Logo Hardware.com.br
adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas

Por favor, análise de log

#1 Por adrianasocor... 07/05/2010 - 20:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:49, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Mixer.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Documents and Settings\All Users\Dados de aplicativos\9b4d3a3\MS9b4d.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 173.232.149.92 www.google.com
O1 - Hosts: 173.232.149.92 google.com
O1 - Hosts: 173.232.149.92 google.com.au
O1 - Hosts: 173.232.149.92 www.google.com.au
O1 - Hosts: 173.232.149.92 google.be
O1 - Hosts: 173.232.149.92 www.google.be
O1 - Hosts: 173.232.149.92 google.com.br
O1 - Hosts: 173.232.149.92 www.google.com.br
O1 - Hosts: 173.232.149.92 google.ca
O1 - Hosts: 173.232.149.92 www.google.ca
O1 - Hosts: 173.232.149.92 google.ch
O1 - Hosts: 173.232.149.92 www.google.ch
O1 - Hosts: 173.232.149.92 google.de
O1 - Hosts: 173.232.149.92 www.google.de
O1 - Hosts: 173.232.149.92 google.dk
O1 - Hosts: 173.232.149.92 www.google.dk
O1 - Hosts: 173.232.149.92 google.fr
O1 - Hosts: 173.232.149.92 www.google.fr
O1 - Hosts: 173.232.149.92 google.ie
O1 - Hosts: 173.232.149.92 www.google.ie
O1 - Hosts: 173.232.149.92 google.it
O1 - Hosts: 173.232.149.92 www.google.it
O1 - Hosts: 173.232.149.92 google.co.jp
O1 - Hosts: 173.232.149.92 www.google.co.jp
O1 - Hosts: 173.232.149.92 google.nl
O1 - Hosts: 173.232.149.92 www.google.nl
O1 - Hosts: 173.232.149.92 google.no
O1 - Hosts: 173.232.149.92 www.google.no
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: (no name) - {015931DA-D53E-4EA5-9AF2-499D77F630F5} - C:\WINDOWS\system32\xkbtjano.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {695FE551-6A29-416E-B780-E39B05288643} - c:\windows\system32\sfleymt.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\cmd32.exe
O4 - HKLM\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [My Security Engine] "C:\Documents and Settings\All Users\Dados de aplicativos\9b4d3a3\MS9b4d.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: tunestory.com - {D104757D-9536-4a1b-9FA8-4DD5B44AC981} - http://www.tunestor.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201133454382
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\
O20 - Winlogon Notify: nsifdqyz - C:\WINDOWS\SYSTEM32\sfleymt.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 12394 bytes
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#2 Por Wings
07/05/2010 - 20:47
Boa noite....


1.
*Baixe o HostsXpert e salve-o no desktop
*Extraia para o desktop e execute-o.
*Clique em > [Restore Microsoft's Hosts File]

2.
*Baixe o MalwareBytes Anti-malware e salve-o no desktop
*Instale o programa
*Se alguma atualização existir,o download será automático. Aguarde...
*O programa será aberto automaticamente.
*Na aba [Verificação], selecione a opção [Verificação completa]
*Clique em [Verificar] e selecione as unidades a serem examinadas
*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [SIM] > [OK] > [Mostrar Resultados]
*Clique em [Remover Selecionados]
*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.
*Cole-o na sua próxima resposta
adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#3 Por adrianasocor...
07/05/2010 - 21:45
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da Base de Dados: 4076
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/5/2010 21:38:41
mbam-log-2010-05-07 (21-38-41).txt
Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 217156
Tempo decorrido: 38 minuto(s), 49 segundo(s)
Processos de Memória Infectados: 0
Módulos de Memória Infectados: 2
Chaves de Registro Infectadas: 777
Valores de Registro Infectados: 16
Itens de Dados no Registro Infectados: 10
Pastas Infectadas: 3
Arquivos Infectados: 25
Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)
Módulos de Memória Infectados:
C:\WINDOWS\system32\xkbtjano.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sfleymt.dll (Trojan.Vundo.H) -> Delete on reboot.
Chaves de Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{695fe551-6a29-416e-b780-e39b05288643} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nsifdqyz (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{695fe551-6a29-416e-b780-e39b05288643} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{015931da-d53e-4ea5-9af2-499d77f630f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{015931da-d53e-4ea5-9af2-499d77f630f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{015931da-d53e-4ea5-9af2-499d77f630f5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\primoadsforyou.primoadsforyou (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\primoadsforyou.primoadsforyou.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xsyvqwtw (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{695fe551-6a29-416e-b780-e39b05288643} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{695fe551-6a29-416e-b780-e39b05288643} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#4 Por adrianasocor...
07/05/2010 - 21:49
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aavgapi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aawtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ad-aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aluschedulersvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashavast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#6 Por adrianasocor...
07/05/2010 - 22:16
Arquivos Infectados:
c:\WINDOWS\system32\sfleymt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xkbtjano.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\seki\Configurações locais\Temp\packupdate_build106_231.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Arquivos de programas\PLAY_MP3.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgwcyna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wina278.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\seki\Dados de aplicativos\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\157.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\157.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\158.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\158.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\159.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\159.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\160.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\160.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\161.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\162.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\163.music.wma.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemService32\164.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\seki\Dados de aplicativos\My Security Engine\Instructions.ini (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\seki\Desktop\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\seki\Menu Iniciar\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\seki\Menu Iniciar\Programas\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\9b4d3a3\MS9b4d.exe (Rogue.MySecurityEngine) -> Delete on reboot.
C:\WINDOWS\taskmon.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#8 Por adrianasocor...
07/05/2010 - 22:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:37, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 173.232.149.92 www.google.com
O1 - Hosts: 173.232.149.92 google.com
O1 - Hosts: 173.232.149.92 google.com.au
O1 - Hosts: 173.232.149.92 www.google.com.au
O1 - Hosts: 173.232.149.92 google.be
O1 - Hosts: 173.232.149.92 www.google.be
O1 - Hosts: 173.232.149.92 google.com.br
O1 - Hosts: 173.232.149.92 www.google.com.br
O1 - Hosts: 173.232.149.92 google.ca
O1 - Hosts: 173.232.149.92 www.google.ca
O1 - Hosts: 173.232.149.92 google.ch
O1 - Hosts: 173.232.149.92 www.google.ch
O1 - Hosts: 173.232.149.92 google.de
O1 - Hosts: 173.232.149.92 www.google.de
O1 - Hosts: 173.232.149.92 google.dk
O1 - Hosts: 173.232.149.92 www.google.dk
O1 - Hosts: 173.232.149.92 google.fr
O1 - Hosts: 173.232.149.92 www.google.fr
O1 - Hosts: 173.232.149.92 google.ie
O1 - Hosts: 173.232.149.92 www.google.ie
O1 - Hosts: 173.232.149.92 google.it
O1 - Hosts: 173.232.149.92 www.google.it
O1 - Hosts: 173.232.149.92 google.co.jp
O1 - Hosts: 173.232.149.92 www.google.co.jp
O1 - Hosts: 173.232.149.92 google.nl
O1 - Hosts: 173.232.149.92 www.google.nl
O1 - Hosts: 173.232.149.92 google.no
O1 - Hosts: 173.232.149.92 www.google.no
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {695FE551-6A29-416E-B780-E39B05288643} - c:\windows\system32\sfleymt.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\cmd32.exe
O4 - HKLM\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: tunestory.com - {D104757D-9536-4a1b-9FA8-4DD5B44AC981} - http://www.tunestor.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201133454382
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\
O20 - Winlogon Notify: nsifdqyz - sfleymt.dll (file missing)
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 12048 bytes
adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#9 Por adrianasocor...
07/05/2010 - 22:38
Logfile of random's system information tool 1.07 (written by random/random)
Run by seki at 2010-05-07 22:37:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (30%) free of 156 GB
Total RAM: 1022 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:37:28, on 7/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\seki\Desktop\RSIT.exe
C:\Arquivos de programas\trend micro\seki.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 173.232.149.92 www.google.com
O1 - Hosts: 173.232.149.92 google.com
O1 - Hosts: 173.232.149.92 google.com.au
O1 - Hosts: 173.232.149.92 www.google.com.au
O1 - Hosts: 173.232.149.92 google.be
O1 - Hosts: 173.232.149.92 www.google.be
O1 - Hosts: 173.232.149.92 google.com.br
O1 - Hosts: 173.232.149.92 www.google.com.br
O1 - Hosts: 173.232.149.92 google.ca
O1 - Hosts: 173.232.149.92 www.google.ca
O1 - Hosts: 173.232.149.92 google.ch
O1 - Hosts: 173.232.149.92 www.google.ch
O1 - Hosts: 173.232.149.92 google.de
O1 - Hosts: 173.232.149.92 www.google.de
O1 - Hosts: 173.232.149.92 google.dk
O1 - Hosts: 173.232.149.92 www.google.dk
O1 - Hosts: 173.232.149.92 google.fr
O1 - Hosts: 173.232.149.92 www.google.fr
O1 - Hosts: 173.232.149.92 google.ie
O1 - Hosts: 173.232.149.92 www.google.ie
O1 - Hosts: 173.232.149.92 google.it
O1 - Hosts: 173.232.149.92 www.google.it
O1 - Hosts: 173.232.149.92 google.co.jp
O1 - Hosts: 173.232.149.92 www.google.co.jp
O1 - Hosts: 173.232.149.92 google.nl
O1 - Hosts: 173.232.149.92 www.google.nl
O1 - Hosts: 173.232.149.92 google.no
O1 - Hosts: 173.232.149.92 www.google.no
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {695FE551-6A29-416E-B780-E39B05288643} - c:\windows\system32\sfleymt.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\cmd32.exe
O4 - HKLM\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKLM\..\Run: [fssui] "C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [mswinupdate.exe] C:\WINDOWS\mswinupdate.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: tunestory.com - {D104757D-9536-4a1b-9FA8-4DD5B44AC981} - http://www.tunestor.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201133454382
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\
O20 - Winlogon Notify: nsifdqyz - sfleymt.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 12356 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCConfidential.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{695FE551-6A29-416E-B780-E39B05288643}]
c:\windows\system32\sfleymt.dll [2008-04-14 102912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-02 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-02 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Barra de Ferramentas do Yahoo! com bloqueador de pop-up - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-02 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"=Mixer.exe /startup []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-08 7340032]
"nwiz"=nwiz.exe /install []
"LogitechCommunicationsManager"=C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"cmd32"=C:\WINDOWS\cmd32.exe []
"mswinupdate.exe"=C:\WINDOWS\mswinupdate.exe []
"fssui"=C:\Arquivos de programas\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"QuickTime Task"=C:\Arquivos de programas\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Arquivos de programas\iTunes\iTunesHelper.exe [2009-09-08 305440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-08 86016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"mswinupdate.exe"=C:\WINDOWS\mswinupdate.exe []
"Pando Media Booster"=C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe [2010-02-16 2937528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Arquivos de programas\iTunes\iTunesHelper.exe [2009-09-08 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Arquivos de programas\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Arquivos de programas\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^seki^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk]
C:\ARQUIV~1\BROFFI~1.4\program\QUICKS~1.EXE [2008-01-21 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2
"ose"=3
"LVSrvLauncher"=2
"LVPrcSrv"=2
"LVCOMSer"=2
"iPod Service"=3
"IDriverT"=3
"gusvc"=3
"Bonjour Service"=2
"Apple Mobile Device"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-01-14 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nsifdqyz]
C:\WINDOWS\system32\sfleymt.dll [2008-04-14 102912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmd32.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Arquivos de programas\Windows Live\Messenger\wlcstart.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcstart.exe:*:Enabled:Windows Live Call Beta"
"C:\Arquivos de programas\Windows Live\Photo Gallery\WLXPhotoGallery.exe"="C:\Arquivos de programas\Windows Live\Photo Gallery\WLXPhotoGallery.exe:*:Enabled:Windows Live Galeria de Fotos Beta"
"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Arquivos de programas\eMule\emule.exe"="C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule"
"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Arquivos de programas\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Arquivos de programas\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Arquivos de programas\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Arquivos de programas\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Arquivos de programas\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Arquivos de programas\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe"="C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\All Users\Dados de aplicativos\9b4d3a3\MS9b4d.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\9b4d3a3\MS9b4d.exe:*:Enabled:My Security Engine"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2010-05-07 22:35:26 ----D---- C:\rsit
2010-05-07 20:55:58 ----D---- C:\Documents and Settings\seki\Dados de aplicativos\Malwarebytes
2010-05-07 20:55:48 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2010-05-07 17:45:16 ----SHD---- C:\Documents and Settings\All Users\Dados de aplicativos\MSDEMDQZJCE
2010-05-07 17:44:47 ----SHD---- C:\Documents and Settings\All Users\Dados de aplicativos\9b4d3a3
2010-05-06 22:01:34 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-05-06 22:01:34 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-05-06 20:07:44 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-24 12:17:21 ----D---- C:\Documents and Settings\seki\Dados de aplicativos\funkitron
======List of files/folders modified in the last 1 months======
2010-05-07 22:37:05 ----D---- C:\Arquivos de programas\Trend Micro
2010-05-07 22:04:24 ----D---- C:\WINDOWS\TEMP
2010-05-07 22:02:26 ----D---- C:\WINDOWS\system32\drivers
2010-05-07 22:01:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-07 21:56:58 ----SHD---- C:\System Volume Information
2010-05-07 21:56:58 ----D---- C:\WINDOWS\system32\Restore
2010-05-07 21:38:41 ----D---- C:\WINDOWS\system32
2010-05-07 21:38:40 ----RD---- C:\Arquivos de programas
2010-05-07 21:38:40 ----D---- C:\WINDOWS
2010-05-07 20:12:07 ----D---- C:\WINDOWS\Help
2010-05-07 19:53:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-07 19:53:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-07 19:53:42 ----A---- C:\WINDOWS\imsins.BAK
2010-05-07 19:52:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-07 19:38:50 ----D---- C:\Documents and Settings
2010-05-07 18:48:01 ----A---- C:\WINDOWS\wininit.ini
2010-05-07 17:49:14 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-06 22:20:09 ----HD---- C:\WINDOWS\inf
2010-05-06 22:15:06 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy
2010-05-06 22:02:07 ----SHD---- C:\WINDOWS\Installer
2010-05-06 21:57:34 ----D---- C:\WINDOWS\ie8updates
2010-05-06 21:53:04 ----SD---- C:\WINDOWS\Tasks
2010-05-06 21:50:02 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-06 20:39:52 ----D---- C:\Arquivos de programas\CyberLink
2010-05-06 20:39:50 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2010-05-06 20:37:07 ----D---- C:\Arquivos de programas\Castle Creations
2010-05-06 20:13:19 ----SHD---- C:\RECYCLER
2010-05-06 20:11:27 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-25 12:34:09 ----D---- C:\WINDOWS\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 irda;Protocolo IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NAVAPEL;NAVAPEL; \??\C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-06-11 379150]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-05-19 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-08 3611168]
R3 Rasirda;Miniporta de rede remota (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-09-06 6912]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 cmd32.sys;cmd32.sys; \??\C:\WINDOWS\system32\cmd32.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Arquivos de programas\MediaCoder iPhone Edition\SysInfo.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\ARQUIV~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVAP;NAVAP; \??\C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20090417.007\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20090417.007\NAVEX15.sys []
S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2009-05-19 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DefWatch;DefWatch; C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [2003-01-14 32768]
R2 Irmon;Monitor de infravermelho; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-08 143426]
R2 SeaPort;SeaPort; C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gupdate;Google Update Service (gupdate); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-02 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Serviço Windows Live Proteção para a Família; C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-02 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Norton AntiVirus Server;Symantec AntiVirus Client; C:\Arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [2003-01-14 581632]
S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LVCOMSer;LVCOMSer; C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
S4 LVPrcSrv;Process Monitor; C:\Arquivos de programas\Arquivos comuns\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S4 LVSrvLauncher;LVSrvLauncher; C:\Arquivos de programas\Arquivos comuns\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#10 Por igoreso
07/05/2010 - 23:47
Olá Adriana,
Enquanto colega Wings está off.
Etapa 1
*Baixe o USBFix e salve-o no desktop.
http://chiquitine.changelog.fr/UsbFix.exe
*Desative temporariamente seu antivírus
*Espete o Pendrive no PC
*Duplo clique em UsbFix
*Tecle P > [ENTER]
*Tecle 1 > [ENTER] e aguarde o término
*Remova o Pendrive
*Cole o relatório criado em C:\UsbFix.txt

Etapa 2
  • Baixe o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop.

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivírus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Duplo clique no ícone que está no desktop.
  • Imagem
  • Leia e aceite as condições, digitando 1 e enter.
  • Computadores com Windows XP deverão instalar o Console de Recuperação:
  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
  • O ComboFix será executado, por favor seja paciente e aguarde.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.
  • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua resposta.
  • OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como xcxc12.cmd . Neste caso, nomeie-o como xcxc12.cmd durante o salvamento e não após salvá-lo!
    Imagem
  • Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;
  • OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.
  • * Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".
  • * Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";
Leia esse tutorial o cole o log na resposta:
http://sites.google.com/site/desinfetar/combofix

Etapa 3
*Baixe o HostsXpert e salve-o no desktop
*Extraia para o desktop e execute-o.
*Clique em > [Restore Microsoft's Hosts File]
Cole um novo log RSIT.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#11 Por adrianasocor...
08/05/2010 - 15:07
############################## | UsbFix V6.111 |
User : seki (Administradores) # ADMINSEKI
Update on 03/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:33:27 | 8/5/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : [EMAIL="FindyKill.Contact@gmail.com"]FindyKill.Contact@gmail.com[/EMAIL]
Intel(R) Pentium(R) 4 CPU 3.40GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : My Security Engine [ Enabled | Updated ]
FW : My Security Engine[ Enabled ]
A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 152,66 Go (45,66 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco CD-ROM
F:\ -> Disco removível # 967,22 Mo (949,28 Mo free) # FAT
################## | Ficheiros # pastas infeciosos |
C:\DOCUME~1\seki\CONFIG~1\DADOSD~1\695FE551-6A29-416E-B780-E39B05288643.txt
################## | Registro |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "cmd32"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
################## | Mountpoints2 |

################## | Vaccin |
(!) Este computador não é vacinada!
################## | ! Fim do relatório # UsbFix V6.111 ! |

ComboFix 10-05-07.07 - seki 08/05/2010 14:41:01.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.632 [GMT -3:00]
Executando de: c:\documents and settings\seki\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3\33.mof
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3\MSE.ico
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3\MSESys\vd952342.bd
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579C.manifest
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579O.manifest
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579P.manifest
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579S.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579C.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579O.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579P.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579S.manifest
c:\documents and settings\seki\Recent\ANTIGEN.sys
c:\documents and settings\seki\Recent\CLSV.dll
c:\documents and settings\seki\Recent\eb.tmp
c:\documents and settings\seki\Recent\energy.drv
c:\documents and settings\seki\Recent\exec.dll
c:\documents and settings\seki\Recent\exec.exe
c:\documents and settings\seki\Recent\fix.dll
c:\documents and settings\seki\Recent\FS.tmp
c:\documents and settings\seki\Recent\FW.sys
c:\documents and settings\seki\Recent\grid.sys
c:\documents and settings\seki\Recent\grid.tmp
c:\documents and settings\seki\Recent\kernel32.tmp
c:\documents and settings\seki\Recent\PE.drv
c:\documents and settings\seki\Recent\PE.exe
c:\documents and settings\seki\Recent\SICKBOY.dll
c:\documents and settings\seki\Recent\SICKBOY.drv
c:\documents and settings\seki\Recent\SICKBOY.exe
c:\documents and settings\seki\Recent\snl2w.dll
c:\documents and settings\seki\Recent\tempdoc.dll
c:\documents and settings\seki\Recent\tempdoc.tmp
c:\documents and settings\seki\Recent\tjd.sys
c:\windows\system32\drivers\dciusxow.sys
c:\windows\system32\drivers\myxlzmcj.sys
c:\windows\system32\rgwcyna.dll
c:\windows\system32\sfleymt.dll
c:\windows\system32\xkbtjano.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_DCIUSXOW
-------\Service_dciusxow

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-08 to 2010-05-08 ))))))))))))))))))))))))))))
.
2010-05-08 17:32 . 2010-05-08 17:34 -------- d-----w- C:\UsbFix
2010-05-08 01:35 . 2010-05-08 01:36 -------- d-----w- C:\rsit
2010-05-07 23:55 . 2010-05-07 23:55 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\Malwarebytes
2010-05-07 23:55 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:55 . 2010-05-07 23:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-05-07 23:55 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 20:45 . 2010-05-07 20:45 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MSDEMDQZJCE
2010-05-07 01:20 . 2009-05-19 06:43 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-07 01:01 . 2009-12-09 10:03 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-07 01:01 . 2009-12-09 10:02 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-07 00:58 . 2009-05-19 06:43 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-04-24 15:17 . 2010-04-24 15:17 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\funkitron
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 01:37 . 2008-03-20 00:30 -------- d-----w- c:\arquivos de programas\Trend Micro
2010-05-07 01:15 . 2008-01-24 01:05 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2010-05-06 23:39 . 2008-01-24 01:36 -------- d-----w- c:\arquivos de programas\CyberLink
2010-05-06 23:39 . 2008-01-23 23:53 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-05-06 23:37 . 2010-01-30 22:01 -------- d-----w- c:\arquivos de programas\Castle Creations
2010-04-25 15:53 . 2010-01-18 17:13 220 ----a-w- c:\windows\popcinfo.dat
2010-04-10 16:07 . 2010-01-22 15:11 32 ----a-w- c:\windows\popcinfot.dat
2010-04-08 00:21 . 2010-01-17 06:04 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\Ulead Systems
2010-04-07 23:49 . 2010-01-17 06:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems
2010-04-07 23:46 . 2010-04-07 23:46 -------- d-----w- c:\arquivos de programas\Windows Media Components
2010-04-07 23:40 . 2010-04-07 23:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ulead Systems
2010-04-07 23:39 . 2010-04-07 23:39 -------- d-----w- c:\arquivos de programas\Ulead Systems
2010-04-03 02:43 . 2008-01-24 01:58 -------- d-----w- c:\arquivos de programas\Google
2010-03-25 22:57 . 2008-12-16 20:16 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\BrOffice.org2
2010-03-25 22:50 . 2008-12-16 20:18 1 ----a-w- c:\documents and settings\seki\Dados de aplicativos\BrOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-10 06:16 . 2009-03-07 20:03 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 14:39 . 2010-02-16 22:03 1223063961 ----a-w- c:\arquivos de programas\Grand_chase_Season_2_setup.exe
2010-02-25 06:17 . 2009-03-07 20:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:32 . 2004-08-04 12:00 79370 ----a-w- c:\windows\system32\perfc016.dat
2010-02-24 14:32 . 2004-08-04 12:00 468440 ----a-w- c:\windows\system32\perfh016.dat
2010-02-24 13:16 . 2010-02-24 18:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 21:49 . 2010-02-16 21:49 1618104 ----a-w- c:\arquivos de programas\GrandChaseSeason2Downloader.exe
2010-02-06 12:18 . 2010-02-06 12:18 1956528 ----a-w- c:\arquivos de programas\install_flash_player_10_active_x.exe
2010-01-30 22:00 . 2010-01-30 21:11 9104711 ----a-w- c:\arquivos de programas\CastleLinkInstall_3241.exe
2010-01-21 15:59 . 2009-08-02 02:44 1154384 ----a-w- c:\arquivos de programas\wlsetup-custom.exe
2010-01-18 00:33 . 2009-10-03 21:08 7680 --sha-w- c:\arquivos de programas\Thumbs.db
2010-01-17 20:14 . 2010-01-17 20:14 1924200 ----a-w- c:\arquivos de programas\install_flash_player.exe
2010-01-17 10:39 . 2010-01-17 10:38 170203312 ----a-w- c:\arquivos de programas\VideoSpin_2_0_Setup.exe
2010-01-17 05:31 . 2010-01-17 05:31 752266 ----a-w- c:\arquivos de programas\Vpw100e.exe
2010-01-17 05:28 . 2010-01-17 05:28 109568 ----a-w- c:\arquivos de programas\Vplay-e.exe
2010-01-16 14:32 . 2010-01-16 14:32 3786104 ----a-w- c:\arquivos de programas\drivermax.exe
2010-01-15 17:58 . 2010-01-15 17:57 29429327 ----a-w- c:\arquivos de programas\8310_all.exe
2009-09-13 21:09 . 2009-09-13 21:09 9880664 ----a-w- c:\arquivos de programas\everestultimate502.exe
2009-09-13 14:14 . 2009-09-13 14:14 43696 ----a-w- c:\arquivos de programas\sis_20usb.ZIP
2009-09-13 14:04 . 2009-09-13 14:04 1795605 ----a-w- c:\arquivos de programas\Drive MP4 M116.zip
2009-06-27 14:53 . 2008-02-07 23:58 2403344 ----a-w- c:\arquivos de programas\WLinstaller.exe
2009-04-04 21:09 . 2009-04-04 21:09 11452 ----a-w- c:\arquivos de programas\Relatorio.pdf
2009-04-04 21:05 . 2009-04-04 21:05 43083040 ----a-w- c:\arquivos de programas\AdbeRdr910_en_US_Std.exe
2009-04-01 23:58 . 2009-04-01 23:58 12348104 ----a-w- c:\arquivos de programas\WDVIEWER.EXE
2009-01-31 19:57 . 2009-01-31 19:57 4586616 ----a-w- c:\arquivos de programas\radarsync_wdn.exe
2008-12-29 22:51 . 2008-12-29 22:51 47104 ----a-w- c:\arquivos de programas\Anexo3IN6062006.doc
2008-12-27 01:23 . 2008-12-27 01:23 25423624 ----a-w- c:\arquivos de programas\creativity_mmfull.exe
2008-12-21 15:53 . 2008-12-21 15:53 27288880 ----a-w- c:\arquivos de programas\QuickTimeInstaller.exe
2008-12-21 14:10 . 2008-12-21 14:10 7348512 ----a-w- c:\arquivos de programas\Firefox Setup 3.0.5.exe
2008-12-21 13:47 . 2008-12-21 13:47 12963300 ----a-w- c:\arquivos de programas\MediaCoder-iPhone-0.6.2.4217.exe
2008-12-21 13:34 . 2008-12-21 13:34 507161 ----a-w- c:\arquivos de programas\SetupiPhoneBrowser.1.81.zip
2008-05-18 15:24 . 2008-05-18 15:23 4502280 ----a-w- c:\arquivos de programas\LimeWireWin.exe
2008-02-23 15:21 . 2008-02-23 15:21 870435 ----a-w- c:\arquivos de programas\meerca_chase.exe
2008-02-23 15:15 . 2008-02-23 15:15 911406 ----a-w- c:\arquivos de programas\skeith_day_2004.exe
2008-02-09 02:16 . 2008-02-09 02:16 19812040 ----a-w- c:\arquivos de programas\setupporpro.exe
.
------- Sigcheck -------
[-] 2009-05-19 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-02-16 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-06-12 1495040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"nwiz"="nwiz.exe" [2005-12-08 1519616]
"LogitechCommunicationsManager"="c:\arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-08 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmd32.sys]
@="cmd32"
[HKLM\~\startupfolder\C:^Documents and Settings^seki^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk]
path=c:\documents and settings\seki\Menu Iniciar\Programas\Inicializar\BrOffice.org 2.4.lnk
backup=c:\windows\pss\BrOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 20:10 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-09 00:09 305440 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 18:37 2178832 ----a-w- c:\arquivos de programas\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 04:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 07:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-06 00:32 68856 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcstart.exe"=
"c:\\Arquivos de programas\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40465:TCP"= 40465:TCP:@xpsp2res.dll,-22009
"10012:TCP"= 10012:TCP:@xpsp2res.dll,-22009
"50964:TCP"= 50964:TCP:@xpsp2res.dll,-22009
"22041:TCP"= 22041:TCP:@xpsp2res.dll,-22009
"50957:TCP"= 50957:TCP:@xpsp2res.dll,-22009
"4639:TCP"= 4639:TCP:@xpsp2res.dll,-22009
"31761:TCP"= 31761:TCP:@xpsp2res.dll,-22009
"49180:TCP"= 49180:TCP:@xpsp2res.dll,-22009
"32787:TCP"= 32787:TCP:@xpsp2res.dll,-22009
"60190:TCP"= 60190:TCP:@xpsp2res.dll,-22009
"44052:TCP"= 44052:TCP:@xpsp2res.dll,-22009
"20764:TCP"= 20764:TCP:@xpsp2res.dll,-22009
"57141:TCP"= 57141:TCP:Pando Media Booster
"57141:UDP"= 57141:UDP:Pando Media Booster
"10524:TCP"= 10524:TCP:@xpsp2res.dll,-22009
S1 cmd32.sys;cmd32.sys;c:\windows\system32\cmd32.sys [17/9/2008 21:30 0]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2/4/2010 23:43 135664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - DCIUSXOW
*Deregistered* - dciusxow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xsyvqwtw
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-03 02:43]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-03 02:43]
.
.
------- Scan Suplementar -------
.
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{D104757D-9536-4a1b-9FA8-4DD5B44AC981} - http://www.tunestor.com/redirect.php
Trusted Zone: google.com.br\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{695FE551-6A29-416E-B780-E39B05288643} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{2DC947E8-8FA8-4EBB-B667-0315CC397898} - (no file)
HKCU-Run-mswinupdate.exe - c:\windows\mswinupdate.exe
HKLM-Run-cmd32 - c:\windows\cmd32.exe
HKLM-Run-mswinupdate.exe - c:\windows\mswinupdate.exe
HKU-Default-Run-mswinupdate.exe - c:\windows\mswinupdate.exe
Notify-nsifdqyz - (no file)
MSConfigStartUp-Picasa Media Detector - c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 14:51
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer.exe'(408)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\Mixer.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-05-08 14:55:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-05-08 17:55
ComboFix2.txt 2008-03-23 15:29
ComboFix3.txt 2008-03-23 15:10
Pré-execução: 17 pasta(s) 51.447.136.256 bytes disponíveis
Pós execução: 19 pasta(s) 125.030.645.760 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3A8216851B853C64F728B4B58846F6FA
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#12 Por igoreso
08/05/2010 - 17:22
Olá adrianasocorro,a53.gif

Estamos quase terminando o processo mas algumas etapas faltam. Voce sabe me dizer se Google redireciona para outros sites?

Siga as etapas abaixo:
Etapa 1

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro da codebox. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.
NetSvcs::
xsyvqwtw

File::
c:\windows\system32\cmd32.sys
d:\ntglm7x.sys


Driver::
SetupNTGLM7X
cmd32.sys

DDS::
IE: {{D104757D-9536-4a1b-9FA8-4DD5B44AC981} - http://www.tunestor.com/redirect.php
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
Trusted Zone: google.com.br\www


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40465:TCP"=-
"10012:TCP"=-
"50964:TCP"=-
"22041:TCP"=-
"50957:TCP"=-
"4639:TCP"=-
"31761:TCP"=-
"49180:TCP"=-
"32787:TCP"=-
"60190:TCP"=-
"44052:TCP"=-
"20764:TCP"=-
"10524:TCP"=-
Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.
Imagem

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.
Cole o relatório criado em C:\combofix.txt

Etapa 2
Faça o download SystemLook de um dos links abaixo e salve-o em seu Desktop.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
Imagem
SystemLook.exe duplo clique para executá-lo.
Copiar o conteúdo do codebox a seguir para o campo de texto principal:
:file
sfcfiles.dll
Clique no botão Procurar para iniciar a análise.
Quando terminar, uma janela abrirá o Bloco de notas com os resultados da verificação. Por favor, post esse log na sua próxima resposta.
Nota: O registro também pode ser encontrado em seu desktop intitulado SystemLook.txt.

Etapa 3
Faça o download do Gmer e salve no seu Desktop.
  • Descompacte o zip o para uma pasta própria.
Imagem



  • Feito isso, desligue o PC da Internet e feche todos os programas.

  • Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:

    Clique com o direito do mouse sobre o arquivo e depois clique em
    [LEFT]
Imagem

Existe uma pequena hipótese de esta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto. Clique duas vezes em:
Imagem


  • Configure o Gmer conforme a figura abaixo:

  • Se lhe for perguntado, permita que o driver gmer.sys seja rodado.

  • Se receber um aviso acerca de atividade de rootkit e se quer fazer um scan clique em NO.

  • Clique nas setas ao lado de Rootkit/Malware

  • No lado direito (debaixo de file, desmarque todos os drives exceto o seu disco, usualmente o C:\).

  • Certifique-se que todas as outras caixas, do lado direito do ecrã estejam marcadas, EXCETO para Show All

  • Clique em Scan e aguarde que o scan seja efetuado.

  • Nota: Antes do scan, certifique-se que todos os outros programas estejam fechados. Também não use o computador durante o scan.

  • Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha Novo e depois -> Documento de Texto.

  • Ao ter criado o arquivo, abra-o e novamente botão direito do mouse clique Colar ou Ctrl+V.

  • Salve o arquivo como gmer.txt e poste o conteúdo em sua próxima resposta.

  • Nota: Caso tenha problemas, tente executar o GMER em Modo Seguro
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#13 Por adrianasocor...
08/05/2010 - 21:19
ComboFix 10-05-07.07 - seki 08/05/2010 14:41:01.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.632 [GMT -3:00]
Executando de: c:\documents and settings\seki\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3\33.mof
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3\MSE.ico
c:\documents and settings\All Users\Dados de aplicativos\9b4d3a3\MSESys\vd952342.bd
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579C.manifest
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579O.manifest
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579P.manifest
c:\documents and settings\malukinha\Dados de aplicativos\020000006cbe5489579S.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579C.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579O.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579P.manifest
c:\documents and settings\seki\Dados de aplicativos\020000006cbe5489579S.manifest
c:\documents and settings\seki\Recent\ANTIGEN.sys
c:\documents and settings\seki\Recent\CLSV.dll
c:\documents and settings\seki\Recent\eb.tmp
c:\documents and settings\seki\Recent\energy.drv
c:\documents and settings\seki\Recent\exec.dll
c:\documents and settings\seki\Recent\exec.exe
c:\documents and settings\seki\Recent\fix.dll
c:\documents and settings\seki\Recent\FS.tmp
c:\documents and settings\seki\Recent\FW.sys
c:\documents and settings\seki\Recent\grid.sys
c:\documents and settings\seki\Recent\grid.tmp
c:\documents and settings\seki\Recent\kernel32.tmp
c:\documents and settings\seki\Recent\PE.drv
c:\documents and settings\seki\Recent\PE.exe
c:\documents and settings\seki\Recent\SICKBOY.dll
c:\documents and settings\seki\Recent\SICKBOY.drv
c:\documents and settings\seki\Recent\SICKBOY.exe
c:\documents and settings\seki\Recent\snl2w.dll
c:\documents and settings\seki\Recent\tempdoc.dll
c:\documents and settings\seki\Recent\tempdoc.tmp
c:\documents and settings\seki\Recent\tjd.sys
c:\windows\system32\drivers\dciusxow.sys
c:\windows\system32\drivers\myxlzmcj.sys
c:\windows\system32\rgwcyna.dll
c:\windows\system32\sfleymt.dll
c:\windows\system32\xkbtjano.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_DCIUSXOW
-------\Service_dciusxow

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-08 to 2010-05-08 ))))))))))))))))))))))))))))
.
2010-05-08 17:32 . 2010-05-08 17:34 -------- d-----w- C:\UsbFix
2010-05-08 01:35 . 2010-05-08 01:36 -------- d-----w- C:\rsit
2010-05-07 23:55 . 2010-05-07 23:55 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\Malwarebytes
2010-05-07 23:55 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 23:55 . 2010-05-07 23:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-05-07 23:55 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 20:45 . 2010-05-07 20:45 -------- d-sh--w- c:\documents and settings\All Users\Dados de aplicativos\MSDEMDQZJCE
2010-05-07 01:20 . 2009-05-19 06:43 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-07 01:01 . 2009-12-09 10:03 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-07 01:01 . 2009-12-09 10:02 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-07 00:58 . 2009-05-19 06:43 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-04-24 15:17 . 2010-04-24 15:17 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\funkitron
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 01:37 . 2008-03-20 00:30 -------- d-----w- c:\arquivos de programas\Trend Micro
2010-05-07 01:15 . 2008-01-24 01:05 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy
2010-05-06 23:39 . 2008-01-24 01:36 -------- d-----w- c:\arquivos de programas\CyberLink
2010-05-06 23:39 . 2008-01-23 23:53 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2010-05-06 23:37 . 2010-01-30 22:01 -------- d-----w- c:\arquivos de programas\Castle Creations
2010-04-25 15:53 . 2010-01-18 17:13 220 ----a-w- c:\windows\popcinfo.dat
2010-04-10 16:07 . 2010-01-22 15:11 32 ----a-w- c:\windows\popcinfot.dat
2010-04-08 00:21 . 2010-01-17 06:04 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\Ulead Systems
2010-04-07 23:49 . 2010-01-17 06:03 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems
2010-04-07 23:46 . 2010-04-07 23:46 -------- d-----w- c:\arquivos de programas\Windows Media Components
2010-04-07 23:40 . 2010-04-07 23:39 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ulead Systems
2010-04-07 23:39 . 2010-04-07 23:39 -------- d-----w- c:\arquivos de programas\Ulead Systems
2010-04-03 02:43 . 2008-01-24 01:58 -------- d-----w- c:\arquivos de programas\Google
2010-03-25 22:57 . 2008-12-16 20:16 -------- d-----w- c:\documents and settings\seki\Dados de aplicativos\BrOffice.org2
2010-03-25 22:50 . 2008-12-16 20:18 1 ----a-w- c:\documents and settings\seki\Dados de aplicativos\BrOffice.org2\user\uno_packages\cache\stamp.sys
2010-03-10 06:16 . 2009-03-07 20:03 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 14:39 . 2010-02-16 22:03 1223063961 ----a-w- c:\arquivos de programas\Grand_chase_Season_2_setup.exe
2010-02-25 06:17 . 2009-03-07 20:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:32 . 2004-08-04 12:00 79370 ----a-w- c:\windows\system32\perfc016.dat
2010-02-24 14:32 . 2004-08-04 12:00 468440 ----a-w- c:\windows\system32\perfh016.dat
2010-02-24 13:16 . 2010-02-24 18:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 21:49 . 2010-02-16 21:49 1618104 ----a-w- c:\arquivos de programas\GrandChaseSeason2Downloader.exe
2010-02-06 12:18 . 2010-02-06 12:18 1956528 ----a-w- c:\arquivos de programas\install_flash_player_10_active_x.exe
2010-01-30 22:00 . 2010-01-30 21:11 9104711 ----a-w- c:\arquivos de programas\CastleLinkInstall_3241.exe
2010-01-21 15:59 . 2009-08-02 02:44 1154384 ----a-w- c:\arquivos de programas\wlsetup-custom.exe
2010-01-18 00:33 . 2009-10-03 21:08 7680 --sha-w- c:\arquivos de programas\Thumbs.db
2010-01-17 20:14 . 2010-01-17 20:14 1924200 ----a-w- c:\arquivos de programas\install_flash_player.exe
2010-01-17 10:39 . 2010-01-17 10:38 170203312 ----a-w- c:\arquivos de programas\VideoSpin_2_0_Setup.exe
2010-01-17 05:31 . 2010-01-17 05:31 752266 ----a-w- c:\arquivos de programas\Vpw100e.exe
2010-01-17 05:28 . 2010-01-17 05:28 109568 ----a-w- c:\arquivos de programas\Vplay-e.exe
2010-01-16 14:32 . 2010-01-16 14:32 3786104 ----a-w- c:\arquivos de programas\drivermax.exe
2010-01-15 17:58 . 2010-01-15 17:57 29429327 ----a-w- c:\arquivos de programas\8310_all.exe
2009-09-13 21:09 . 2009-09-13 21:09 9880664 ----a-w- c:\arquivos de programas\everestultimate502.exe
2009-09-13 14:14 . 2009-09-13 14:14 43696 ----a-w- c:\arquivos de programas\sis_20usb.ZIP
2009-09-13 14:04 . 2009-09-13 14:04 1795605 ----a-w- c:\arquivos de programas\Drive MP4 M116.zip
2009-06-27 14:53 . 2008-02-07 23:58 2403344 ----a-w- c:\arquivos de programas\WLinstaller.exe
2009-04-04 21:09 . 2009-04-04 21:09 11452 ----a-w- c:\arquivos de programas\Relatorio.pdf
2009-04-04 21:05 . 2009-04-04 21:05 43083040 ----a-w- c:\arquivos de programas\AdbeRdr910_en_US_Std.exe
2009-04-01 23:58 . 2009-04-01 23:58 12348104 ----a-w- c:\arquivos de programas\WDVIEWER.EXE
2009-01-31 19:57 . 2009-01-31 19:57 4586616 ----a-w- c:\arquivos de programas\radarsync_wdn.exe
2008-12-29 22:51 . 2008-12-29 22:51 47104 ----a-w- c:\arquivos de programas\Anexo3IN6062006.doc
2008-12-27 01:23 . 2008-12-27 01:23 25423624 ----a-w- c:\arquivos de programas\creativity_mmfull.exe
2008-12-21 15:53 . 2008-12-21 15:53 27288880 ----a-w- c:\arquivos de programas\QuickTimeInstaller.exe
2008-12-21 14:10 . 2008-12-21 14:10 7348512 ----a-w- c:\arquivos de programas\Firefox Setup 3.0.5.exe
2008-12-21 13:47 . 2008-12-21 13:47 12963300 ----a-w- c:\arquivos de programas\MediaCoder-iPhone-0.6.2.4217.exe
2008-12-21 13:34 . 2008-12-21 13:34 507161 ----a-w- c:\arquivos de programas\SetupiPhoneBrowser.1.81.zip
2008-05-18 15:24 . 2008-05-18 15:23 4502280 ----a-w- c:\arquivos de programas\LimeWireWin.exe
2008-02-23 15:21 . 2008-02-23 15:21 870435 ----a-w- c:\arquivos de programas\meerca_chase.exe
2008-02-23 15:15 . 2008-02-23 15:15 911406 ----a-w- c:\arquivos de programas\skeith_day_2004.exe
2008-02-09 02:16 . 2008-02-09 02:16 19812040 ----a-w- c:\arquivos de programas\setupporpro.exe
.
------- Sigcheck -------
[-] 2009-05-19 . 1D01C384F3BA123EB6F09769DEA005AC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Pando Media Booster"="c:\arquivos de programas\Pando Networks\Media Booster\PMB.exe" [2010-02-16 2937528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-06-12 1495040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"nwiz"="nwiz.exe" [2005-12-08 1519616]
"LogitechCommunicationsManager"="c:\arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"fssui"="c:\arquivos de programas\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-08 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]
@="beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmd32.sys]
@="cmd32"
[HKLM\~\startupfolder\C:^Documents and Settings^seki^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk]
path=c:\documents and settings\seki\Menu Iniciar\Programas\Inicializar\BrOffice.org 2.4.lnk
backup=c:\windows\pss\BrOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 20:10 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-09 00:09 305440 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 18:37 2178832 ----a-w- c:\arquivos de programas\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 13:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 04:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 07:27 144784 ----a-w- c:\arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-06 00:32 68856 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcstart.exe"=
"c:\\Arquivos de programas\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"=
"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Arquivos de programas\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40465:TCP"= 40465:TCP:@xpsp2res.dll,-22009
"10012:TCP"= 10012:TCP:@xpsp2res.dll,-22009
"50964:TCP"= 50964:TCP:@xpsp2res.dll,-22009
"22041:TCP"= 22041:TCP:@xpsp2res.dll,-22009
"50957:TCP"= 50957:TCP:@xpsp2res.dll,-22009
"4639:TCP"= 4639:TCP:@xpsp2res.dll,-22009
"31761:TCP"= 31761:TCP:@xpsp2res.dll,-22009
"49180:TCP"= 49180:TCP:@xpsp2res.dll,-22009
"32787:TCP"= 32787:TCP:@xpsp2res.dll,-22009
"60190:TCP"= 60190:TCP:@xpsp2res.dll,-22009
"44052:TCP"= 44052:TCP:@xpsp2res.dll,-22009
"20764:TCP"= 20764:TCP:@xpsp2res.dll,-22009
"57141:TCP"= 57141:TCP:Pando Media Booster
"57141:UDP"= 57141:UDP:Pando Media Booster
"10524:TCP"= 10524:TCP:@xpsp2res.dll,-22009
S1 cmd32.sys;cmd32.sys;c:\windows\system32\cmd32.sys [17/9/2008 21:30 0]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2/4/2010 23:43 135664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - DCIUSXOW
*Deregistered* - dciusxow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xsyvqwtw
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-03 02:43]
2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-03 02:43]
.
.
------- Scan Suplementar -------
.
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{D104757D-9536-4a1b-9FA8-4DD5B44AC981} - http://www.tunestor.com/redirect.php
Trusted Zone: google.com.br\www
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{695FE551-6A29-416E-B780-E39B05288643} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
WebBrowser-{2DC947E8-8FA8-4EBB-B667-0315CC397898} - (no file)
HKCU-Run-mswinupdate.exe - c:\windows\mswinupdate.exe
HKLM-Run-cmd32 - c:\windows\cmd32.exe
HKLM-Run-mswinupdate.exe - c:\windows\mswinupdate.exe
HKU-Default-Run-mswinupdate.exe - c:\windows\mswinupdate.exe
Notify-nsifdqyz - (no file)
MSConfigStartUp-Picasa Media Detector - c:\arquivos de programas\Picasa2\PicasaMediaDetector.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 14:51
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'explorer.exe'(408)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\Mixer.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-05-08 14:55:28 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-05-08 17:55
ComboFix2.txt 2008-03-23 15:29
ComboFix3.txt 2008-03-23 15:10
Pré-execução: 17 pasta(s) 51.447.136.256 bytes disponíveis
Pós execução: 19 pasta(s) 125.030.645.760 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 3A8216851B853C64F728B4B58846F6FA

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:17 on 08/05/2010 by seki (Administrator - Elevation successful)
========== file ==========
sfcfiles.dll - Unable to find/read file.
-=End Of File=-

Olá Igoreso,

Muito obrigada pela ajuda, e agora respondendo sua pergunta acima, o Google não está redirecionando para outros sites, aparece o nome de um site de pesquisa GALA directory, qdo procuro algo no Google.
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#14 Por igoreso
08/05/2010 - 22:17
adrianasocorro disse:
Olá Igoreso,

Muito obrigada pela ajuda, e agora respondendo sua pergunta acima, o Google não está redirecionando para outros sites, aparece o nome de um site de pesquisa GALA directory, qdo procuro algo no Google.

Voce leu as instruções que postei para realizar CFscript e Gmer?Voce recolou o log do Combofix anterior e realeze as etapas acima! Assim fica dificil ajudar!daa.png
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

adrianasocorro
adrianasocor... Novo Membro Registrado
13 Mensagens 0 Curtidas
#15 Por adrianasocor...
08/05/2010 - 23:24
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-08 23:20:56
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\seki\CONFIG~1\Temp\awldipog.sys

---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6440360, 0x2154AD, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4037466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 405046DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 405045A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 405047A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 4040DB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[1908] ole32.dll!OleLoadFromStream 77509C85 5 Bytes JMP 40504AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe[2280] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 405046DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 405045A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 405047A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3276] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 40335505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 40409A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 403FD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4040DAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4037466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4050473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 40504671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 405046DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 40504542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 405045A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 405047A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 40504606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 4040DB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3324] ole32.dll!OleLoadFromStream 77509C85 5 Bytes JMP 40504AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
© 1999-2025 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal