[Arquivado] &nbspInternet lenta e caindo

[victoria. 0]

Minha internet começou a cair sem parar nos ultimos dias, e tambem tem estado bem lenta. E o problema não é com o modem e nem do roteador, já que outras pessoas tem usado a intert sem problemas.

[Felipe_88 0]

Olá, victoria! Seja Bem Vinda ao Fórum iMasters!

 

Por gentileza, para sabermos se o teu problema está relacionado a malwares, siga conforme orientado na Regra'>http://forum.imasters.com.br/index.php?/topic/165906-regra-n-02-utilizando-o-hijackthis/"]Regra Nº 02 - Utilizando O HijackThis

 

By Felipe_88!

[victoria. 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:09:29, on 23/8/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\MHOTKEY.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Discador Positivo\baloon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [CHotKey] MHOTKEY.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AutoMailChecker] C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador Positivo\baloon.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 7404 bytes

[Felipe_88 0]

victoria.,

 

O Log do Hijack está limpo.

 

*Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop

*Execute o RSIT e clique em [Continue]

*Ao término do processo, cole os relatórios criados em C:\rsit\log.txt e C:\rsit\info.txt

 

No aguardo!

[victoria. 0]

Logfile of random's system information tool 1.08 (written by random/random)

Run by Victoria Regina at 2010-08-24 19:04:46

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 70 GB (92%) free of 76 GB

Total RAM: 446 MB (19% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:05:04, on 24/8/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgemc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\MHOTKEY.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\BisonCam\BisonHK.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Arquivos de programas\Discador Positivo\baloon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Victoria Regina\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Victoria Regina.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.positivoinformatica.com.br/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [CHotKey] MHOTKEY.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AutoMailChecker] C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bisonHK] C:\WINDOWS\BisonCam\BisonHK.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [iBest.baloon] "C:\Arquivos de programas\Discador Positivo\baloon.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.positivoinformatica.com.br/

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 8111 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4280014455-2443847577-2680517465-1005Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4280014455-2443847577-2680517465-1005UA.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4280014455-2443847577-2680517465-1005.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4280014455-2443847577-2680517465-1005.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-24 341600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Arquivos de programas\AVG\AVG9\avgssie.dll [2010-07-24 1619296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-08-03 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-03 79648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CHotKey"=C:\WINDOWS\MHOTKEY.exe [2003-06-02 472576]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2006-10-09 176128]

"SMSERIAL"=C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-05-14 248552]

"AutoMailChecker"=C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe [2002-11-22 847360]

"SynTPEnh"=C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe [2006-04-04 737369]

"BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe [2007-01-13 73728]

"RemoteControl"=C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

"LanguageShortcut"=C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2010-07-24 202256]

"AVG9_TRAY"=C:\ARQUIV~1\AVG\AVG9\avgtray.exe [2010-07-24 2065760]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"iBest.baloon"=C:\Arquivos de programas\Discador Positivo\baloon.exe [2005-03-14 77824]

"Google Update"=C:\Documents and Settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2010-07-25 136176]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2004-08-04 1667584]

"Rainlendar2"=C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe [2010-07-11 2199040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-07-24 12536]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\AVG\AVG9\avgemc.exe"="C:\Arquivos de programas\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Arquivos de programas\AVG\AVG9\avgupd.exe"="C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Arquivos de programas\AVG\AVG9\avgnsx.exe"="C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-08-24 19:04:51 ----D---- C:\Arquivos de programas\trend micro

2010-08-24 19:04:46 ----D---- C:\rsit

2010-08-19 22:19:52 ----A---- C:\HiJackThis.exe

2010-08-16 23:09:39 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS

2010-08-16 23:01:42 ----D---- C:\Documents and Settings\Victoria Regina\Dados de aplicativos\WinRAR

2010-08-16 22:57:38 ----D---- C:\Arquivos de programas\WinRAR

2010-08-11 21:28:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2010-08-11 21:26:45 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2010-08-11 21:26:45 ----D---- C:\Arquivos de programas\Adobe

2010-08-10 21:12:38 ----A---- C:\WINDOWS\system32\Fngmhlib.dll

2010-08-03 17:42:52 ----D---- C:\Arquivos de programas\Rainlendar2

2010-08-03 01:37:18 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sun

2010-08-03 01:36:43 ----D---- C:\WINDOWS\Sun

2010-08-03 01:36:11 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-08-03 01:36:09 ----A---- C:\WINDOWS\system32\javaws.exe

2010-08-03 01:36:08 ----A---- C:\WINDOWS\system32\javaw.exe

2010-08-03 01:36:07 ----A---- C:\WINDOWS\system32\java.exe

2010-08-03 01:34:32 ----D---- C:\Documents and Settings\Victoria Regina\Dados de aplicativos\Sun

2010-07-30 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2010-07-30 00:14:45 ----A---- C:\WINDOWS\system32\muweb.dll

2010-07-30 00:14:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-07-30 00:14:45 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-07-29 05:32:42 ----D---- C:\Arquivos de programas\Microsoft

2010-07-29 05:32:19 ----D---- C:\Arquivos de programas\Windows Live SkyDrive

2010-07-29 05:31:50 ----D---- C:\Arquivos de programas\Windows Live

2010-07-29 05:26:31 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live

2010-07-29 02:05:53 ----HD---- C:\$AVG

2010-07-27 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-07-27 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-07-26 03:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$

2010-07-26 03:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2010-07-26 03:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2010-07-26 03:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2010-07-26 03:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2010-07-26 03:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2010-07-26 03:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2010-07-26 03:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-07-26 03:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-07-26 03:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2010-07-26 03:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2010-07-26 03:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$

2010-07-26 03:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-07-26 03:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$

2010-07-26 03:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-07-26 03:14:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-07-26 03:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2010-07-26 03:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

2010-07-26 03:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2010-07-26 03:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-07-26 03:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-07-26 03:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2010-07-26 03:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-07-26 03:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2010-07-26 03:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-07-26 03:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-07-26 03:11:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2010-07-26 03:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-07-26 03:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2010-07-26 03:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

2010-07-26 03:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2010-07-26 03:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2010-07-26 03:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2010-07-26 03:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$

2010-07-26 03:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2010-07-26 03:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-07-26 03:09:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-07-26 03:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2010-07-26 03:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-07-26 03:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-07-26 03:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2010-07-26 03:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

2010-07-26 03:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-07-26 03:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$

2010-07-26 03:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2010-07-26 03:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2010-07-26 03:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2010-07-26 03:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2010-07-26 03:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2010-07-26 03:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-07-26 03:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2010-07-26 03:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

2010-07-26 03:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

2010-07-26 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2010-07-26 03:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-07-26 03:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$

2010-07-26 03:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2010-07-26 03:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-07-26 03:05:15 ----D---- C:\WINDOWS\ServicePackFiles

2010-07-26 03:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$

2010-07-26 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2010-07-26 03:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2010-07-26 03:04:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$

2010-07-26 03:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2010-07-26 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2010-07-26 03:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$

2010-07-26 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2010-07-26 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

2010-07-26 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$

2010-07-26 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2010-07-26 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-07-26 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2010-07-26 00:13:55 ----D---- C:\WINDOWS\system32\CatRoot_bak

2010-07-26 00:08:37 ----N---- C:\WINDOWS\system32\tzchange.exe

2010-07-25 03:56:35 ----N---- C:\WINDOWS\system32\drivers\bthport.sys

2010-07-25 03:10:31 ----D---- C:\WINDOWS\Minidump

2010-07-25 03:02:05 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2010-07-25 03:00:51 ----D---- C:\WINDOWS\system32\PreInstall

2010-07-25 03:00:48 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-07-25 03:00:48 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2010-07-25 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

2010-07-25 02:00:17 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2010-07-25 02:00:17 ----D---- C:\Arquivos de programas\Alwil Software

2010-07-25 01:48:29 ----D---- C:\Documents and Settings\Victoria Regina\Dados de aplicativos\skypePM

2010-07-25 01:34:30 ----D---- C:\WINDOWS\system32\SoftwareDistribution

 

======List of files/folders modified in the last 1 months======

 

2010-08-24 19:04:51 ----D---- C:\Arquivos de programas

2010-08-24 18:58:41 ----D---- C:\WINDOWS\system32\drivers\Avg

2010-08-24 18:52:30 ----D---- C:\WINDOWS\Temp

2010-08-23 23:20:09 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-08-23 23:19:36 ----SD---- C:\WINDOWS\Tasks

2010-08-22 23:32:22 ----D---- C:\Documents and Settings\Victoria Regina\Dados de aplicativos\Skype

2010-08-22 23:18:39 ----D---- C:\WINDOWS\system32\CatRoot2

2010-08-21 18:39:15 ----D---- C:\WINDOWS

2010-08-17 21:36:08 ----A---- C:\WINDOWS\win.ini

2010-08-16 23:09:47 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-08-16 23:09:41 ----D---- C:\WINDOWS\system32\drivers

2010-08-16 23:09:35 ----HD---- C:\WINDOWS\inf

2010-08-11 21:29:26 ----D---- C:\Documents and Settings\Victoria Regina\Dados de aplicativos\Adobe

2010-08-11 21:28:56 ----SHD---- C:\WINDOWS\Installer

2010-08-11 21:26:45 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-08-11 21:26:00 ----D---- C:\WINDOWS\system32

2010-08-03 01:37:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-08-03 01:37:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2010-08-03 01:35:43 ----D---- C:\Arquivos de programas\Java

2010-07-30 00:53:32 ----HD---- C:\WINDOWS\$hf_mig$

2010-07-30 00:53:16 ----D---- C:\WINDOWS\system32\CatRoot

2010-07-29 05:34:16 ----SD---- C:\Documents and Settings\Victoria Regina\Dados de aplicativos\Microsoft

2010-07-29 05:32:57 ----D---- C:\WINDOWS\WinSxS

2010-07-29 05:32:25 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2010-07-29 05:32:25 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2010-07-29 05:31:57 ----RSD---- C:\WINDOWS\Fonts

2010-07-29 05:31:32 ----D---- C:\WINDOWS\pchealth

2010-07-27 03:02:54 ----A---- C:\WINDOWS\imsins.BAK

2010-07-26 19:13:38 ----D---- C:\WINDOWS\system32\wbem

2010-07-26 19:13:38 ----D---- C:\WINDOWS\AppPatch

2010-07-26 03:16:59 ----D---- C:\Arquivos de programas\Messenger

2010-07-26 03:11:08 ----D---- C:\Arquivos de programas\Movie Maker

2010-07-26 03:06:23 ----D---- C:\Arquivos de programas\Outlook Express

2010-07-26 03:02:33 ----D---- C:\Arquivos de programas\Internet Explorer

2010-07-26 00:13:55 ----D---- C:\WINDOWS\Debug

2010-07-26 00:03:31 ----D---- C:\WINDOWS\Prefetch

2010-07-25 01:34:44 ----D---- C:\WINDOWS\SoftwareDistribution

2010-07-25 01:34:40 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 uagp35;Filtro Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-03 44672]

R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2007-03-22 27904]

R0 videX32;videX32; C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]

R0 xfilt;VIA SATA IDE Hot-plug Driver; C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-24 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-07-24 29584]

R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-24 243024]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40192]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]

R3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-12-05 811312]

R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]

R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HdAudAddService;VIA High Definition Audio Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2007-01-16 192256]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-03-17 135168]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-07-19 180480]

R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-14 634880]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2006-03-02 67584]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-04-04 191168]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avg9emc;AVG Free E-mail Scanner; C:\Arquivos de programas\AVG\AVG9\avgemc.exe [2010-07-24 921952]

R2 avg9wd;AVG Free WatchDog; C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe [2010-07-24 308136]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-08-03 153376]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]

 

-----------------EOF-----------------

[Felipe_88 0]

victoria,

 

1º

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

*Salve o arquivo no desktop como fixME.reg

*Clique com o botão direito do mouse em cima do arquivo fixME.reg > Instalar

Depois, nos informa se você recebeu a mensagem de Envio com Sucesso do referido registro.

 

2º

*Envie os arquivos abaixo para análise em http://virscan.org

 

C:\WINDOWS\system32\Fngmhlib.dll

C:\WINDOWS\imsins.BAK

*Cole os links contendo o resultado.

[victoria. 0]

Quando eu clico com o botão direito do mouse no arquivo salvo, a opção Instalar não aparece!

 

C:\WINDOWS\system32\Fngmhlib.dll http://virscan.org/report/d7dd47831536fd364917096fb395981b.html

 

C:\WINDOWS\imsins.BAK http://virscan.org/report/80152e4b94c9c26ffe82eba7d330133c.html

[Felipe_88 0]

Quando eu clico com o botão direito do mouse no arquivo salvo, a opção Instalar não aparece!

victoria.,

 

Dê dois cliques no arquivo fixME.reg

 

*Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop

* Desative seu antivírus temporariamente:

 

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

*Clique em [sIM] para continuar.

*Aguarde a conclusão de todas as etapas

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

 

No Aguardo.

[victoria. 0]

omboFix 10-08-24.0C - Victoria Regina 25/08/2010 21:59:52.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.446.114 [GMT -3:00]

Executando de: c:\documents and settings\Victoria Regina\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

ADS - svchost.exe: deleted 68 bytes in 1 streams.

ADS - explorer.exe: deleted 100 bytes in 1 streams.

ADS - netcfgx.dll: deleted 68 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\drivers\OEMPnPDrivers\CARDBUS\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDBUS\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDBUS\AMD64\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDBUS\WIN2KXP\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDBUS\WIN9XME\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDREAD\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDREAD\AMD64\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDREAD\WIN2KXP\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\CARDBUS\CARDREAD\WIN9XME\_DESKTOP.INI

c:\windows\drivers\OEMPnPDrivers\VGA\_DESKTOP.INI

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-26 to 2010-08-26 ))))))))))))))))))))))))))))

.

 

2010-08-24 22:04 . 2010-08-24 22:05 -------- d-----w- c:\arquivos de programas\trend micro

2010-08-24 22:04 . 2010-08-24 22:05 -------- d-----w- C:\rsit

2010-08-20 01:19 . 2010-08-20 01:19 388608 ----a-w- C:\HiJackThis.exe

2010-08-17 02:09 . 2004-08-04 02:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2010-08-12 00:26 . 2010-08-12 00:28 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-08-11 00:12 . 2010-08-11 00:12 28160 ----a-w- c:\windows\system32\Fngmhlib.dll

2010-08-03 20:45 . 2010-08-25 22:31 -------- d-----w- c:\documents and settings\Victoria Regina\.rainlendar2

2010-08-03 20:42 . 2010-08-03 20:42 -------- d-----w- c:\arquivos de programas\Rainlendar2

2010-08-03 04:37 . 2010-08-03 04:37 503808 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fc4450e-n\msvcp71.dll

2010-08-03 04:37 . 2010-08-03 04:37 499712 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fc4450e-n\jmc.dll

2010-08-03 04:37 . 2010-08-03 04:37 348160 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fc4450e-n\msvcr71.dll

2010-08-03 04:37 . 2010-08-03 04:37 61440 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2285eee4-n\decora-sse.dll

2010-08-03 04:37 . 2010-08-03 04:37 12800 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2285eee4-n\decora-d3d.dll

2010-08-03 04:36 . 2010-08-03 04:36 -------- d-----w- c:\windows\Sun

2010-08-03 04:36 . 2010-08-03 04:35 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-30 03:14 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-07-30 03:14 . 2009-08-06 22:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-07-29 08:34 . 2010-08-25 22:31 -------- d-----w- c:\documents and settings\Victoria Regina\Tracing

2010-07-29 08:32 . 2010-07-29 08:32 -------- d-----w- c:\arquivos de programas\Microsoft

2010-07-29 08:32 . 2010-07-29 08:32 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-07-29 08:31 . 2010-07-29 08:33 -------- d-----w- c:\arquivos de programas\Windows Live

2010-07-29 08:26 . 2010-07-29 08:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-07-29 05:05 . 2010-07-29 05:05 -------- d-----w- C:\$AVG

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-23 02:32 . 2010-07-24 23:24 -------- d-----w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Skype

2010-08-23 01:31 . 2010-07-25 04:48 -------- d-----w- c:\documents and settings\Victoria Regina\Dados de aplicativos\skypePM

2010-08-03 04:37 . 2006-03-02 12:00 49044 ----a-w- c:\windows\system32\perfc016.dat

2010-08-03 04:37 . 2006-03-02 12:00 344972 ----a-w- c:\windows\system32\perfh016.dat

2010-08-03 04:37 . 2010-07-24 21:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-08-03 04:35 . 2010-07-24 21:51 -------- d-----w- c:\arquivos de programas\Java

2010-07-25 05:00 . 2010-07-25 05:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-07-25 05:00 . 2010-07-25 05:00 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-07-25 04:48 . 2010-07-25 04:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-07-24 23:23 . 2010-07-24 23:23 -------- d-----r- c:\arquivos de programas\Skype

2010-07-24 23:23 . 2010-07-24 23:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-07-24 23:23 . 2010-07-24 23:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2010-07-24 23:12 . 2010-07-24 23:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-24 23:12 . 2010-07-24 23:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-24 23:12 . 2010-07-24 23:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-24 23:12 . 2010-07-24 23:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-24 23:12 . 2010-07-24 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-07-24 23:12 . 2010-07-24 23:12 -------- d-----w- c:\arquivos de programas\AVG

2010-07-24 22:59 . 2010-07-24 22:59 49152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-07-24 22:59 . 2010-07-24 22:59 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-07-24 22:59 . 2010-07-24 22:59 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-07-24 22:59 . 2010-07-24 22:59 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-07-24 22:59 . 2010-07-24 22:38 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-07-24 22:59 . 2010-07-24 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-07-24 22:59 . 2010-07-24 22:38 -------- d-----w- c:\arquivos de programas\Real

2010-07-24 22:59 . 2010-07-24 22:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-07-24 22:53 . 2010-07-24 22:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio

2010-07-24 22:38 . 2010-07-24 22:15 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-07-24 22:38 . 2010-07-24 22:15 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-07-24 22:31 . 2010-07-24 21:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-24 22:16 . 2010-07-24 22:15 -------- d-----w- c:\arquivos de programas\CyberLink

2010-07-24 22:15 . 2010-07-24 21:54 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-07-24 22:03 . 2010-07-24 22:03 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-07-24 22:03 . 2010-07-24 22:03 -------- d-----w- c:\arquivos de programas\Discador Positivo

2010-07-24 21:54 . 2010-07-24 22:03 -------- d-----w- c:\documents and settings\Victoria Regina\Dados de aplicativos\InstallShield

2010-07-24 21:54 . 2010-07-24 22:03 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\InstallShield

2010-07-24 21:53 . 2010-07-24 21:53 -------- d-----w- c:\arquivos de programas\Synaptics

2010-07-24 21:53 . 2010-07-24 21:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-07-24 21:53 . 2010-07-24 21:53 -------- d-----w- c:\arquivos de programas\Clevo

2010-07-24 21:50 . 2010-07-24 21:50 -------- d-----w- c:\arquivos de programas\Motorola

2010-07-24 21:44 . 2010-07-24 21:44 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-07-24 21:42 . 2010-07-24 21:42 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-07-24 21:42 . 2010-07-24 21:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-07-24 21:41 . 2010-07-24 21:41 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2010-06-14 14:30 . 2010-07-24 21:41 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iBest.baloon"="c:\arquivos de programas\Discador Positivo\baloon.exe" [2005-03-15 77824]

"Google Update"="c:\documents and settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-07-25 136176]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Rainlendar2"="c:\arquivos de programas\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CHotKey"="MHOTKEY.exe" [2003-06-03 472576]

"VTTimer"="VTTimer.exe" [2006-09-21 53248]

"S3Trayp"="S3trayp.exe" [2006-10-09 176128]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AutoMailChecker"="c:\arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe" [2002-11-22 847360]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-04-04 737369]

"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-01-13 73728]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-24 202256]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-07-24 2065760]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-24 23:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/7/2010 20:12 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/7/2010 20:12 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [24/7/2010 20:12 921952]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [24/7/2010 20:12 308136]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [24/7/2010 18:48 180480]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4280014455-2443847577-2680517465-1005.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4280014455-2443847577-2680517465-1005.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.positivoinformatica.com.br/

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-25 22:04

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Tempo para conclusão: 2010-08-25 22:05:45

ComboFix-quarantined-files.txt 2010-08-26 01:05

 

Pré-execução: 6 pasta(s) 73.186.959.360 bytes disponíveis

Pós execução: 8 pasta(s) 73.200.418.816 bytes disponíveis

 

WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - D557F69797536D79CC50770DB7FFAEC2

[Felipe_88 0]

Victoria.,

 

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

Killall::

File::

c:\windows\system32\Fngmhlib.dll

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

http://e.imagehost.org/0616/CFScript.gif

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!

*Ao final do procedimento, o programa será fechado automaticamente e será mostrado o relatório

[victoria. 0]

ComboFix 10-09-21.01 - Victoria Regina 21/09/2010 22:17:36.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.446.181 [GMT -3:00]

Executando de: c:\documents and settings\Victoria Regina\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Victoria Regina\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

 

FILE ::

"c:\windows\system32\Fngmhlib.dll"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\Fngmhlib.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-22 to 2010-09-22 ))))))))))))))))))))))))))))

.

 

2010-09-02 18:43 . 2010-09-02 18:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-24 22:04 . 2010-08-24 22:05 -------- d-----w- c:\arquivos de programas\trend micro

2010-08-24 22:04 . 2010-08-24 22:05 -------- d-----w- C:\rsit

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-02 02:01 . 2010-07-24 23:24 -------- d-----w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Skype

2010-09-02 01:38 . 2010-07-25 04:48 -------- d-----w- c:\documents and settings\Victoria Regina\Dados de aplicativos\skypePM

2010-08-20 01:19 . 2010-08-20 01:19 388608 ----a-w- C:\HiJackThis.exe

2010-08-12 00:28 . 2010-08-12 00:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2010-08-03 20:42 . 2010-08-03 20:42 -------- d-----w- c:\arquivos de programas\Rainlendar2

2010-08-03 04:37 . 2010-08-03 04:37 503808 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fc4450e-n\msvcp71.dll

2010-08-03 04:37 . 2010-08-03 04:37 499712 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fc4450e-n\jmc.dll

2010-08-03 04:37 . 2010-08-03 04:37 348160 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2fc4450e-n\msvcr71.dll

2010-08-03 04:37 . 2010-08-03 04:37 61440 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2285eee4-n\decora-sse.dll

2010-08-03 04:37 . 2010-08-03 04:37 12800 ----a-w- c:\documents and settings\Victoria Regina\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2285eee4-n\decora-d3d.dll

2010-08-03 04:37 . 2006-03-02 12:00 49044 ----a-w- c:\windows\system32\perfc016.dat

2010-08-03 04:37 . 2006-03-02 12:00 344972 ----a-w- c:\windows\system32\perfh016.dat

2010-08-03 04:37 . 2010-07-24 21:51 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-08-03 04:35 . 2010-08-03 04:36 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-03 04:35 . 2010-07-24 21:51 -------- d-----w- c:\arquivos de programas\Java

2010-07-29 08:33 . 2010-07-29 08:31 -------- d-----w- c:\arquivos de programas\Windows Live

2010-07-29 08:32 . 2010-07-29 08:32 -------- d-----w- c:\arquivos de programas\Microsoft

2010-07-29 08:32 . 2010-07-29 08:32 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2010-07-29 08:26 . 2010-07-29 08:26 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2010-07-25 05:00 . 2010-07-25 05:00 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Alwil Software

2010-07-25 05:00 . 2010-07-25 05:00 -------- d-----w- c:\arquivos de programas\Alwil Software

2010-07-25 04:48 . 2010-07-25 04:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-07-24 23:23 . 2010-07-24 23:23 -------- d-----r- c:\arquivos de programas\Skype

2010-07-24 23:23 . 2010-07-24 23:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype

2010-07-24 23:23 . 2010-07-24 23:23 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype

2010-07-24 23:12 . 2010-07-24 23:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-24 23:12 . 2010-07-24 23:12 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-24 23:12 . 2010-07-24 23:12 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-24 23:12 . 2010-07-24 23:12 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-07-24 23:12 . 2010-07-24 23:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-07-24 23:12 . 2010-07-24 23:12 -------- d-----w- c:\arquivos de programas\AVG

2010-07-24 22:59 . 2010-07-24 22:59 49152 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-07-24 22:59 . 2010-07-24 22:59 45056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-07-24 22:59 . 2010-07-24 22:59 40960 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-07-24 22:59 . 2010-07-24 22:59 308808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-07-24 22:59 . 2010-07-24 22:59 14848 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-07-24 22:59 . 2010-07-24 22:38 341600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-07-24 22:59 . 2010-07-24 22:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real

2010-07-24 22:59 . 2010-07-24 22:38 -------- d-----w- c:\arquivos de programas\Real

2010-07-24 22:59 . 2010-07-24 22:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2010-07-24 22:53 . 2010-07-24 22:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SWF Studio

2010-07-24 22:38 . 2010-07-24 22:15 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-07-24 22:38 . 2010-07-24 22:15 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-07-24 22:31 . 2010-07-24 21:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-24 22:16 . 2010-07-24 22:15 -------- d-----w- c:\arquivos de programas\CyberLink

2010-07-24 22:15 . 2010-07-24 21:54 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2010-07-24 22:03 . 2010-07-24 22:03 -------- d-----w- c:\arquivos de programas\Kaspersky Lab

2010-07-24 22:03 . 2010-07-24 22:03 -------- d-----w- c:\arquivos de programas\Discador Positivo

2010-07-24 21:54 . 2010-07-24 22:03 -------- d-----w- c:\documents and settings\Victoria Regina\Dados de aplicativos\InstallShield

2010-07-24 21:53 . 2010-07-24 21:53 -------- d-----w- c:\arquivos de programas\Synaptics

2010-07-24 21:53 . 2010-07-24 21:53 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-07-24 21:53 . 2010-07-24 21:53 -------- d-----w- c:\arquivos de programas\Clevo

2010-07-24 21:50 . 2010-07-24 21:50 -------- d-----w- c:\arquivos de programas\Motorola

2010-07-24 21:44 . 2010-07-24 21:44 -------- d-----w- c:\arquivos de programas\microsoft frontpage

2010-07-24 21:42 . 2010-07-24 21:42 -------- d-----w- c:\arquivos de programas\Serviços on-line

2010-07-24 21:42 . 2010-07-24 21:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços

2010-07-24 21:41 . 2010-07-24 21:41 21844 ----a-w- c:\windows\system32\emptyregdb.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iBest.baloon"="c:\arquivos de programas\Discador Positivo\baloon.exe" [2005-03-15 77824]

"Google Update"="c:\documents and settings\Victoria Regina\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-07-25 136176]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

"Rainlendar2"="c:\arquivos de programas\Rainlendar2\Rainlendar2.exe" [2010-07-11 2199040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CHotKey"="MHOTKEY.exe" [2003-06-03 472576]

"VTTimer"="VTTimer.exe" [2006-09-21 53248]

"S3Trayp"="S3trayp.exe" [2006-10-09 176128]

"SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AutoMailChecker"="c:\arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe" [2002-11-22 847360]

"SynTPEnh"="c:\arquivos de programas\Synaptics\SynTP\SynTPEnh.exe" [2006-04-04 737369]

"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-01-13 73728]

"RemoteControl"="c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-07-24 202256]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2010-07-24 2065760]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-24 23:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/7/2010 20:12 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/7/2010 20:12 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\arquivos de programas\AVG\AVG9\avgemc.exe [24/7/2010 20:12 921952]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [24/7/2010 20:12 308136]

R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [24/7/2010 18:48 180480]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4280014455-2443847577-2680517465-1005.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

 

2010-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4280014455-2443847577-2680517465-1005.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = hxxp://www.positivoinformatica.com.br/

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-21 22:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\MHOTKEY.exe

c:\windows\system32\VTTimer.exe

c:\windows\system32\S3trayp.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-09-21 22:27:50 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-09-22 01:27

ComboFix2.txt 2010-08-26 01:05

 

Pré-execução: 7 pasta(s) 72.958.242.816 bytes disponíveis

Pós execução: 8 pasta(s) 72.969.310.208 bytes disponíveis

 

- - End Of File - - 58C79843D5E6BCB6927FF2623CC89118

[Felipe_88 0]

victoria.,

 

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Faça um scan online com o NOD32

 

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[Felipe_88 0]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.