resultado do OTL, gostaria de saber pra que serve ?

<!> Ferramenta de diagnóstico e fix,por script,basicamente.

000000000000000000000

000000000000000000000

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:files

C:\khw

C:\WINDOWS\System32\autorun.i

C:\WINDOWS\System32\autorun.in

C:\Documents and Settings\B&J Cyber\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:reg

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lgqig"=-

:otl

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A9662AE0

:Commands

[purity]

[emptytemp]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

000000000000000000000

000000000000000000000

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < r2t69y.jpg >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

< wrmljk.jpg >

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

< 6f8nwo.jpg >

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.