Logo Hardware.com.br
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas

[Resolvido] Avira acusando virus direto...

#1 Por oswaldobass 23/05/2009 - 09:29
Olá pessoal, há duas semanas comprei um mini notebook da Acer, desinstalei o antivirus que veio nele e instalei o Avira; quando atualizei e fiz o primeiro escaneamento ele começou a acusar um Trojan em WINDOWS\Wplugin.dll.

Recentemente instalei o msn plus junto com um plugin que mostra na mensagem pessoal quem tá on line, com quem to conversando... é esse o problema?

Quando mando pra quarentena ou excluo, não abre nem o Windows live messenger, nem o google chrome e se ignoro, obviamente toda vez que ligo aparece a notificação do Avira...

Ai os log's do hijackthis e do Malwarebites' anti-malware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:20:19, on 23/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Paty\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Program Files\Puxa Rápido\IEBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Filter: x-sdch - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 7212 bytes


Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2161
Windows 5.1.2600 Service Pack 3

21/5/2009 04:34:31
mbam-log-2009-05-21 (04-34-31).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 129492
Tempo decorrido: 38 minute(s), 35 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 2
Chaves do Registro infectadas: 5
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 8

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
C:\Documents and Settings\Paty\Application Data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\Documents and Settings\All Users\Application Data\Partner\partner.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Paty\Application Data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP24\A0006788.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP25\A0006811.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP26\A0006966.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP28\A0007036.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Agradeço a ajuda bom_trabalho.gif
windows instalei notebook semanas virus mini acusando avira wplugin
Responder
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#46 Por Wings
30/05/2009 - 00:40
OK...desinstale a ferramenta da Microsoft no Adicionar/Remover programas.

1.
*Desative temporariamente seu antivírus
*Baixe o ComboFix e salve-o no desktop
*Feche o Internet Explorer e o Windows Explorer
*Duplo-clique no arquivo Combofix.exe e aguarde o início
*Aceite o contrato
*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado, pois seu desktop ficará em branco!!...Para interromper o procedimento tecle [N]
*Ao final do procedimento, o programa será fechado automaticamente e será mostrado um relatório
*Cole o relatório criado em C:\combofix.txt
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#47 Por oswaldobass
30/05/2009 - 01:00
ComboFix 09-05-29.01 - Paty 29/05/2009 22:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.686 [GMT -3:00]
Running from: c:\documents and settings\Paty\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ws2help.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 01:57 . 2009-05-30 01:57 110592 ----a-w c:\documents and settings\Paty\Application Data\Wplugin.dll
2009-05-29 06:32 . 2009-05-29 01:11 110592 ----a-w c:\windows\Wplugin.dll
2009-05-28 22:56 . 2009-05-28 22:56 -------- d-----w c:\program files\Microsoft
2009-05-28 17:07 . 2009-05-28 17:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-28 16:26 . 2009-03-30 13:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-28 16:26 . 2009-02-13 15:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-28 16:26 . 2009-02-13 15:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w c:\program files\Avira
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-27 21:37 . 2009-05-28 02:04 1462304 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-27 21:35 . 2009-05-27 21:31 40622552 ----a-w c:\program files\setup_7.0.0.290_28.05.2009_01-30.exe
2009-05-27 20:45 . 2009-05-27 20:45 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-25 23:27 . 2009-05-26 05:29 -------- d-----w c:\documents and settings\Paty\DoctorWeb
2009-05-25 23:27 . 2009-05-26 00:26 -------- d-----w c:\program files\DrWeb
2009-05-25 22:21 . 2009-05-25 22:24 -------- d-----w C:\HostsXpert
2009-05-25 21:40 . 2009-05-25 21:40 -------- d-----w c:\program files\Zylom Games
2009-05-25 21:40 . 2009-05-25 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-05-25 21:40 . 2009-03-24 14:10 114688 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-05-25 21:40 . 2006-12-12 20:07 161976 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-05-25 18:59 . 2009-05-25 18:59 -------- d-----w c:\program files\FormatFactory
2009-05-23 19:09 . 2009-05-23 19:09 -------- d-----w c:\program files\iPod
2009-05-23 19:08 . 2009-05-23 19:09 -------- d-----w c:\program files\iTunes
2009-05-23 19:08 . 2009-05-23 19:09 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 19:07 . 2009-05-23 19:07 -------- d-----w c:\program files\Bonjour
2009-05-23 18:37 . 2009-05-28 18:01 172515 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-23 17:41 . 2009-05-23 17:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-23 17:00 . 2009-05-23 17:02 -------- d-----w C:\Shutdown
2009-05-21 22:22 . 2009-05-21 22:22 55200 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-21 21:57 . 2009-05-29 08:38 -------- d---a-w C:\Protectorx
2009-05-21 06:50 . 2009-05-27 14:18 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-21 06:49 . 2009-05-21 07:09 -------- d-----w c:\documents and settings\Paty\Application Data\IObit
2009-05-21 06:49 . 2009-05-21 06:49 -------- d-----w c:\program files\IObit
2009-05-21 06:48 . 2009-05-21 06:48 -------- d-----w c:\documents and settings\Paty\Application Data\Malwarebytes
2009-05-21 06:48 . 2009-05-26 16:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 06:48 . 2009-05-26 16:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 06:48 . 2009-05-21 06:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-21 06:48 . 2009-05-27 14:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 22:08 . 2009-03-24 19:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-19 21:02 . 2009-05-19 21:02 -------- d-----w c:\documents and settings\Paty\Application Data\Media Player Classic
2009-05-18 19:35 . 2008-04-14 12:00 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-18 19:34 . 2009-05-18 19:34 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-18 19:33 . 2009-05-18 19:34 -------- d-----w C:\addf7175d814a8b805d53384ac5b
2009-05-18 19:33 . 2009-05-18 19:33 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-17 22:03 . 2009-05-17 22:03 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\WMTools Downloaded Files
2009-05-17 17:37 . 2009-05-17 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-17 17:35 . 2009-05-17 17:36 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-17 15:03 . 2003-11-04 18:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-05-17 15:03 . 2004-01-12 05:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-05-17 08:19 . 2009-05-17 08:19 -------- d-----w c:\documents and settings\Paty\Application Data\Desktopicon
2009-05-17 08:18 . 2009-05-17 08:18 -------- d-----w c:\program files\DsNET Corp
2009-05-16 20:18 . 2009-05-29 09:39 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Ares
2009-05-16 20:18 . 2009-05-16 20:18 -------- d-----w c:\program files\Ares
2009-05-16 12:30 . 2009-05-28 21:10 -------- d-----w c:\program files\Puxa Rápido
2009-05-13 21:27 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-13 15:00 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-13 14:27 . 2009-05-28 15:18 -------- d-----w c:\documents and settings\Paty\Application Data\Skype
2009-05-13 14:27 . 2009-05-13 14:27 -------- d-----r c:\program files\Skype
2009-05-13 14:27 . 2009-05-13 14:27 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-13 14:23 . 2009-05-13 14:23 -------- d-----w c:\documents and settings\Paty\Application Data\VoipRaider
2009-05-13 14:12 . 2009-05-13 14:12 -------- d-----w c:\program files\VoipRaider.com
2009-05-13 14:12 . 2008-10-16 17:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-13 14:12 . 2008-10-16 17:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-12 21:26 . 2009-05-12 21:27 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Deployment
2009-05-12 16:55 . 2008-04-14 08:41 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-12 16:55 . 2008-04-14 08:41 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-12 16:55 . 2008-04-14 12:00 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-12 16:55 . 2008-04-14 12:00 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-12 16:55 . 2008-04-14 03:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-05-12 16:55 . 2008-04-14 03:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-05-12 15:37 . 2009-05-29 22:13 -------- d-----w c:\documents and settings\Paty\Tracing
2009-05-11 23:04 . 2009-05-18 19:33 -------- d-----w c:\windows\system32\LogFiles
2009-05-11 22:33 . 2009-05-21 00:56 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Adobe
2009-05-11 15:19 . 2009-05-11 23:46 -------- d-----w c:\documents and settings\Paty\Application Data\Apple Computer
2009-05-11 15:19 . 2009-03-19 19:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-11 15:19 . 2008-04-17 15:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-11 15:19 . 2009-05-11 15:19 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-05-11 15:17 . 2009-05-11 15:18 -------- d-----w c:\program files\QuickTime
2009-05-11 15:17 . 2009-05-11 15:19 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-11 15:17 . 2009-05-11 15:17 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Apple
2009-05-11 15:17 . 2009-05-11 15:17 -------- d-----w c:\program files\Apple Software Update
2009-05-11 15:17 . 2009-03-06 02:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-11 15:17 . 2009-03-06 02:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-11 15:16 . 2009-05-23 19:09 -------- d-----w c:\program files\Common Files\Apple
2009-05-11 15:16 . 2009-05-11 15:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-11 15:15 . 2009-05-11 15:15 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Apple Computer
2009-05-11 15:12 . 2009-05-13 15:22 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-05-11 15:11 . 2008-04-14 12:00 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-11 13:14 . 2009-05-28 01:23 -------- d-----w c:\documents and settings\All Users\Application Data\Partner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 22:57 . 2009-03-12 06:11 -------- d-----w c:\program files\Windows Live
2009-05-28 18:05 . 2009-02-04 16:56 172515 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
2009-05-28 18:05 . 2008-09-12 19:44 1835491 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash\pt-BR\weddingdash.exe
2009-05-28 18:05 . 2009-04-21 18:05 2175459 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\fitnessdash\pt-BR\fitnessdash.exe
2009-05-28 02:04 . 2009-05-27 21:37 18212 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-28 01:33 . 2008-10-28 16:20 183779 ----a-w c:\documents and settings\Paty\Application Data\Desktopicon\eBayShortcuts.exe
2009-05-22 16:46 . 2009-03-12 05:56 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-22 16:28 . 2009-03-12 05:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 21:29 . 2009-05-13 21:26 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-13 15:34 . 2009-03-12 05:59 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 17:33 . 2009-05-11 13:13 60664 ----a-w c:\documents and settings\Paty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 16:30 . 2009-03-12 06:06 -------- d-----w c:\program files\Google
2009-04-21 18:05 . 2009-04-21 18:05 49152 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\fitnessdash\pt-BR\ZylomAdapter.dll
2009-03-29 09:14 . 2009-03-12 05:07 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 09:01 . 2008-09-09 10:51 2423 ----a-w c:\windows\CLEANUP.CMD
2009-03-19 19:32 . 2009-03-19 19:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-12 06:37 . 2009-05-28 17:50 60664 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 05:06 . 2009-03-12 05:06 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-09 05:45 . 2009-03-12 05:56 16 ----a-w c:\windows\system32\drivers\rtkhdaud.dat
2009-03-06 14:22 . 2009-03-11 12:53 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 08:53 . 2009-03-03 08:53 413696 ----a-w c:\windows\system32\Acer.scr
2009-03-03 00:18 . 2009-03-11 12:53 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 05:03 . 2009-03-04 03:03 38912 ----a-w c:\windows\system32\drivers\l1c51x86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VoipRaider"="c:\program files\VoipRaider.com\VoipRaider\VoipRaider.exe" [2008-12-08 9016112]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-12 24064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-12 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=
"c:\\Program Files\\Puxa Rápido\\PuxaRapido.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Protectorx\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/5/2009 13:26 108289]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [12/3/2009 03:32 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/3/2009 00:03 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29/3/2009 06:00 145408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/3/2009 02:56 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/3/2009 03:06 24064]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 VirtualDK;VirtualDK;c:\documents and settings\Paty\Desktop\tentativa\usb_prep8\vdk.sys [21/5/2009 12:13 16283]
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-31143968-3153008980-2320958936-1005.job
- c:\documents and settings\Paty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-12 01:14]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tribalwars.com.br/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/search?q=gripe&hl=en&sourceid=gd&rls=ACAW,ACAW:2009-19,ACAW:en&aq=t
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-05-30 22:58
ComboFix-quarantined-files.txt 2009-05-30 01:58

Pre-Run: 122.343.178.240 bytes free
Post-Run: 122.490.634.240 bytes free

220 --- E O F --- 2009-05-21 16:22
endoidei.gif
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#48 Por Wings
30/05/2009 - 01:13
OK...não vi nada de serviço da McAfee.

Foi removido o arquivo que vc se queixou.

1.
*Clique em [Iniciar] > [Executar] > digite: ComboFix /u
*Clique [OK]

Imagem

*Delete a pasta C:\Qoobox e o arquivo C:\combofix.txt, se ainda existirem.

2.
*Baixe o OTScanIt e salve-o no desktop
*Feche o Internet Explorer
*Desative o seu antivírus temporariamente
*Duplo clique em OTScanIt.exe para instalar
*Na pasta OTScanIt, dê duplo clique em OTScanIt.exe
*Selecione as opções:
-Processes => "No Microsoft"
-Services => "No Microsoft"
-Drivers => "No Microsoft"
-Registry => "No Microsoft"
-File String Search => "No Microsoft"
-Rootkit search => "Yes"
-Files Created Within => "60 days"
-Files Modified Within => "60 days"
*Clique em [Run Scan] e aguarde. Ao finalizar o processo será mostrado um relatório no bloco de notas chamado OTScanIt.txt. Copie-o e cole-o na sua próxima resposta.
Obs. Caso fique extenso, anexe-o ao fórum, seja sob a forma .txt ou .zip
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#49 Por oswaldobass
30/05/2009 - 01:43 


OTScanIt logfile created on: 29/5/2009 23:40:08

OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\Paty\Desktop\OTScanIt

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: d/M/yyyy

 

1013,88 Mb Total Physical Memory | 684,21 Mb Available Physical Memory | 67,49% Memory free

2,39 Gb Paging File | 2,15 Gb Available in Paging File | 90,16% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 142,05 Gb Total Space | 116,20 Gb Free Space | 81,80% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: OSWALDO

Current User Name: Paty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On



[Processes - Non-Microsoft Only]

rs_service.exe -> %ProgramFiles%\Acer\Acer VCM\RS_Service.exe -> Acer Incorporated [Ver = 4, 0, 3001, 8484 | Size = 237568 bytes | Modified Date = 5/2/2009 12:14:56 | Attr =    ]



[Win32 Services - Non-Microsoft Only]

(RS_Service) Raw Socket Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer VCM\RS_Service.exe -> Acer Incorporated [Ver = 4, 0, 3001, 8484 | Size = 237568 bytes | Modified Date = 5/2/2009 12:14:56 | Attr =    ]



[Driver Services - Non-Microsoft Only]

(Ambfilt) Ambfilt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Ambfilt.sys -> Creative [Ver = 5.10.00.4240 | Size = 1684736 bytes | Modified Date = 5/8/2008 09:10:12 | Attr =    ]

(AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\athw.sys -> Atheros Communications, Inc. [Ver = 7.6.1.221 | Size = 1346464 bytes | Modified Date = 30/12/2008 08:02:32 | Attr =    ]

(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 1, 3, 0, 0 | Size = 16896 bytes | Modified Date = 8/12/2004 03:10:00 | Attr =    ]

(DritekPortIO) Dritek General Port I/O [Kernel | System | Running] -> %ProgramFiles%\Launch Manager\DPortIO.sys -> Dritek System Inc. [Ver = 12, 23, 0, 2005 | Size = 20112 bytes | Modified Date = 2/11/2006 10:27:36 | Attr =    ]

(int15.sys) int15.sys [Kernel | On_Demand | Stopped] -> %SystemDrive%\acernb\int15.sys -> File not found

(L1c) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\l1c51x86.sys -> Atheros Communications, Inc. [Ver = 1.0.0.16 built by: WinDDK | Size = 38912 bytes | Modified Date = 2/3/2009 02:03:46 | Attr =    ]

(M3000Srv) USB2.0 UVC WebCam Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\M3000KNT.sys ->  [Ver = 1.0.0.1 | Size = 145408 bytes | Modified Date = 2/1/2009 22:33:54 | Attr =    ]

(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 14/4/2008 09:00:00 | Attr =    ]

(RSUSBSTOR) RTS5121.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\RTS5121.sys -> File not found

(Rts516xIR) Realtek IR Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Rts516xIR.sys -> File not found

(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 14/4/2008 09:00:00 | Attr =    ]

(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics Incorporated [Ver = 12.2.2 05Feb09 | Size = 205232 bytes | Modified Date = 5/2/2009 07:33:04 | Attr =    ]

(USBCCID) Realtek Smartcard Reader Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Rts5161ccid.sys -> File not found

(VirtualDK) VirtualDK [Kernel | On_Demand | Stopped] -> %UserProfile%\Desktop\tentativa\usb_prep8\vdk.sys -> Ken Kato [Ver = 3.1 | Size = 16283 bytes | Modified Date = 10/11/2003 13:48:00 | Attr =    ]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

avgnt -> %ProgramFiles%\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> Avira GmbH [Ver = 9.00.00.12 | Size = 209153 bytes | Modified Date = 2/3/2009 13:08:47 | Attr =    ]

Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.808.7150 | Size = 24064 bytes | Modified Date = 12/3/2009 03:06:28 | Attr =    ]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.6 (1292) | Size = 413696 bytes | Modified Date = 5/1/2009 16:18:48 | Attr =    ]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

ares -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> Ares Development Group [Ver = 2.1.1.3035 | Size = 1004544 bytes | Modified Date = 3/2/2009 10:22:18 | Attr =    ]

swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 11/5/2009 10:13:43 | Attr =    ]

VoipRaider -> %ProgramFiles%\VoipRaider.com\VoipRaider\VoipRaider.exe ["C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized] -> VoipRaider [Ver = 4, 2, 533, 0 | Size = 9016112 bytes | Modified Date = 8/12/2008 15:10:00 | Attr =    ]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Acer VCM.lnk -> %ProgramFiles%\Acer\Acer VCM\AcerVCM.exe -> Acer Incorporated [Ver = 4.00.3006 | Size = 565248 bytes | Modified Date = 11/2/2009 19:46:28 | Attr =    ]

< Paty Startup Folder > -> C:\Documents and Settings\Paty\Start Menu\Programs\Startup -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/4/2008 09:00:00 | Attr =    ]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/4/2008 09:00:00 | Attr =    ]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/4/2008 09:00:00 | Attr =    ]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) | Size = 8461312 bytes | Modified Date = 17/6/2008 16:02:19 | Attr =    ]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/4/2008 09:00:00 | Attr =    ]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4926 | Size = 208896 bytes | Modified Date = 14/2/2008 19:45:40 | Attr =    ]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> -> 

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 12/3/2009 02:07:49 | Attr =    ]

< HOSTS File > (698 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

127.0.0.1 localhost

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.tribalwars.com.br/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1569 domain(s) found. -> 

8 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 75128 bytes | Modified Date = 12/6/2008 02:33:16 | Attr =    ]

{5C255C8A-E604-49b4-9D64-90988571CECB} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{6EF05952-B48D-4944-AA91-57A6A1A48EF8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Puxa Rápido\IEBHO.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 95744 bytes | Modified Date = 18/7/2006 23:46:22 | Attr =    ]

{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> Google Inc. [Ver = 6, 1, 1518, 856 | Size = 259696 bytes | Modified Date = 12/5/2009 12:33:41 | Attr =    ]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 5, 1, 1309, 3572 | Size = 668656 bytes | Modified Date = 12/5/2009 13:30:39 | Attr =    ]

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> Google Inc. [Ver = 1, 0, 610, 27482 | Size = 470512 bytes | Modified Date = 12/5/2009 12:33:38 | Attr =    ]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> Google Inc. [Ver = 6, 1, 1518, 856 | Size = 259696 bytes | Modified Date = 12/5/2009 12:33:41 | Attr =    ]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> Google Inc. [Ver = 6, 1, 1518, 856 | Size = 259696 bytes | Modified Date = 12/5/2009 12:33:41 | Attr =    ]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{0C08B29C-5715-4501-9744-5E95923CD719} ->    (Atheros AR5007EG Wireless Network Adapter) -> 

{789B787A-FF78-417C-AE48-10C86FD35D2A} ->    (Atheros AR8132 PCI-E Fast Ethernet Controller) -> 

{D1BBDEA0-FB81-44C9-8D25-5F16C80C0F22} ->    () -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,6,2 | Size = 147456 bytes | Modified Date = 12/12/2008 11:11:44 | Attr =    ]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Acer\Acer VCM\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 31, 0 | Size = 1942824 bytes | Modified Date = 2/7/2008 21:35:16 | Attr =    ]

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://fdl.msn.com/public/chat/msnchat45.cab[MSN Chat Control 4.5] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\\.Owner -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 







[Files/Folders - Created Within 60 days]

addf7175d814a8b805d53384ac5b -> %SystemDrive%\addf7175d814a8b805d53384ac5b ->  [Folder | Created Date = 18/5/2009 16:33:20 | Attr =    ]

Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 20/5/2009 01:35:53 | Attr =  HS]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063198720 bytes | Created Date = 29/5/2009 17:38:43 | Attr =  HS]

HostsXpert -> %SystemDrive%\HostsXpert ->  [Folder | Created Date = 25/5/2009 19:21:41 | Attr =    ]

Protectorx -> %SystemDrive%\Protectorx ->  [Folder | Created Date = 21/5/2009 18:57:23 | Attr =    ]

Shutdown -> %SystemDrive%\Shutdown ->  [Folder | Created Date = 23/5/2009 14:00:04 | Attr =    ]

fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 1462304 bytes | Created Date = 27/5/2009 18:37:06 | Attr =  HS]

fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 18212 bytes | Created Date = 27/5/2009 18:37:06 | Attr =  HS]

UMDF -> %SystemRoot%\System32\drivers\UMDF ->  [Folder | Created Date = 18/5/2009 16:33:16 | Attr =    ]

MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 18/5/2009 16:33:19 | Attr =  H ]

ac3acm.acm -> %SystemRoot%\System32\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 13/5/2009 18:26:54 | Attr =    ]

divx.dll -> %SystemRoot%\System32\divx.dll -> DivX, Inc. [Ver = 6.8.5.9 | Size = 684032 bytes | Created Date = 13/5/2009 18:26:51 | Attr =    ]

dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 3, 0, 21 | Size = 86016 bytes | Created Date = 13/5/2009 18:26:52 | Attr =    ]

ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll ->  [Ver =  | Size = 67584 bytes | Created Date = 13/5/2009 18:26:47 | Attr =    ]

lameACM.acm -> %SystemRoot%\System32\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.2 | Size = 839680 bytes | Created Date = 13/5/2009 18:26:55 | Attr =    ]

lame_acm.xml -> %SystemRoot%\System32\lame_acm.xml ->  [Ver =  | Size = 414 bytes | Created Date = 13/5/2009 18:26:56 | Attr =    ]

lfbmp13n.dll -> %SystemRoot%\System32\lfbmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 57344 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

lfcmp13n.dll -> %SystemRoot%\System32\lfcmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 401408 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

lfgif13n.dll -> %SystemRoot%\System32\lfgif13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 69632 bytes | Created Date = 17/5/2009 12:03:03 | Attr =    ]

LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Created Date = 11/5/2009 20:04:03 | Attr =    ]

6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

ltdis13n.dll -> %SystemRoot%\System32\ltdis13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 299008 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

ltefx13n.dll -> %SystemRoot%\System32\ltefx13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 206336 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

ltfil13n.dll -> %SystemRoot%\System32\ltfil13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 163840 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

ltimg13n.dll -> %SystemRoot%\System32\ltimg13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 450560 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

ltkrn13n.dll -> %SystemRoot%\System32\ltkrn13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 462848 bytes | Created Date = 17/5/2009 12:03:00 | Attr =    ]

mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat ->  [Ver =  | Size = 55200 bytes | Created Date = 21/5/2009 19:22:36 | Attr =  H ]

pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 13/5/2009 18:27:05 | Attr =    ]

PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Created Date = 13/5/2009 11:53:17 | Attr =    ]

qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll ->  [Ver =  | Size = 3596288 bytes | Created Date = 13/5/2009 18:26:52 | Attr =    ]

SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Created Date = 11/5/2009 12:16:26 | Attr =    ]

unrar.dll -> %SystemRoot%\System32\unrar.dll ->  [Ver =  | Size = 168448 bytes | Created Date = 13/5/2009 18:27:03 | Attr =    ]

xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll ->  [Ver =  | Size = 795648 bytes | Created Date = 13/5/2009 18:26:53 | Attr =    ]

xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll ->  [Ver =  | Size = 130048 bytes | Created Date = 13/5/2009 18:26:53 | Attr =    ]

yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 13/5/2009 18:26:54 | Attr =    ]

ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 21/5/2009 12:58:55 | Attr =    ]

explorer.exe.local -> %SystemRoot%\explorer.exe.local ->  [Ver =  | Size = 12 bytes | Created Date = 18/5/2009 16:30:59 | Attr =    ]

ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 13/5/2009 12:34:48 | Attr =    ]

pss -> %SystemRoot%\pss ->  [Folder | Created Date = 19/5/2009 22:07:23 | Attr =    ]

REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 11/5/2009 10:05:00 | Attr =    ]

temp -> %SystemRoot%\temp ->  [Folder | Created Date = 29/5/2009 22:58:29 | Attr =    ]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 280 bytes | Created Date = 11/5/2009 12:17:29 | Attr =    ]



[Files/Folders - Modified Within 60 days]

boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 25/5/2009 19:17:43 | Attr = RHS]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063198720 bytes | Modified Date = 29/5/2009 17:38:43 | Attr =  HS]

hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 698 bytes | Modified Date = 25/5/2009 19:24:45 | Attr =    ]

hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn ->  [Ver =  | Size = 27 bytes | Modified Date = 21/5/2009 13:03:48 | Attr =    ]

fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 1462304 bytes | Modified Date = 27/5/2009 23:04:23 | Attr =  HS]

fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 18212 bytes | Modified Date = 27/5/2009 23:04:23 | Attr =  HS]

MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 18/5/2009 16:33:19 | Attr =  H ]

$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 37732 bytes | Modified Date = 11/5/2009 10:12:58 | Attr =    ]

amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 18/5/2009 16:34:54 | Attr =    ]

6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 246312 bytes | Modified Date = 21/5/2009 03:13:06 | Attr =    ]

mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat ->  [Ver =  | Size = 55200 bytes | Modified Date = 21/5/2009 19:22:36 | Attr =  H ]

nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 18/5/2009 16:34:54 | Attr =    ]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 59670 bytes | Modified Date = 29/5/2009 17:43:34 | Attr =    ]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 394206 bytes | Modified Date = 29/5/2009 17:43:34 | Attr =    ]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 460414 bytes | Modified Date = 29/5/2009 17:43:34 | Attr =    ]

pid.PNF -> %SystemRoot%\System32\pid.PNF ->  [Ver =  | Size = 5208 bytes | Modified Date = 11/5/2009 10:12:46 | Attr =    ]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 18/5/2009 16:31:08 | Attr =    ]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 29/5/2009 17:38:45 | Attr =   S]

explorer.exe.local -> %SystemRoot%\explorer.exe.local ->  [Ver =  | Size = 12 bytes | Modified Date = 18/5/2009 16:30:59 | Attr =    ]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 21/5/2009 01:07:09 | Attr =    ]

REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 11/5/2009 10:05:00 | Attr =    ]

system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 29/5/2009 22:57:06 | Attr =    ]

win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 507 bytes | Modified Date = 25/5/2009 19:17:43 | Attr =    ]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 18/5/2009 16:33:55 | Attr =    ]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 280 bytes | Modified Date = 29/5/2009 21:39:04 | Attr =    ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 29/5/2009 22:58:27 | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 11/5/2009 19:30:06 | Attr =    ]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6855 bytes | Modified Date = 29/5/2009 13:07:38 | Attr =    ]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6441 bytes | Modified Date = 29/5/2009 13:07:38 | Attr =    ]

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 12/5/2009 13:59:30 | Attr =    ]

opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8492 bytes | Modified Date = 26/5/2009 13:50:19 | Attr =    ]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

< Document and Settings folder & sub folders >

scanning hidden files ...

C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 98 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\Favorites\CuiabanoTech Blog COMO INSTALAR O WINDOWS XP SP2 NO ASUS EEE PC 701.url:favicon 3638 bytes

C:\Documents and Settings\Paty\Favorites\Download Acer Aspire One XP Driver  BlognTech.Com.url:favicon 1150 bytes

C:\Documents and Settings\Paty\Favorites\The West.url:favicon 1406 bytes

C:\Documents and Settings\Paty\Favorites\Tribal Wars.url:favicon 894 bytes

C:\Documents and Settings\Paty\Favorites\Tutorial completo Ipod Touch.url:favicon 1406 bytes

C:\Documents and Settings\Paty\My Documents\Downloads\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\FFOutput\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\A Era do Gelo 1\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\A Era do Gelo 2\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\A Lenda do Tesouro Perdido\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\A lenda do tesouro perdido (o livro dos segredos - dub)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Gênio Indomável - Drama (dub)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Hancock\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Legais\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Modelos_Nada_Corretos_(Comedia)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Os_Melhores_do_Mundo_(Show_Comedia)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Por Agua Abaixo\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Putz a coisa ta feia\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Shrek - Terceiro\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Ta Dando Onda\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\Um_Louco_Apaixonado_(Comedia)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Movies\videos informatica\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Alex e Alex - Pra Glória do Teu Nome - 2007\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Alex Gonzaga - Canções Eternas Canções - 2001\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Bianca Ryan\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Brian Littrell\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Brian Macknight\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Mandy Moore\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Quatro Por Um - Enquanto Houver Fôlego - 2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Music\Roupa Nova\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Pictures\Folguinha\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Pictures\fotos no haiti\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Pictures\varias\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\Paty\My Documents\My Videos\videos ipod\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 117



< End of report >
endoidei.gif
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#50 Por Wings
30/05/2009 - 02:00
Não encontrei nada sobre a McAfee...nao_sei.gif

Repita o procedimento e selecione as opções:
-Processes => "None"
-File String Search => "None"
-Rootkit search => "No"
-Services => "All"
-Drivers =>"All"
-Registry => "All"
-File String Search => "All"
-Files Created Within => "None"
-Files Modified Within => "None"

*Clique em [Run Scan] e aguarde. Ao finalizar o processo será mostrado um relatório no bloco de notas chamado OTScanIt.txt. Copie-o e cole-o na sua próxima resposta.
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#52 Por Wings
30/05/2009 - 09:55
Incrível, mas não há nada sobre o McAfee no registro. Isso significa que talvez o responsável pelo bloqueio da instalação do McAfee esteja fora do registro.

Estamos em maus lençóis.


1. Verifique se não há nada sobre o McAfee no Adicionar/Remover programas. Caso tenha desinstale.

2. Procure pela pasta C:\Program Files\McAfee ou C:\Arquivos de programas\McAfee. Caso exista, delete-a.

3. Delete o programa OTScanIt

Podemos tentar um scan com Panda. Mas, vamos dar uma olhada em quais antivírus detectam o arquivo em questão. A Kaspersky eu sei que detecta, porém não resolveu em nada. Assim, acesse o link http://virscan.org e envie o arquivo C:\windows\Wplugin.dll para análise.

Cole o link contendo o resultado da análise
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#53 Por oswaldobass
30/05/2009 - 13:37
Achei alguns arquivos na psta temp, appdata, e cookies, deletei todos. Estava pensando,eEle não tem um instalador tipo off line? O instalador que estou tentando tem apenas 1,25 MB; vou procurar algo na net, se vc souber posta aí...

Aí a verificação, diz que não encontraram arquivos maliciosos mais o avira ainda acusa... será que já é falso positivo?

http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html
endoidei.gif
brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#54 Por brando lee
30/05/2009 - 15:17
Agora fiquei furioso com esse virus, vamos ver agora.

Faça isso, ultima tentativa.

1: baixa o programa Autoruns.exe no link abaixo e salve no desktop.
http://rapidshare.com/files/238967242/autoruns.exe.html

2: executa-o e quando lista os arquivos *.DLLs você procura o arquivo Wplugin.dll se vc localiza-lo clique com o botão direito do mause em cima dele e depois clique em DELETE, isso vai remover ele do registro, vamos ver depois que vc reniciar o pc, se ele vai executar, eu creio que não.

se dé certo, nos poderemos deletar ele ou renomear.

*********************************************************
se não der certo o procedimento acima faça esse.

vamos tentar mover o arquivo para o desktop e renomea-lo ao mesmo tempo, em modo seguro.

1: copia o comando abaixo
MOVE C:\windows\Wplugin.dll Wplugin
MOVE C:\docume~1\paty\APPLIC~1\wplugin.dll Wplugin
2: abri seu bloco de notas e cola o comando e depois salva no desktop com esse nome REMOVER.BAT

3: e entra em modo seguro e executa o arquivo REMOVER.BAT os virus vão aparecer no desktop, e delete-os.

vamos ver se isso vai eliminar os virus, só teste.
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#55 Por Wings
30/05/2009 - 19:21
oswaldobass disse:
Achei alguns arquivos na psta temp, appdata, e cookies, deletei todos. Estava pensando,eEle não tem um instalador tipo off line? O instalador que estou tentando tem apenas 1,25 MB; vou procurar algo na net, se vc souber posta aí...


Achei um link que pode ser a salvação. O arquivo tem 49Mb!!!
http://nms.ncc.metu.edu.tr/mcafee/mcafee8.5/mcafee.zip

Execute o setup.exe...vamos ver se dá certo....smile.png
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#56 Por oswaldobass
01/06/2009 - 00:05
karaca wings, esse mcafee caiu como uma luva novamente kkkk

brando lee, tentei o que você falou, só que quando reiniciei lá tava o bendito novamente, aff...

Demorei pra reponder aqui porque não tava conseguindo atualizar o mcafee, mas quando consegui foi imediato; ele desinfectou todos os arquivos que estavam infectados com esse W32/Wplugin.dll e excluiu os 2 infelizes que tanto me deram trabalho ahsuahsauhsauhsauhsahuas

Muito obrigado a todos os que me ajudaram!!!

Vou ficando por aquitchau.gif
endoidei.gif
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#58 Por oswaldobass
02/06/2009 - 23:11
Aí está, desculpe a demora

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:49, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Paty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Marcos Velasco Security\MV RegClean 5.5\MVREGCLEAN.EXE
C:\Documents and Settings\Paty\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Program Files\Puxa Rápido\IEBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 8603 bytes
endoidei.gif
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal