Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Ostrogodo

Alguém dá uma olhada nesse log!

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 11:47:40, on 3/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FAH.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FahCore_82.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Arquivos de programas\Last.fm\LastFM.exe

D:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.875\HijackThis.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] "D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [46131] C:\WINDOWS/46131.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe - Stanford University - D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FAH.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Bem vindo ao Fórum do Clube do Hardware

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

log.txt:

Logfile of random's system information tool 1.04 (written by random/random)

Run by Administrador at 2008-11-13 09:10:35

Microsoft Windows XP Professional Service Pack 2

System drive C: has 968 MB (12%) free of 8 GB

Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:10:41, on 13/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FAH.exe

D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Administrador.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] "D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Arquivos de programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [46131] C:\WINDOWS/46131.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe - Stanford University - D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FAH.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: NMSAccessU - Unknown owner - D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 8791 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1953792]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

"nwiz"=nwiz.exe /install []

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"QuickTime Task"=C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe [2008-09-06 413696]

"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576]

"HP Software Update"=D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

"HP Component Manager"=C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

"PWRISOVM.EXE"=D:\Arquivos de programas\PowerISO\PWRISOVM.EXE [2008-07-07 167936]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]

"avgnt"=C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-09-09 3513344]

"RocketDock"=C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 344064]

"46131"=C:\WINDOWS/46131.exe [2008-09-26 11701480]

"DAEMON Tools Lite"=D:\Arquivos de programas\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

"SpybotSD TeaTimer"=D:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

HP Digital Imaging Monitor.lnk - D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

Inicialização rápida do HP Image Zone.lnk - D:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar

RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"NoDispSettingPage"=1

"NoDispScrSavPage"=0

"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoSharedDocuments"=1

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"

"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"

"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"

"D:\Combat Arms\NMService.exe"="D:\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"

"D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"

"D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"

"D:\Arquivos de programas\rFactor\rFactor.exe"="D:\Arquivos de programas\rFactor\rFactor.exe:*:Enabled:rFactor"

"D:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaWmp.exe"="D:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War"

"D:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaW.exe"="D:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War"

"C:\Arquivos de programas\aMSN\bin\wish.exe"="C:\Arquivos de programas\aMSN\bin\wish.exe:*:Enabled:Wish Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\Combat Arms\CombatArms.exe"="D:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"

"D:\Combat Arms\Engine.exe"="D:\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345d7325-a916-11dd-9512-001a4d78d891}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

======List of files/folders created in the last 1 months======

2008-11-13 09:10:36 ----D---- C:\Arquivos de programas\trend micro

2008-11-13 09:10:35 ----D---- C:\rsit

2008-11-13 08:59:57 ----D---- C:\Arquivos de programas\aMSN

2008-11-08 19:20:28 ----D---- C:\LinhaDefensiva

2008-11-03 17:46:33 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Canneverbe_Limited

2008-11-03 11:23:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-03 09:28:02 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Hamachi

2008-11-03 00:10:52 ----D---- C:\WINDOWS\system32\Nova pasta

2008-11-03 00:04:59 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2008-11-03 00:04:59 ----D---- C:\Arquivos de programas\Avira

2008-10-28 15:53:51 ----D---- C:\WINDOWS\Sun

2008-10-25 16:41:18 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer PRO

2008-10-23 08:43:06 ----D---- C:\WINDOWS\NV34643468.TMP

2008-10-23 08:32:36 ----D---- C:\WINDOWS\system32\AGEIA

2008-10-23 08:32:36 ----D---- C:\Arquivos de programas\AGEIA Technologies

2008-10-23 08:32:30 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-23 08:32:26 ----D---- C:\WINDOWS\NV40284032.TMP

2008-10-22 13:07:29 ----RHD---- C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-10-22 12:57:12 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2008-10-22 12:54:17 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2008-10-22 12:54:14 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2008-10-22 12:54:14 ----A---- C:\WINDOWS\system32\pbsvc.exe

2008-10-22 11:28:11 ----A---- C:\_Sid.txt

2008-10-22 11:26:40 ----D---- C:\Arquivos de programas\Arquivos comuns\HP

2008-10-22 11:25:47 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-10-22 11:25:47 ----D---- C:\Arquivos de programas\Hewlett-Packard

2008-10-22 11:25:42 ----RA---- C:\WINDOWS\system32\MSXML4r.dll

2008-10-22 11:25:42 ----RA---- C:\WINDOWS\system32\MSXML4a.dll

2008-10-22 11:25:42 ----RA---- C:\WINDOWS\system32\MSXML4.dll

2008-10-22 11:25:42 ----RA---- C:\WINDOWS\system32\hpvcr70.dll

2008-10-22 11:25:42 ----RA---- C:\WINDOWS\system32\hpvcp70.dll

2008-10-22 11:25:42 ----RA---- C:\WINDOWS\system32\hpvaut32.dll

2008-10-22 11:25:05 ----D---- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-10-22 11:24:21 ----RSD---- C:\WINDOWS\assembly

2008-10-22 11:24:21 ----D---- C:\WINDOWS\Microsoft.NET

2008-10-22 11:24:20 ----D---- C:\WINDOWS\system32\URTTemp

2008-10-22 11:18:06 ----A---- C:\WINDOWS\system32\HPZisn12.dll

2008-10-22 11:18:06 ----A---- C:\WINDOWS\system32\HPZipt12.dll

2008-10-22 11:18:06 ----A---- C:\WINDOWS\system32\HPZipr12.dll

2008-10-22 11:18:06 ----A---- C:\WINDOWS\system32\HPZipm12.exe

2008-10-22 11:18:06 ----A---- C:\WINDOWS\system32\HPZinw12.exe

2008-10-22 11:18:06 ----A---- C:\WINDOWS\system32\HPZidr12.dll

2008-10-22 11:18:05 ----A---- C:\WINDOWS\IsUninst.exe

2008-10-22 10:39:36 ----D---- C:\Arquivos de programas\HP

2008-10-22 10:37:05 ----HD---- C:\Config.Msi

2008-10-21 10:21:24 ----A---- C:\WINDOWS\ultimatecd.ini

2008-10-20 23:05:31 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

2008-10-20 23:05:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-10-20 13:02:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\szaxufgz

2008-10-20 11:20:10 ----N---- C:\WINDOWS\system32\spmsg.dll

2008-10-16 19:55:10 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-10-15 21:04:23 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\JCreator

2008-10-15 21:04:23 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\JCreator

2008-10-14 12:00:55 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll

2008-10-14 11:52:07 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools

======List of files/folders modified in the last 1 months======

2008-11-13 09:10:36 ----RD---- C:\Arquivos de programas

2008-11-13 09:05:02 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-13 08:39:49 ----D---- C:\WINDOWS\Temp

2008-11-13 08:39:23 ----D---- C:\WINDOWS

2008-11-12 23:07:01 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-12 00:57:44 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-11-11 23:56:48 ----HD---- C:\WINDOWS\inf

2008-11-11 23:56:30 ----D---- C:\WINDOWS\system32\DirectX

2008-11-11 23:55:38 ----SHD---- C:\WINDOWS\Installer

2008-11-11 23:33:07 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-11 23:25:08 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-11-09 04:04:48 ----D---- C:\WINDOWS\Prefetch

2008-11-07 17:03:28 ----D---- C:\WINDOWS\system32

2008-11-03 09:40:22 ----D---- C:\WINDOWS\system32\drivers

2008-11-03 00:11:05 ----A---- C:\WINDOWS\system32\KillVBS.vbs

2008-10-28 10:10:41 ----D---- C:\Arquivos de programas\NetBeans 6.1

2008-10-27 22:44:26 ----D---- C:\Arquivos de programas\uTorrent

2008-10-25 15:46:44 ----D---- C:\WINDOWS\Debug

2008-10-23 08:45:49 ----D---- C:\WINDOWS\nview

2008-10-23 08:43:05 ----D---- C:\WINDOWS\Help

2008-10-23 08:32:30 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-10-22 13:06:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-22 13:05:42 ----D---- C:\WINDOWS\WinSxS

2008-10-22 12:56:22 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2008-10-22 12:49:18 ----SD---- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft

2008-10-22 11:27:53 ----A---- C:\WINDOWS\win.ini

2008-10-22 11:25:06 ----D---- C:\WINDOWS\Registration

2008-10-22 11:25:02 ----D---- C:\WINDOWS\system32\mui

2008-10-22 11:24:27 ----D---- C:\Arquivos de programas\Internet Explorer

2008-10-22 11:18:29 ----D---- C:\WINDOWS\twain_32

2008-10-20 12:51:26 ----D---- C:\WINDOWS\system32\Restore

2008-10-20 12:07:37 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-10-14 11:55:54 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40192]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

R3 avgntflt;avgntflt; \??\C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-08-31 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-08-07 98944]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-08-31 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2005-08-31 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2005-08-31 20480]

S3 axxxwis9;axxxwis9; C:\WINDOWS\system32\drivers\axxxwis9.sys []

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-03 17480]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-08-31 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-08-31 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2005-08-31 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-08-31 26496]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-03 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-03 151297]

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe; D:\Arquivos de programas\Ubisoft\Far Cry 2\bin\FAH.exe [2008-10-05 253952]

R2 NMSAccessU;NMSAccessU; D:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-22 66872]

R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 fsssvc;Windows Live Family Safety; C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 getPlus® Helper;getPlus® Helper; C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]

S3 UMWdf;Estrutura de Driver do Modo de Usuário do Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.04 2008-11-13 09:10:42

======Uninstall list======

-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.57-->"D:\Arquivos de programas\7-Zip\Uninstall.exe"

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}

aMSN 0.97.2-->C:\Arquivos de programas\aMSN\uninstall.exe

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Arquivo do WinRAR-->C:\Arquivos de programas\WinRAR\uninstall.exe

Avira AntiVir Personal - Free Antivirus-->C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

BS.Player PRO-->"D:\Arquivos de programas\Webteh\BSplayerPro\uninstall.exe"

Call of Duty® - World at War-->C:\Arquivos de programas\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409

CCleaner (remove only)-->"D:\Arquivos de programas\CCleaner\uninst.exe"

CDBurnerXP-->"D:\Arquivos de programas\CDBurnerXP\unins000.exe"

Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}

Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}

Far Cry 2-->"C:\Arquivos de programas\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly

Gigabyte Raid Configurer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly

Graphical Enhancement Resources 2.5-->D:\Mount&Blade\uninstall_commonres_pack.exe

Graphical Enhancement Textures 2.5-->D:\Mount&Blade\uninstall_texture_pack.exe

Guitar Pro 5.2-->"D:\Arquivos de programas\Guitar Pro 5\unins000.exe"

Hamachi 1.0.1.5-->D:\Arquivos de programas\Hamachi\uninstall.exe

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

HP Image Zone 4.2-->D:\Arquivos de programas\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 4.2-->"D:\Arquivos de programas\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}

IDE NetBeans 6.1-->"C:\Arquivos de programas\NetBeans 6.1\uninstall.exe"

iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}

J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}

Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Development Kit 6 Update 7-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160070}

JCreator LE 4.50-->"D:\Arquivos de programas\Xinox Software\JCreatorV4LE\unins000.exe"

K-Lite Mega Codec Pack 1.37-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

Last.fm 1.5.2.38918-->"C:\Arquivos de programas\Last.fm\unins000.exe"

Malwarebytes' Anti-Malware-->"D:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Manhunt-->MsiExec.exe /X{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack-->MsiExec.exe /X{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mount&Blade-->D:\Mount&Blade\uninstall.exe

Mozilla Firefox (3.0.3)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}

OpenOffice.org 3.0-->MsiExec.exe /I{92B79901-C57D-409F-8D2F-4E5337383569}

Pack Crystal Clear 1.0-->C:\WINDOWS\BricoPacks\Crystal Clear\Remove.exe

PowerISO-->"D:\Arquivos de programas\PowerISO\uninstall.exe"

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Arquivos de programas\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0416 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x416 -removeonly

rFactor (remove only)-->"D:\Arquivos de programas\rFactor\Uninstall.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Spybot - Search & Destroy-->"D:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

Windows Live Beta (all programs)-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Beta (all programs)-->MsiExec.exe /I{5D4A033A-A286-44BE-A0F0-B05FAC25D07F}

Windows Live Call-->MsiExec.exe /I{78AC782A-C708-4B21-A3A0-ECD4A3284588}

Windows Live Family Safety-->MsiExec.exe /X{3491D278-AF52-4A0E-A1F5-D1A57B4F2222}

Windows Live Messenger-->MsiExec.exe /X{B1403D7D-C725-4858-AACC-7E5FA2D72859}

Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}

======Hosts File======

127.0.0.1 localhost

0.0.0.0 acestats.com

0.0.0.0 www.acestats.com

0.0.0.0 www.activesearch.com #[Adware.ActiveSearch]

0.0.0.0 actualnames.com #[Parasite.ActualNames][spyware.ActualNames]

0.0.0.0 www.actualnames.com

0.0.0.0 ad-up.com

0.0.0.0 www.ad-up.com

0.0.0.0 adatom.com

0.0.0.0 aesp.adatom.com

======Security center information======

AV: Avira AntiVir PersonalEdition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\K-Lite Codec Pack\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-13.02 - Administrador 2008-11-15 21:59:07.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1420 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-15 to 2008-11-15 ))))))))))))))))))))))))))))

.

2008-11-13 09:10 . 2008-11-13 09:10 <DIR> d-------- C:\rsit

2008-11-13 09:10 . 2008-11-13 09:10 <DIR> d-------- c:\arquivos de programas\trend micro

2008-11-13 09:01 . 2008-11-13 09:03 <DIR> d-------- c:\documents and settings\Administrador\amsn

2008-11-13 08:59 . 2008-11-13 09:00 <DIR> d-------- c:\arquivos de programas\aMSN

2008-11-08 19:20 . 2008-11-08 19:20 <DIR> d-------- C:\LinhaDefensiva

2008-11-03 17:46 . 2008-11-03 17:46 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Canneverbe_Limited

2008-11-03 11:23 . 2008-11-03 18:43 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-03 09:28 . 2008-11-09 20:53 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Hamachi

2008-11-03 09:27 . 2008-11-03 09:40 17,480 --a------ c:\windows\system32\drivers\hamachi.sys

2008-11-03 00:10 . 2008-11-03 00:13 <DIR> d-------- c:\windows\system32\Nova pasta

2008-11-03 00:04 . 2008-11-03 00:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Avira

2008-11-03 00:04 . 2008-11-03 00:04 <DIR> d-------- c:\arquivos de programas\Avira

2008-10-28 15:53 . 2008-10-28 15:53 <DIR> d-------- c:\windows\Sun

2008-10-25 16:41 . 2008-10-25 21:47 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\BSplayer PRO

2008-10-23 08:43 . 2008-10-23 08:45 <DIR> d-------- c:\windows\NV34643468.TMP

2008-10-23 08:32 . 2008-10-23 08:32 <DIR> d-------- c:\windows\system32\AGEIA

2008-10-23 08:32 . 2008-10-23 08:34 <DIR> d-------- c:\windows\NV40284032.TMP

2008-10-23 08:32 . 2008-10-23 08:32 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-10-23 08:32 . 2008-10-23 08:32 <DIR> d-------- c:\arquivos de programas\AGEIA Technologies

2008-10-23 08:32 . 2008-09-17 09:55 201,050 --a------ c:\windows\system32\nvapps.nvb

2008-10-22 13:07 . 2008-10-22 13:07 <DIR> dr-h----- c:\documents and settings\Administrador\Dados de aplicativos\SecuROM

2008-10-22 12:57 . 2008-10-22 12:57 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2008-10-22 12:54 . 2008-11-11 23:55 682,280 --a------ c:\windows\system32\pbsvc.exe

2008-10-22 12:54 . 2008-11-15 20:23 138,464 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2008-10-22 12:54 . 2008-11-15 20:23 111,928 --a------ c:\windows\system32\PnkBstrB.exe

2008-10-22 12:54 . 2008-10-22 12:54 66,872 --a------ c:\windows\system32\PnkBstrA.exe

2008-10-22 12:54 . 2008-11-11 23:56 22,328 --a------ c:\documents and settings\Administrador\Dados de aplicativos\PnkBstrK.sys

2008-10-22 11:26 . 2008-10-22 11:26 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\HP

2008-10-22 11:25 . 2008-10-22 11:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Hewlett-Packard

2008-10-22 11:25 . 2008-10-22 11:25 <DIR> d-------- c:\arquivos de programas\Hewlett-Packard

2008-10-22 11:25 . 2008-10-22 11:25 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-10-22 11:25 . 2004-05-11 10:53 1,230,336 -ra------ c:\windows\system32\MSXML4.dll

2008-10-22 11:25 . 2004-05-11 10:53 626,960 -ra------ c:\windows\system32\hpvaut32.dll

2008-10-22 11:25 . 2004-05-11 10:53 487,424 -ra------ c:\windows\system32\hpvcp70.dll

2008-10-22 11:25 . 2004-05-11 10:53 344,064 -ra------ c:\windows\system32\hpvcr70.dll

2008-10-22 11:25 . 2004-05-11 10:53 82,432 -ra------ c:\windows\system32\MSXML4r.dll

2008-10-22 11:25 . 2004-05-11 10:53 44,544 -ra------ c:\windows\system32\MSXML4a.dll

2008-10-22 11:24 . 2008-10-22 11:24 <DIR> d-------- c:\windows\system32\URTTemp

2008-10-22 11:18 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2008-10-22 11:18 . 2004-03-18 16:53 278,584 --a------ c:\windows\system32\HPZidr12.dll

2008-10-22 11:18 . 2004-03-18 16:56 204,800 --a------ c:\windows\system32\HPZipr12.dll

2008-10-22 11:18 . 2004-03-18 16:39 94,208 --a------ c:\windows\system32\HPZipt12.dll

2008-10-22 11:18 . 2004-03-18 16:55 65,536 --a------ c:\windows\system32\HPZipm12.exe

2008-10-22 11:18 . 2004-03-18 16:38 61,440 --a------ c:\windows\system32\HPZinw12.exe

2008-10-22 11:18 . 2004-03-18 16:39 57,344 --a------ c:\windows\system32\HPZisn12.dll

2008-10-22 11:18 . 2004-06-21 15:40 51,088 -ra------ c:\windows\system32\drivers\hpzid412.sys

2008-10-22 11:18 . 2004-06-21 15:40 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys

2008-10-22 11:18 . 2004-06-21 15:40 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2008-10-22 11:18 . 2005-08-31 05:11 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-10-22 10:39 . 2008-10-22 11:25 <DIR> d-------- c:\arquivos de programas\HP

2008-10-22 10:34 . 2008-10-22 11:28 104,311 --a------ c:\windows\hpoins04.dat

2008-10-22 10:34 . 2004-06-21 15:40 17,176 --------- c:\windows\hpomdl04.dat

2008-10-22 10:33 . 2005-08-31 05:11 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2008-10-22 10:33 . 2005-08-31 05:11 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-10-21 10:21 . 2008-11-03 17:34 31 --a------ c:\windows\ultimatecd.ini

2008-10-20 23:05 . 2008-10-20 23:05 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2008-10-20 23:05 . 2008-10-20 23:05 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2008-10-20 23:05 . 2008-10-16 20:25 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-20 23:05 . 2008-10-16 20:25 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-10-20 13:02 . 2008-10-20 23:31 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\szaxufgz

2008-10-16 19:55 . 2008-10-16 20:00 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic

2008-10-15 21:04 . 2008-10-15 21:04 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\JCreator

2008-10-15 21:04 . 2008-10-15 21:04 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\JCreator

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 02:17 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\uTorrent

2008-11-12 01:25 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-10-28 12:10 --------- d-----w c:\arquivos de programas\NetBeans 6.1

2008-10-28 00:44 --------- d-----w c:\arquivos de programas\uTorrent

2008-10-14 14:01 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll

2008-10-14 13:55 --------- d-----w c:\arquivos de programas\Arquivos comuns\InstallShield

2008-10-14 13:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-10-14 13:52 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools

2008-10-11 16:01 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NexonUS

2008-10-09 14:19 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\OpenOffice.org

2008-10-09 14:18 --------- d-----w c:\arquivos de programas\Sun

2008-10-09 14:18 --------- d-----w c:\arquivos de programas\OpenOffice.org 3

2008-10-07 12:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NOS

2008-10-07 12:18 --------- d-----w c:\arquivos de programas\NOS

2008-10-06 14:31 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Last.fm

2008-10-06 14:31 --------- d-----w c:\arquivos de programas\iTunes

2008-10-06 14:30 --------- d-----w c:\arquivos de programas\Last.fm

2008-10-06 13:19 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-06 13:19 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Apple Computer

2008-10-06 13:18 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2008-10-06 13:18 --------- d-----w c:\arquivos de programas\iPod

2008-10-06 13:18 --------- d-----w c:\arquivos de programas\Bonjour

2008-10-06 13:18 --------- d-----w c:\arquivos de programas\Apple Software Update

2008-10-06 13:17 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Apple

2008-10-06 13:17 --------- d-----w c:\arquivos de programas\Arquivos comuns\Apple

2008-10-06 13:08 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\AdobeUM

2008-10-06 12:56 --------- d-----w c:\arquivos de programas\Java

2008-10-06 01:28 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Mount&Blade

2008-10-06 01:00 40,083 ----a-w c:\windows\BricoPackUninst.cmd

2008-10-06 01:00 4,839 ----a-w c:\windows\BricoPackFoldersDelete.cmd

2008-10-06 01:00 219,648 ----a-w c:\windows\system32\uxtheme.dll

2008-10-06 00:41 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-06 00:41 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-06 00:40 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-10-06 00:21 15,600 ----a-w c:\windows\gdrv.sys

2008-10-06 00:19 315,392 ----a-w c:\windows\HideWin.exe

2008-10-06 00:19 --------- d-----w c:\arquivos de programas\Realtek

2008-10-06 00:16 --------- d-----w c:\arquivos de programas\Intel

2008-10-05 18:22 --------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2008-10-05 17:53 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-10-05 15:35 --------- d-----w c:\arquivos de programas\K-Lite Codec Pack

2008-10-05 15:34 --------- d-----w c:\arquivos de programas\Arquivos comuns\Adobe

2008-10-05 15:33 --------- d-----w c:\arquivos de programas\Arquivos comuns\Java

2008-10-05 15:30 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-09-26 16:15 11,701,480 ----a-w c:\windows\46131.exe

2008-09-16 23:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2008-09-09 03:03 51,712 ----a-w c:\windows\system32\sirenacm.dll

2008-09-04 11:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe

2008-08-29 13:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 12:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-29 10:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"RocketDock"="c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 344064]

"46131"="C:\WINDOWS/46131.exe" [2008-09-26 11701480]

"DAEMON Tools Lite"="d:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"SpybotSD TeaTimer"="d:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"Steam"="d:\steam\Steam.exe" [2008-11-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\arquivos de programas\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"HP Software Update"="d:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]

"HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"PWRISOVM.EXE"="d:\arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]

"avgnt"="c:\arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

RocketDock.lnk - c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 344064]

UberIcon.lnk - c:\windows\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 180224]

Y'z Shadow.lnk - c:\windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 131072]

Y'z Toolbar.lnk - c:\windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 90112]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - d:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]

Inicializa‡Æo r pida do HP Image Zone.lnk - d:\arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"d:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"d:\\Arquivos de programas\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"d:\\Arquivos de programas\\rFactor\\rFactor.exe"=

"d:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"d:\\Arquivos de programas\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Arquivos de programas\\aMSN\\bin\\wish.exe"=

R2 FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe;FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe;d:\arquivos de programas\Ubisoft\Far Cry 2\bin\FAH.exe -svcstart []

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-05 56344]

S3 fsssvc;Windows Live Family Safety;"c:\arquivos de programas\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]

S3 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-10-07 33752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345d7325-a916-11dd-9512-001a4d78d891}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

*Newly Created Service* - PROCEXP90

.

- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ba79lvyj.default\

FF -: plugin - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ba79lvyj.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll

FF -: plugin - c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 22:00:02

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@D:+Arquivos de programas+Ubisoft+Far Cry 2+bin+FAH.exe]

.

Tempo para conclusão: 2008-11-15 22:00:28

ComboFix-quarantined-files.txt 2008-11-16 00:00:24

Pré-execução: 833.597.440 bytes disponíveis

Pós execução: 833,687,552 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

245

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Vá até 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:

    • C:\WINDOWS/46131.exe

[*] Clique no botão 688godt.jpg

[*] O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.

[*] Copie e cole esse resultado, juntamente com novo log do HijackThis.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×