aLp.zN 0 Denunciar post Postado Novembro 19, 2010 Por favor, me ajudem. Eu instalei um negócio aqui e depois o pc ficou lento. Estou nervoso...rsrs Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:27:32, on 19/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Cyberlink\Shared files\brs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\VMSnap23.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Domino.exe C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Messenger\msmsgs.exe D:\Arquivos de programas\Steam\steam.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe d:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe D:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Arquivos de programas\Windows Media Player\wmplayer.exe C:\Arquivos de programas\WinRAR\WinRAR.exe C:\DOCUME~1\VICTOR~1\CONFIG~1\Temp\Rar$EX00.641\HijackThis.exe R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBHGui] D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe O4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Arquivos de programas\Steam\steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Sony Ericsson PC Suite\SupServ.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Arquivos de programas\WinPcap\rpcapd.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - d:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8124 bytes GRATO DESDE JÁ! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 20, 2010 Olá aLp.zN *Desative seu antivírus temporariamente *Baixe o RSIT e salve-o no desktop *Execute o RSIT e clique [Continue] *Cole o relatório C:\rsit\log.txt Compartilhar este post Link para o post Compartilhar em outros sites
aLp.zN 0 Denunciar post Postado Novembro 21, 2010 Olá aLp.zN *Desative seu antivírus temporariamente *Baixe o RSIT'>http://images.malwareremoval.com/random/RSIT.exe"]RSIT e salve-o no desktop *Execute o RSIT e clique [Continue] *Cole o relatório C:\rsit\log.txt Logfile of random's system information tool 1.08 (written by random/random) Run by Victor Ribeiro at 2010-11-21 02:23:35 Microsoft Windows XP Professional Service Pack 3 System drive C: has 3 GB (24%) free of 11 GB Total RAM: 1023 MB (27% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:23:43, on 21/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Cyberlink\Shared files\brs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\VMSnap23.exe C:\WINDOWS\Domino.exe C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Skype\Phone\Skype.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe d:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe D:\Arquivos de programas\Mozilla Firefox\firefox.exe D:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Victor Ribeiro\Desktop\RSIT.exe C:\Arquivos de programas\trend micro\Victor Ribeiro.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/ R3 - URLSearchHook: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MessengerPlusLive Brazil TB Toolbar - {c69650dc-9644-4580-aa86-0ea329ee6c60} - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [amd_dc_opt] C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBHGui] D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe O4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [steam] "D:\Arquivos de programas\Steam\steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Sony Ericsson PC Suite\SupServ.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Arquivos de programas\WinPcap\rpcapd.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - d:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9136 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}] MessengerPlusLive Brazil TB Toolbar - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll [2010-09-29 2735200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {c69650dc-9644-4580-aa86-0ea329ee6c60} - MessengerPlusLive Brazil TB Toolbar - C:\Arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll [2010-09-29 2735200] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2005-05-21 925696] "amd_dc_opt"=C:\Arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824] "Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "NBHGui"=D:\Arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe [2008-09-29 2079256] "LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2001-09-12 818688] "avast5"=C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912] "SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-05-14 248552] "QuickTime Task"=D:\Arquivos de programas\QuickTime\QTTask.exe [2010-09-08 421888] "BDRegion"=C:\Arquivos de programas\Cyberlink\Shared files\brs.exe [2010-04-02 75048] "nwiz"=C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432] "BigDogPath323VMSnap"=C:\WINDOWS\VMSnap23.exe [2006-09-19 212992] "BigDogPath323Domino"=C:\WINDOWS\Domino.exe [2006-06-28 49152] "SoundMax"=C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080] "AlcoholAutomount"=d:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120] "Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2010-10-11 14940040] "DAEMON Tools Pro Agent"=D:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe [2010-04-15 427328] "MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232] "Steam"=D:\Arquivos de programas\Steam\steam.exe [2010-11-17 1242448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] D:\Arquivos de programas\Nero\Nero 9\InCD\InCD.exe [2008-09-29 1111064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] D:\Arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoResolveSearch"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena" "C:\Arquivos de programas\Google\Google Earth\client\googleearth.exe"="C:\Arquivos de programas\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth" "C:\Arquivos de programas\Maple 12\jre\bin\maple.exe"="C:\Arquivos de programas\Maple 12\jre\bin\maple.exe:*:Enabled:Maple 12" "D:\Program Files\Warcraft III\Warcraft III.exe"="D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "D:\Arquivos de programas\Warcraft III\war3.exe"="D:\Arquivos de programas\Warcraft III\war3.exe:*:Enabled:Warcraft III" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "D:\Arquivos de programas\uTorrent\uTorrent.exe"="D:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "D:\Arquivos de programas\GHostOne\ghost.exe"="D:\Arquivos de programas\GHostOne\ghost.exe:*:Enabled:ghost" "D:\Arquivos de programas\GHostOne\GHostOne.exe"="D:\Arquivos de programas\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot" "D:\Arquivos de programas\BitTorrent\BitTorrent.exe"="D:\Arquivos de programas\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "D:\Arquivos de programas\Combat Arms\CombatArms.exe"="D:\Arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Arquivos de programas\Combat Arms\Engine.exe"="D:\Arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe" "D:\Program Files\Valve\Counter-Strike 1.6 Sector Edition\hl.exe"="D:\Program Files\Valve\Counter-Strike 1.6 Sector Edition\hl.exe:*:Enabled:Half-Life Launcher" "D:\Arquivos de programas\Combat Arms\NMService.exe"="D:\Arquivos de programas\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core" "E:\Arquivos de programas\Aspyr\Guitar Hero III\GH3.exe"="E:\Arquivos de programas\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III" "E:\Arquivos de programas\Wizards of the Coast LLC\Magic The Gathering - Duels of the Planeswalkers\DotP.exe"="E:\Arquivos de programas\Wizards of the Coast LLC\Magic The Gathering - Duels of the Planeswalkers\DotP.exe:*:Enabled:DotP" "D:\Arquivos de programas\Electronic Arts\Battlefield 2142\BF2142.exe"="D:\Arquivos de programas\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2" "C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "D:\Arquivos de programas\mIRC\mirc.exe"="D:\Arquivos de programas\mIRC\mirc.exe:*:Enabled:mIRC" "D:\Arquivos de programas\CyberScript32\CyberScript.exe"="D:\Arquivos de programas\CyberScript32\CyberScript.exe:*:Enabled:mIRC" "D:\Arquivos de programas\Steam\Steam.exe"="D:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam" "D:\Arquivos de programas\Steam\steamapps\fairplaybr\counter-strike\hl.exe"="D:\Arquivos de programas\Steam\steamapps\fairplaybr\counter-strike\hl.exe:*:Enabled:Counter-Strike" "D:\Arquivos de programas\Steam\steamapps\dustt_\counter-strike\hl.exe"="D:\Arquivos de programas\Steam\steamapps\dustt_\counter-strike\hl.exe:*:Enabled:Counter-Strike" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "D:\Arquivos de programas\Nexon\Combat Arms\CombatArms.exe"="D:\Arquivos de programas\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Arquivos de programas\Nexon\Combat Arms\Engine.exe"="D:\Arquivos de programas\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe" "D:\Arquivos de programas\Combat Arms\CombatArms.exe"="D:\Arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Arquivos de programas\Combat Arms\Engine.exe"="D:\Arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe" ======List of files/folders created in the last 1 months====== 2010-12-10 00:54:16 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\IObit 2010-12-08 20:52:46 ----D---- C:\WINDOWS\Sun 2010-11-21 02:23:35 ----D---- C:\rsit 2010-11-21 02:23:35 ----D---- C:\Arquivos de programas\trend micro 2010-11-20 03:12:55 ----D---- C:\Arquivos de programas\sXe Injected 2010-11-19 12:24:25 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Opera 2010-11-19 12:24:25 ----D---- C:\Arquivos de programas\Mozilla Firefox 2010-11-18 17:41:00 ----D---- C:\Arquivos de programas\Minimodem USB 2010-11-17 09:36:42 ----A---- C:\WINDOWS\system32\wmpns.dll 2010-11-17 09:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$ 2010-11-17 09:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2360131$ 2010-11-17 04:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$ 2010-11-17 04:52:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$ 2010-11-17 04:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$ 2010-11-17 04:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$ 2010-11-17 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$ 2010-11-17 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$ 2010-11-17 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$ 2010-11-17 03:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$ 2010-11-16 19:12:06 ----RSH---- C:\Documents and Settings\All Users\Dados de aplicativos\564052607B.sys 2010-11-16 19:12:05 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-11-16 19:11:24 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Corel 2010-11-16 19:09:38 ----D---- C:\Arquivos de programas\Arquivos comuns\Protexis 2010-11-16 19:09:37 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Corel 2010-11-16 19:06:18 ----D---- C:\Arquivos de programas\Arquivos comuns\Corel 2010-11-16 15:30:12 ----D---- C:\Arquivos de programas\Microsoft.NET 2010-11-14 01:53:01 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Apple Computer 2010-11-13 15:17:15 ----RA---- C:\WINDOWS\VMSnap23.exe 2010-11-13 15:17:15 ----RA---- C:\WINDOWS\VMCap323.exe 2010-11-13 15:17:15 ----RA---- C:\WINDOWS\Domino.exe 2010-11-13 15:17:12 ----RA---- C:\WINDOWS\system32\drivers\usbvm323.sys 2010-11-12 16:24:50 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Help 2010-11-04 10:40:39 ----A---- C:\WINDOWS\system32\javaws.exe 2010-11-04 10:40:39 ----A---- C:\WINDOWS\system32\javaw.exe 2010-11-04 10:40:39 ----A---- C:\WINDOWS\system32\java.exe 2010-10-30 23:27:06 ----SHD---- C:\RECYCLER 2010-10-26 16:09:46 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\PriceGong 2010-10-26 16:04:48 ----A---- C:\ComboFix.txt 2010-10-25 23:36:06 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2010-10-25 23:33:18 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Pro 2010-10-25 23:19:39 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\DAEMON Tools Pro 2010-10-25 23:18:47 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2010-10-25 21:53:21 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\mIRC 2010-10-25 16:59:13 ----A---- C:\Boot.bak 2010-10-25 16:59:08 ----RASHD---- C:\cmdcons 2010-10-25 16:56:08 ----D---- C:\WINDOWS\ERDNT 2010-10-25 10:47:33 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Malwarebytes 2010-10-25 10:47:22 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes 2010-10-25 08:36:16 ----D---- C:\Arquivos de programas\Arquivos comuns\Skype 2010-10-25 08:36:08 ----RD---- C:\Arquivos de programas\Skype ======List of files/folders modified in the last 1 months====== 2010-11-21 02:23:42 ----D---- C:\WINDOWS\Prefetch 2010-11-21 02:23:35 ----RD---- C:\Arquivos de programas 2010-11-21 02:22:22 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Skype 2010-11-21 01:59:21 ----D---- C:\WINDOWS\Temp 2010-11-21 01:59:18 ----D---- C:\WINDOWS\system32\CatRoot2 2010-11-21 01:55:12 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\skypePM 2010-11-21 01:52:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-11-21 01:52:00 ----A---- C:\WINDOWS\ModemLog_ONDA Proprietary HS-USB Modem.txt 2010-11-20 19:46:10 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\uTorrent 2010-11-19 13:18:00 ----D---- C:\WINDOWS\system32\drivers\etc 2010-11-19 13:15:10 ----D---- C:\WINDOWS\system32 2010-11-19 13:15:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-11-19 13:14:34 ----D---- C:\WINDOWS 2010-11-19 10:15:29 ----D---- C:\Documents and Settings\Victor Ribeiro\Dados de aplicativos\Media Player Classic 2010-11-19 10:15:27 ----D---- C:\WINDOWS\Debug 2010-11-19 10:10:23 ----SHD---- C:\WINDOWS\Installer 2010-11-18 17:43:07 ----D---- C:\WINDOWS\system32\CatRoot 2010-11-18 17:41:14 ----HD---- C:\WINDOWS\inf 2010-11-18 17:41:14 ----D---- C:\WINDOWS\system32\drivers 2010-11-18 17:41:11 ----D---- C:\WINDOWS\system32\SupportAppXL 2010-11-18 15:39:16 ----D---- C:\WINDOWS\Microsoft.NET 2010-11-18 15:38:33 ----RSD---- C:\WINDOWS\assembly 2010-11-18 15:27:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-11-18 11:16:44 ----D---- C:\WINDOWS\WinSxS 2010-11-18 11:13:14 ----D---- C:\WINDOWS\system32\XPSViewer 2010-11-18 11:13:11 ----D---- C:\WINDOWS\system32\en-us 2010-11-18 11:13:03 ----RSD---- C:\WINDOWS\Fonts 2010-11-18 11:10:17 ----D---- C:\Arquivos de programas\Internet Explorer 2010-11-17 04:53:00 ----HD---- C:\WINDOWS\$hf_mig$ 2010-11-16 19:10:00 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared 2010-11-16 19:09:38 ----D---- C:\Arquivos de programas\Arquivos comuns 2010-11-16 15:38:10 ----D---- C:\WINDOWS\system32\pt-BR 2010-11-15 22:25:47 ----D---- C:\Arquivos de programas\Maple 12 2010-11-13 15:17:28 ----D---- C:\WINDOWS\EffectResources 2010-11-04 10:40:20 ----D---- C:\Arquivos de programas\Java 2010-11-02 16:47:16 ----A---- C:\WINDOWS\system32\MRT.exe 2010-11-01 13:42:22 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-10-26 18:20:08 ----RASH---- C:\boot.ini 2010-10-26 18:20:08 ----A---- C:\WINDOWS\win.ini 2010-10-26 18:20:08 ----A---- C:\WINDOWS\system.ini 2010-10-26 16:01:46 ----D---- C:\WINDOWS\AppPatch 2010-10-25 15:18:29 ----D---- C:\WINDOWS\ehome 2010-10-25 08:36:01 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-25 697328] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672] R1 InCDPass;Nero InCDPass Driver; C:\WINDOWS\system32\DRIVERS\InCDPass.sys [2008-09-29 40216] R1 InCDRm;Nero MRW Remapper Driver; C:\WINDOWS\system32\DRIVERS\InCDRm.sys [2008-09-29 41752] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/05 15:58:50]; \??\D:\Arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176] R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872] R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376] R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 InCDFs;Nero UDF File System Driver; C:\WINDOWS\system32\DRIVERS\InCDFs.sys [2008-09-29 129560] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480] R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-09-30 27632] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-11 393088] S3 a1r2c1m6;a1r2c1m6; C:\WINDOWS\system32\drivers\a1r2c1m6.sys [] S3 a6lnb0ar;a6lnb0ar; C:\WINDOWS\system32\drivers\a6lnb0ar.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\VICTOR~1\CONFIG~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\VICTOR~1\CONFIG~1\Temp\KYCD42.tmp [] S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files\Garena\safedrv.sys [] S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ONDAusbmdm6k.sys [2008-04-23 104960] S3 ONDAusbnmea;ONDA NMEA Port; C:\WINDOWS\system32\DRIVERS\ONDAusbnmea.sys [2008-04-23 104960] S3 ONDAusbser6k;ONDA Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ONDAusbser6k.sys [2008-04-23 104960] S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\system32\DRIVERS\s916bus.sys [2007-11-02 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s916mdm.sys [2007-11-02 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s916obex.sys [2007-11-02 100008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 vmfilter323;323 filter service, Normal; C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-08 476672] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZSMC326;TD74 USB2.0 PC Camera(VC0323); C:\WINDOWS\System32\Drivers\usbvm323.sys [2007-04-24 257408] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] R2 InCDSrv;InCD Helper; D:\Arquivos de programas\Nero\Nero 9\InCD\InCDSrv.exe [2008-09-29 1483800] R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-09-15 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-09-12 300544] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208] R2 NeroRegInCDSrv;Nero Registry InCD Service; D:\Arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [2008-09-29 108568] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-10-06 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-11-01 214864] R2 PSI_SVC_2;Protexis Licensing V2; C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 StarWindServiceAE;StarWind AE Service; d:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S1 InCDRec;Nero UDF File System Recognizer Driver; C:\WINDOWS\system32\DRIVERS\InCDRec.sys [2008-09-29 19352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 135664] S2 OMSI download service;Sony Ericsson OMSI download service; D:\Sony Ericsson PC Suite\SupServ.exe [] S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] S3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Arquivos de programas\WinPcap\rpcapd.exe [2010-06-25 117264] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 21, 2010 1. *Delete o RSIT e a pasta C:\rsit 2. *Desative temporariamente seu antivírus *Baixe o ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Não use o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER] *Cole o relatório C:\combofix.txt Compartilhar este post Link para o post Compartilhar em outros sites
aLp.zN 0 Denunciar post Postado Novembro 22, 2010 1. *Delete o RSIT e a pasta C:\rsit 2. *Desative temporariamente seu antivírus *Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop *Execute o Combofix e aceite o contrato *Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar. *Aguarde a conclusão de todas as etapas *Não use o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER] *Cole o relatório C:\combofix.txt ComboFix 10-11-21.02 - Victor Ribeiro 22/11/2010 11:40:51.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.532 [GMT -2:00] Executando de: c:\documents and settings\Victor Ribeiro\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\1.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\a.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\b.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\c.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\d.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\e.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\f.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\g.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\h.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\i.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\J.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\k.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\l.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\m.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\mru.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\n.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\o.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\p.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\q.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\r.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\s.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\t.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\u.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\v.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\w.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\x.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\y.xml c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PriceGong\Data\z.xml . (((((((((((((((( Arquivos/Ficheiros criados de 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))) . 2010-12-10 02:54 . 2010-12-10 02:54 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\IObit 2010-12-08 22:52 . 2010-12-08 22:52 -------- d-----w- c:\windows\Sun 2010-11-21 04:23 . 2010-11-21 04:23 -------- d-----w- c:\arquivos de programas\trend micro 2010-11-20 05:12 . 2010-11-21 14:27 -------- d-----w- c:\arquivos de programas\sXe Injected 2010-11-18 19:41 . 2010-11-21 01:59 -------- d-----w- c:\arquivos de programas\Minimodem USB 2010-11-17 11:36 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-11-17 11:05 . 2010-11-17 11:05 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\PCHealth 2010-11-16 21:12 . 2010-11-16 21:15 88 --sh--r- c:\documents and settings\All Users\Dados de aplicativos\564052607B.sys 2010-11-16 21:12 . 2010-11-16 21:15 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-11-16 21:11 . 2010-11-16 21:12 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Corel 2010-11-16 21:09 . 2010-11-16 21:09 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Protexis 2010-11-16 21:09 . 2010-11-16 21:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Corel 2010-11-16 21:06 . 2010-11-16 21:06 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel 2010-11-16 17:30 . 2010-11-16 17:30 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2010-11-14 03:53 . 2010-11-19 14:24 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Apple Computer 2010-11-13 17:17 . 2006-09-19 16:26 212992 ----a-r- c:\windows\VMSnap23.exe 2010-11-13 17:17 . 2006-06-28 04:54 49152 ----a-r- c:\windows\Domino.exe 2010-11-13 17:17 . 2006-03-30 22:24 81920 ----a-r- c:\windows\VMCap323.exe 2010-11-13 17:17 . 2007-04-24 13:56 257408 ----a-r- c:\windows\system32\drivers\usbvm323.sys 2010-11-13 17:17 . 2006-12-27 16:11 253952 ----a-r- c:\windows\system32\Vmprp323.ax 2010-11-13 17:17 . 2006-09-22 17:14 98304 ----a-r- c:\windows\system32\VMCtrl323.ax 2010-11-12 18:24 . 2010-11-12 18:24 -------- d-----w- c:\documents and settings\Victor Ribeiro\Configurações locais\Dados de aplicativos\Help 2010-11-04 12:40 . 2010-09-15 04:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-26 01:36 . 2010-10-26 01:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2010-10-26 01:33 . 2010-10-26 01:37 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Pro 2010-10-26 01:19 . 2010-10-26 01:42 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\DAEMON Tools Pro 2010-10-25 23:53 . 2010-10-30 21:41 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\mIRC 2010-10-25 12:47 . 2010-10-25 12:47 -------- d-----w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Malwarebytes 2010-10-25 12:47 . 2010-10-25 12:47 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-10-25 10:36 . 2010-10-25 10:36 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Skype 2010-10-25 10:36 . 2010-10-25 10:36 -------- d-----r- c:\arquivos de programas\Skype . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-01 16:35 . 2010-10-14 17:08 214864 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-11-01 15:44 . 2010-10-06 20:30 138664 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-11-01 15:42 . 2010-10-06 20:30 214864 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-10-26 01:37 . 2010-08-12 21:55 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-10-16 06:51 . 2010-10-16 06:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-10-06 20:30 . 2010-10-06 20:30 138056 ----a-w- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\PnkBstrK.sys 2010-10-06 20:30 . 2010-10-06 20:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-10-06 20:30 . 2010-10-06 20:30 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe 2010-10-05 18:56 . 2010-08-12 22:38 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-10-05 18:56 . 2010-08-12 22:38 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-09-30 13:48 . 2010-09-30 13:48 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2010-09-26 02:20 . 2010-09-26 02:20 73728 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll 2010-09-26 02:20 . 2010-09-26 02:20 212992 ----a-w- c:\windows\system32\IscDbc.dll 2010-09-26 02:20 . 2010-09-26 02:20 188416 ----a-w- c:\windows\system32\OdbcJdbc.dll 2010-09-25 21:57 . 2010-09-25 21:57 40960 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hltv.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe 2010-09-25 21:57 . 2010-09-25 21:57 40960 ----a-r- c:\documents and settings\Victor Ribeiro\Dados de aplicativos\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hlds.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe 2010-09-15 06:50 . 2010-08-20 13:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-14 08:00 . 2010-10-10 05:03 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-09-10 21:12 . 2010-09-10 21:09 2829 ----a-w- c:\windows\War3Unin.pif 2010-09-10 21:12 . 2010-09-10 21:09 139264 ----a-w- c:\windows\War3Unin.exe 2010-09-09 14:22 . 2008-04-14 12:00 669184 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 14:22 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2010-09-09 14:22 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 14:16 . 2008-04-14 12:00 370688 ----a-w- c:\windows\system32\html.iec 2010-09-08 14:17 . 2010-09-08 14:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 14:17 . 2010-09-08 14:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-07 14:12 . 2010-08-13 21:43 38848 ----a-w- c:\windows\avastSS.scr 2010-09-07 14:11 . 2010-08-12 22:38 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 13:52 . 2010-08-12 22:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 13:52 . 2010-08-12 22:39 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 13:47 . 2010-08-12 22:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 13:47 . 2010-08-12 22:39 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-09-07 13:47 . 2010-08-12 22:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-09-07 13:47 . 2010-08-12 22:39 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-07 13:46 . 2010-08-12 22:39 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-09-01 11:52 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2008-04-14 12:00 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:03 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:53 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 10:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200] [HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c69650dc-9644-4580-aa86-0ea329ee6c60}] 2010-09-29 19:16 2735200 ----a-w- c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{c69650dc-9644-4580-aa86-0ea329ee6c60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200] [HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C69650DC-9644-4580-AA86-0EA329EE6C60}"= "c:\arquivos de programas\MessengerPlusLive_Brazil_TB\tbMes1.dll" [2010-09-29 2735200] [HKEY_CLASSES_ROOT\clsid\{c69650dc-9644-4580-aa86-0ea329ee6c60}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-09-29 08:09 98328 ----a-w- d:\arquivos de programas\Nero\Nero 9\InCD\NBHshx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "AlcoholAutomount"="d:\arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120] "Skype"="c:\arquivos de programas\Skype\Phone\Skype.exe" [2010-10-11 14940040] "DAEMON Tools Pro Agent"="d:\arquivos de programas\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] "Steam"="d:\arquivos de programas\Steam\steam.exe" [2010-11-17 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-21 925696] "amd_dc_opt"="c:\arquivos de programas\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "NBHGui"="d:\arquivos de programas\Nero\Nero 9\InCD\NBHGui.exe" [2008-09-29 2079256] "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2001-09-13 818688] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="d:\arquivos de programas\QuickTime\QTTask.exe" [2010-09-08 421888] "BDRegion"="c:\arquivos de programas\Cyberlink\Shared files\brs.exe" [2010-04-02 75048] "nwiz"="c:\arquivos de programas\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "BigDogPath323VMSnap"="c:\windows\VMSnap23.exe" [2006-09-19 212992] "BigDogPath323Domino"="c:\windows\Domino.exe" [2006-06-28 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2008-09-29 08:09 1111064 ----a-w- d:\arquivos de programas\Nero\Nero 9\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-03 03:08 87336 ----a-w- d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Garena\\Garena.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"= "d:\\Program Files\\Warcraft III\\Warcraft III.exe"= "d:\\Arquivos de programas\\Warcraft III\\war3.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "d:\\Arquivos de programas\\GHostOne\\ghost.exe"= "d:\\Arquivos de programas\\GHostOne\\GHostOne.exe"= "d:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"= "d:\arquivos de programas\Combat Arms\CombatArms.exe"= d:\arquivos de programas\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "d:\arquivos de programas\Combat Arms\Engine.exe"= d:\arquivos de programas\Combat Arms\Engine.exe:*Enabled:Engine.exe "d:\\Arquivos de programas\\Combat Arms\\NMService.exe"= "e:\\Arquivos de programas\\Aspyr\\Guitar Hero III\\GH3.exe"= "e:\\Arquivos de programas\\Wizards of the Coast LLC\\Magic The Gathering - Duels of the Planeswalkers\\DotP.exe"= "d:\\Arquivos de programas\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Arquivos de programas\\mIRC\\mirc.exe"= "d:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"= "d:\\Arquivos de programas\\Steam\\Steam.exe"= "d:\\Arquivos de programas\\Steam\\steamapps\\fairplaybr\\counter-strike\\hl.exe"= "d:\\Arquivos de programas\\Steam\\steamapps\\dustt_\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57050:TCP"= 57050:TCP:Pando Media Booster "57050:UDP"= 57050:UDP:Pando Media Booster R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 20:39 165584] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/05 15:58];d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [2/4/2010 10:11 87536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/8/2010 20:39 17744] R2 NeroRegInCDSrv;Nero Registry InCD Service;d:\arquivos de programas\Nero\Nero 9\InCD\NBHRegInCDSrv.exe [29/9/2008 06:09 108568] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/6/2010 15:07 35088] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [30/9/2010 11:48 27632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 13:16 130384] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [16/8/2010 02:14 135664] S2 OMSI download service;Sony Ericsson OMSI download service;d:\sony ericsson pc suite\SupServ.exe --> d:\sony ericsson pc suite\SupServ.exe [?] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\VICTOR~1\CONFIG~1\Temp\KYCD42.tmp --> c:\docume~1\VICTOR~1\CONFIG~1\Temp\KYCD42.tmp [?] S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [12/8/2010 20:14 104960] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [12/8/2010 20:14 104960] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [12/8/2010 20:14 104960] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [29/9/2010 10:52 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [29/9/2010 10:52 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [29/9/2010 10:52 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [29/9/2010 10:52 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [29/9/2010 10:52 100008] S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [15/8/2010 01:04 476672] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 13:16 753504] S3 ZSMC326;TD74 USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [13/11/2010 15:17 257408] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/8/2010 19:55 697328] . Conteúdo da pasta 'Tarefas Agendadas' 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 04:14] 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-08-16 04:14] . . ------- Scan Suplementar ------- . uStart Page = hxxp://search.localstrike.com.ar/ mStart Page = hxxp://search.localstrike.com.ar/ . - - - - ORFÃOS REMOVIDOS - - - - AddRemove-HijackThis - c:\docume~1\VICTOR~1\CONFIG~1\Temp\Rar$EX00.735\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-22 11:43 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\VICTOR~1\CONFIG~1\Temp\KYCD42.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\d:\arquivos de programas\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Tempo para conclusão: 2010-11-22 11:45:20 ComboFix-quarantined-files.txt 2010-11-22 13:45 Pré-execução: 2.635.976.704 bytes disponíveis Pós execução: 2.662.850.560 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - F57EDB47AADFD6B520049072959DB967 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 22, 2010 OK...o PC está limpo. *Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall *Clique [OK] > [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
aLp.zN 0 Denunciar post Postado Novembro 23, 2010 OK...o PC está limpo. *Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall *Clique [OK] > [Executar] *Aguarde surgir a mensagem: "ComboFix está desinstalado" *Clique [OK] Um abraço. Um abraço. Obrigado pela atenção wings.. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Novembro 23, 2010 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
