Logo Hardware.com.br
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas

[Resolvido] Avira acusando virus direto...

#1 Por oswaldobass 23/05/2009 - 09:29

Olá pessoal, há duas semanas comprei um mini notebook da Acer, desinstalei o antivirus que veio nele e instalei o Avira; quando atualizei e fiz o primeiro escaneamento ele começou a acusar um Trojan em WINDOWS\Wplugin.dll.

Recentemente instalei o msn plus junto com um plugin que mostra na mensagem pessoal quem tá on line, com quem to conversando... é esse o problema?

Quando mando pra quarentena ou excluo, não abre nem o Windows live messenger, nem o google chrome e se ignoro, obviamente toda vez que ligo aparece a notificação do Avira...

Ai os log's do hijackthis e do Malwarebites' anti-malware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:20:19, on 23/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Paty\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Program Files\Puxa Rápido\IEBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O18 - Filter: x-sdch - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partner Service - Google Inc. - C:\Documents and Settings\All Users\Application Data\Partner\partner.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 7212 bytes


Malwarebytes' Anti-Malware 1.36
Versão do banco de dados: 2161
Windows 5.1.2600 Service Pack 3

21/5/2009 04:34:31
mbam-log-2009-05-21 (04-34-31).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 129492
Tempo decorrido: 38 minute(s), 35 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 2
Chaves do Registro infectadas: 5
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 8

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
C:\Documents and Settings\Paty\Application Data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.

Chaves do Registro infectadas:
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
C:\Documents and Settings\All Users\Application Data\Partner\partner.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\Paty\Application Data\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP24\A0006788.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP25\A0006811.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP26\A0006966.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D943BACC-C405-4AD7-B9AF-994E097D0C0F}\RP28\A0007036.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Wplugin.dll (Trojan.Dropper) -> Delete on reboot.
C:\WINDOWS\SERVICES.REG (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Agradeço a ajuda

windows instalei notebook semanas virus mini acusando avira wplugin
Responder Tópico
oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#47 Por oswaldobass
30/05/2009 - 01:00

ComboFix 09-05-29.01 - Paty 29/05/2009 22:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.686 [GMT -3:00]
Running from: c:\documents and settings\Paty\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ws2help.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 01:57 . 2009-05-30 01:57 110592 ----a-w c:\documents and settings\Paty\Application Data\Wplugin.dll
2009-05-29 06:32 . 2009-05-29 01:11 110592 ----a-w c:\windows\Wplugin.dll
2009-05-28 22:56 . 2009-05-28 22:56 -------- d-----w c:\program files\Microsoft
2009-05-28 17:07 . 2009-05-28 17:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
2009-05-28 17:02 . 2009-05-28 17:02 25214 ----a-r c:\documents and settings\Paty\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
2009-05-28 16:26 . 2009-03-30 13:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-28 16:26 . 2009-02-13 15:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-28 16:26 . 2009-02-13 15:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w c:\program files\Avira
2009-05-28 16:26 . 2009-05-28 16:26 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-27 21:37 . 2009-05-28 02:04 1462304 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-27 21:35 . 2009-05-27 21:31 40622552 ----a-w c:\program files\setup_7.0.0.290_28.05.2009_01-30.exe
2009-05-27 20:45 . 2009-05-27 20:45 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-25 23:27 . 2009-05-26 05:29 -------- d-----w c:\documents and settings\Paty\DoctorWeb
2009-05-25 23:27 . 2009-05-26 00:26 -------- d-----w c:\program files\DrWeb
2009-05-25 22:21 . 2009-05-25 22:24 -------- d-----w C:\HostsXpert
2009-05-25 21:40 . 2009-05-25 21:40 -------- d-----w c:\program files\Zylom Games
2009-05-25 21:40 . 2009-05-25 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-05-25 21:40 . 2009-03-24 14:10 114688 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-05-25 21:40 . 2006-12-12 20:07 161976 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-05-25 18:59 . 2009-05-25 18:59 -------- d-----w c:\program files\FormatFactory
2009-05-23 19:09 . 2009-05-23 19:09 -------- d-----w c:\program files\iPod
2009-05-23 19:08 . 2009-05-23 19:09 -------- d-----w c:\program files\iTunes
2009-05-23 19:08 . 2009-05-23 19:09 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-23 19:07 . 2009-05-23 19:07 -------- d-----w c:\program files\Bonjour
2009-05-23 18:37 . 2009-05-28 18:01 172515 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-23 17:41 . 2009-05-23 17:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-23 17:00 . 2009-05-23 17:02 -------- d-----w C:\Shutdown
2009-05-21 22:22 . 2009-05-21 22:22 55200 ---ha-w c:\windows\system32\mlfcache.dat
2009-05-21 21:57 . 2009-05-29 08:38 -------- d---a-w C:\Protectorx
2009-05-21 06:50 . 2009-05-27 14:18 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-21 06:49 . 2009-05-21 07:09 -------- d-----w c:\documents and settings\Paty\Application Data\IObit
2009-05-21 06:49 . 2009-05-21 06:49 -------- d-----w c:\program files\IObit
2009-05-21 06:48 . 2009-05-21 06:48 -------- d-----w c:\documents and settings\Paty\Application Data\Malwarebytes
2009-05-21 06:48 . 2009-05-26 16:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 06:48 . 2009-05-26 16:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 06:48 . 2009-05-21 06:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-21 06:48 . 2009-05-27 14:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 22:08 . 2009-03-24 19:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-19 21:02 . 2009-05-19 21:02 -------- d-----w c:\documents and settings\Paty\Application Data\Media Player Classic
2009-05-18 19:35 . 2008-04-14 12:00 26624 ----a-w c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-18 19:34 . 2009-05-18 19:34 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-18 19:33 . 2009-05-18 19:34 -------- d-----w C:\addf7175d814a8b805d53384ac5b
2009-05-18 19:33 . 2009-05-18 19:33 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-17 22:03 . 2009-05-17 22:03 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\WMTools Downloaded Files
2009-05-17 17:37 . 2009-05-17 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-17 17:35 . 2009-05-17 17:36 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-17 15:03 . 2003-11-04 18:10 69632 ----a-w c:\windows\system32\lfgif13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 462848 ----a-w c:\windows\system32\ltkrn13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 450560 ----a-w c:\windows\system32\ltimg13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 299008 ----a-w c:\windows\system32\ltdis13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 163840 ----a-w c:\windows\system32\ltfil13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 57344 ----a-w c:\windows\system32\lfbmp13n.dll
2009-05-17 15:03 . 2004-05-14 19:53 401408 ----a-w c:\windows\system32\lfcmp13n.dll
2009-05-17 15:03 . 2004-01-12 05:09 206336 ----a-w c:\windows\system32\ltefx13n.dll
2009-05-17 08:19 . 2009-05-17 08:19 -------- d-----w c:\documents and settings\Paty\Application Data\Desktopicon
2009-05-17 08:18 . 2009-05-17 08:18 -------- d-----w c:\program files\DsNET Corp
2009-05-16 20:18 . 2009-05-29 09:39 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Ares
2009-05-16 20:18 . 2009-05-16 20:18 -------- d-----w c:\program files\Ares
2009-05-16 12:30 . 2009-05-28 21:10 -------- d-----w c:\program files\Puxa Rápido
2009-05-13 21:27 . 2008-09-16 19:23 168448 ----a-w c:\windows\system32\unrar.dll
2009-05-13 15:00 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-13 14:27 . 2009-05-28 15:18 -------- d-----w c:\documents and settings\Paty\Application Data\Skype
2009-05-13 14:27 . 2009-05-13 14:27 -------- d-----r c:\program files\Skype
2009-05-13 14:27 . 2009-05-13 14:27 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-05-13 14:23 . 2009-05-13 14:23 -------- d-----w c:\documents and settings\Paty\Application Data\VoipRaider
2009-05-13 14:12 . 2009-05-13 14:12 -------- d-----w c:\program files\VoipRaider.com
2009-05-13 14:12 . 2008-10-16 17:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-13 14:12 . 2008-10-16 17:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-12 21:26 . 2009-05-12 21:27 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Deployment
2009-05-12 16:55 . 2008-04-14 08:41 21504 -c--a-w c:\windows\system32\dllcache\hidserv.dll
2009-05-12 16:55 . 2008-04-14 08:41 21504 ----a-w c:\windows\system32\hidserv.dll
2009-05-12 16:55 . 2008-04-14 12:00 10368 -c--a-w c:\windows\system32\dllcache\hidusb.sys
2009-05-12 16:55 . 2008-04-14 12:00 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-05-12 16:55 . 2008-04-14 03:15 60032 -c--a-w c:\windows\system32\dllcache\usbaudio.sys
2009-05-12 16:55 . 2008-04-14 03:15 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-05-12 15:37 . 2009-05-29 22:13 -------- d-----w c:\documents and settings\Paty\Tracing
2009-05-11 23:04 . 2009-05-18 19:33 -------- d-----w c:\windows\system32\LogFiles
2009-05-11 22:33 . 2009-05-21 00:56 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Adobe
2009-05-11 15:19 . 2009-05-11 23:46 -------- d-----w c:\documents and settings\Paty\Application Data\Apple Computer
2009-05-11 15:19 . 2009-03-19 19:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-11 15:19 . 2008-04-17 15:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-11 15:19 . 2009-05-11 15:19 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-05-11 15:17 . 2009-05-11 15:18 -------- d-----w c:\program files\QuickTime
2009-05-11 15:17 . 2009-05-11 15:19 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-11 15:17 . 2009-05-11 15:17 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Apple
2009-05-11 15:17 . 2009-05-11 15:17 -------- d-----w c:\program files\Apple Software Update
2009-05-11 15:17 . 2009-03-06 02:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-05-11 15:17 . 2009-03-06 02:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-05-11 15:16 . 2009-05-23 19:09 -------- d-----w c:\program files\Common Files\Apple
2009-05-11 15:16 . 2009-05-11 15:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-05-11 15:15 . 2009-05-11 15:15 -------- d-----w c:\documents and settings\Paty\Local Settings\Application Data\Apple Computer
2009-05-11 15:12 . 2009-05-13 15:22 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-05-11 15:11 . 2008-04-14 12:00 26368 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-05-11 13:14 . 2009-05-28 01:23 -------- d-----w c:\documents and settings\All Users\Application Data\Partner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 22:57 . 2009-03-12 06:11 -------- d-----w c:\program files\Windows Live
2009-05-28 18:05 . 2009-02-04 16:56 172515 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
2009-05-28 18:05 . 2008-09-12 19:44 1835491 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\weddingdash\pt-BR\weddingdash.exe
2009-05-28 18:05 . 2009-04-21 18:05 2175459 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\fitnessdash\pt-BR\fitnessdash.exe
2009-05-28 02:04 . 2009-05-27 21:37 18212 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-28 01:33 . 2008-10-28 16:20 183779 ----a-w c:\documents and settings\Paty\Application Data\Desktopicon\eBayShortcuts.exe
2009-05-22 16:46 . 2009-03-12 05:56 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-22 16:28 . 2009-03-12 05:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 21:29 . 2009-05-13 21:26 -------- d-----w c:\program files\K-Lite Codec Pack
2009-05-13 15:34 . 2009-03-12 05:59 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 17:33 . 2009-05-11 13:13 60664 ----a-w c:\documents and settings\Paty\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 16:30 . 2009-03-12 06:06 -------- d-----w c:\program files\Google
2009-04-21 18:05 . 2009-04-21 18:05 49152 ----a-w c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\fitnessdash\pt-BR\ZylomAdapter.dll
2009-03-29 09:14 . 2009-03-12 05:07 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-29 09:01 . 2008-09-09 10:51 2423 ----a-w c:\windows\CLEANUP.CMD
2009-03-19 19:32 . 2009-03-19 19:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-12 06:37 . 2009-05-28 17:50 60664 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-12 05:06 . 2009-03-12 05:06 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-09 05:45 . 2009-03-12 05:56 16 ----a-w c:\windows\system32\drivers\rtkhdaud.dat
2009-03-06 14:22 . 2009-03-11 12:53 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 08:53 . 2009-03-03 08:53 413696 ----a-w c:\windows\system32\Acer.scr
2009-03-03 00:18 . 2009-03-11 12:53 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 05:03 . 2009-03-04 03:03 38912 ----a-w c:\windows\system32\drivers\l1c51x86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VoipRaider"="c:\program files\VoipRaider.com\VoipRaider\VoipRaider.exe" [2008-12-08 9016112]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-12 24064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-12 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=
"c:\\Program Files\\Puxa Rápido\\PuxaRapido.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Protectorx\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/5/2009 13:26 108289]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [12/3/2009 03:32 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/3/2009 00:03 38912]
R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [29/3/2009 06:00 145408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/3/2009 02:56 1684736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/3/2009 03:06 24064]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 VirtualDK;VirtualDK;c:\documents and settings\Paty\Desktop\tentativa\usb_prep8\vdk.sys [21/5/2009 12:13 16283]
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-31143968-3153008980-2320958936-1005.job
- c:\documents and settings\Paty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-12 01:14]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tribalwars.com.br/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/search?q=gripe&hl=en&sourceid=gd&rls=ACAW,ACAW:2009-19,ACAW:en&aq=t
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 22:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-05-30 22:58
ComboFix-quarantined-files.txt 2009-05-30 01:58

Pre-Run: 122.343.178.240 bytes free
Post-Run: 122.490.634.240 bytes free

220 --- E O F --- 2009-05-21 16:22

Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#48 Por Wings
30/05/2009 - 01:13

OK...não vi nada de serviço da McAfee.

Foi removido o arquivo que vc se queixou.

1.
*Clique em [Iniciar] > [Executar] > digite: ComboFix /u
*Clique [OK]



*Delete a pasta C:\Qoobox e o arquivo C:\combofix.txt, se ainda existirem.

2.
*Baixe o OTScanIt e salve-o no desktop
*Feche o Internet Explorer
*Desative o seu antivírus temporariamente
*Duplo clique em OTScanIt.exe para instalar
*Na pasta OTScanIt, dê duplo clique em OTScanIt.exe
*Selecione as opções:
-Processes => "No Microsoft"
-Services => "No Microsoft"
-Drivers => "No Microsoft"
-Registry => "No Microsoft"
-File String Search => "No Microsoft"
-Rootkit search => "Yes"
-Files Created Within => "60 days"
-Files Modified Within => "60 days"
*Clique em [Run Scan] e aguarde. Ao finalizar o processo será mostrado um relatório no bloco de notas chamado OTScanIt.txt. Copie-o e cole-o na sua próxima resposta.
Obs. Caso fique extenso, anexe-o ao fórum, seja sob a forma .txt ou .zip

Cartilha de Segurança

Moderador - Fórum PC Brasil



oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#49 Por oswaldobass
30/05/2009 - 01:43

OTScanIt logfile created on: 29/5/2009 23:40:08
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Paty\Desktop\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: d/M/yyyy

1013,88 Mb Total Physical Memory | 684,21 Mb Available Physical Memory | 67,49% Memory free
2,39 Gb Paging File | 2,15 Gb Available in Paging File | 90,16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142,05 Gb Total Space | 116,20 Gb Free Space | 81,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OSWALDO
Current User Name: Paty
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
rs_service.exe -> %ProgramFiles%\Acer\Acer VCM\RS_Service.exe -> Acer Incorporated [Ver = 4, 0, 3001, 8484 | Size = 237568 bytes | Modified Date = 5/2/2009 12:14:56 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(RS_Service) Raw Socket Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Acer\Acer VCM\RS_Service.exe -> Acer Incorporated [Ver = 4, 0, 3001, 8484 | Size = 237568 bytes | Modified Date = 5/2/2009 12:14:56 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Ambfilt) Ambfilt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Ambfilt.sys -> Creative [Ver = 5.10.00.4240 | Size = 1684736 bytes | Modified Date = 5/8/2008 09:10:12 | Attr = ]
(AR5416) Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\athw.sys -> Atheros Communications, Inc. [Ver = 7.6.1.221 | Size = 1346464 bytes | Modified Date = 30/12/2008 08:02:32 | Attr = ]
(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 1, 3, 0, 0 | Size = 16896 bytes | Modified Date = 8/12/2004 03:10:00 | Attr = ]
(DritekPortIO) Dritek General Port I/O [Kernel | System | Running] -> %ProgramFiles%\Launch Manager\DPortIO.sys -> Dritek System Inc. [Ver = 12, 23, 0, 2005 | Size = 20112 bytes | Modified Date = 2/11/2006 10:27:36 | Attr = ]
(int15.sys) int15.sys [Kernel | On_Demand | Stopped] -> %SystemDrive%\acernb\int15.sys -> File not found
(L1c) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\l1c51x86.sys -> Atheros Communications, Inc. [Ver = 1.0.0.16 built by: WinDDK | Size = 38912 bytes | Modified Date = 2/3/2009 02:03:46 | Attr = ]
(M3000Srv) USB2.0 UVC WebCam Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\M3000KNT.sys -> [Ver = 1.0.0.1 | Size = 145408 bytes | Modified Date = 2/1/2009 22:33:54 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 14/4/2008 09:00:00 | Attr = ]
(RSUSBSTOR) RTS5121.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\RTS5121.sys -> File not found
(Rts516xIR) Realtek IR Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Rts516xIR.sys -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 14/4/2008 09:00:00 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics Incorporated [Ver = 12.2.2 05Feb09 | Size = 205232 bytes | Modified Date = 5/2/2009 07:33:04 | Attr = ]
(USBCCID) Realtek Smartcard Reader Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Rts5161ccid.sys -> File not found
(VirtualDK) VirtualDK [Kernel | On_Demand | Stopped] -> %UserProfile%\Desktop\tentativa\usb_prep8\vdk.sys -> Ken Kato [Ver = 3.1 | Size = 16283 bytes | Modified Date = 10/11/2003 13:48:00 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avgnt -> %ProgramFiles%\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> Avira GmbH [Ver = 9.00.00.12 | Size = 209153 bytes | Modified Date = 2/3/2009 13:08:47 | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> Google [Ver = 5.7.808.7150 | Size = 24064 bytes | Modified Date = 12/3/2009 03:06:28 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.6 (1292) | Size = 413696 bytes | Modified Date = 5/1/2009 16:18:48 | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ares -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> Ares Development Group [Ver = 2.1.1.3035 | Size = 1004544 bytes | Modified Date = 3/2/2009 10:22:18 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 11/5/2009 10:13:43 | Attr = ]
VoipRaider -> %ProgramFiles%\VoipRaider.com\VoipRaider\VoipRaider.exe ["C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized] -> VoipRaider [Ver = 4, 2, 533, 0 | Size = 9016112 bytes | Modified Date = 8/12/2008 15:10:00 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Acer VCM.lnk -> %ProgramFiles%\Acer\Acer VCM\AcerVCM.exe -> Acer Incorporated [Ver = 4.00.3006 | Size = 565248 bytes | Modified Date = 11/2/2009 19:46:28 | Attr = ]
< Paty Startup Folder > -> C:\Documents and Settings\Paty\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 14/4/2008 09:00:00 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 14/4/2008 09:00:00 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 14/4/2008 09:00:00 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) | Size = 8461312 bytes | Modified Date = 17/6/2008 16:02:19 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 14/4/2008 09:00:00 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4926 | Size = 208896 bytes | Modified Date = 14/2/2008 19:45:40 | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 323 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Shell\ -> ->
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
< Drives with AutoRun files > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 12/3/2009 02:07:49 | Attr = ]
< HOSTS File > (698 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.tribalwars.com.br/ ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1569 domain(s) found. ->
8 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> Adobe Systems Incorporated [Ver = 9.0.0.2008061100 | Size = 75128 bytes | Modified Date = 12/6/2008 02:33:16 | Attr = ]
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{6EF05952-B48D-4944-AA91-57A6A1A48EF8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Puxa Rápido\IEBHO.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 95744 bytes | Modified Date = 18/7/2006 23:46:22 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> Google Inc. [Ver = 6, 1, 1518, 856 | Size = 259696 bytes | Modified Date = 12/5/2009 12:33:41 | Attr = ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 5, 1, 1309, 3572 | Size = 668656 bytes | Modified Date = 12/5/2009 13:30:39 | Attr = ]
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> Google Inc. [Ver = 1, 0, 610, 27482 | Size = 470512 bytes | Modified Date = 12/5/2009 12:33:38 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> Google Inc. [Ver = 6, 1, 1518, 856 | Size = 259696 bytes | Modified Date = 12/5/2009 12:33:41 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> Google Inc. [Ver = 6, 1, 1518, 856 | Size = 259696 bytes | Modified Date = 12/5/2009 12:33:41 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0C08B29C-5715-4501-9744-5E95923CD719} -> (Atheros AR5007EG Wireless Network Adapter) ->
{789B787A-FF78-417C-AE48-10C86FD35D2A} -> (Atheros AR8132 PCI-E Fast Ethernet Controller) ->
{D1BBDEA0-FB81-44C9-8D25-5F16C80C0F22} -> () ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,6,2 | Size = 147456 bytes | Modified Date = 12/12/2008 11:11:44 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Acer\Acer VCM\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 31, 0 | Size = 1942824 bytes | Modified Date = 2/7/2008 21:35:16 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab[MSN Photo Upload Tool] ->
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://fdl.msn.com/public/chat/msnchat45.cab[MSN Chat Control 4.5] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\\.Owner -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> ->



[Files/Folders - Created Within 60 days]
addf7175d814a8b805d53384ac5b -> %SystemDrive%\addf7175d814a8b805d53384ac5b -> [Folder | Created Date = 18/5/2009 16:33:20 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 20/5/2009 01:35:53 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063198720 bytes | Created Date = 29/5/2009 17:38:43 | Attr = HS]
HostsXpert -> %SystemDrive%\HostsXpert -> [Folder | Created Date = 25/5/2009 19:21:41 | Attr = ]
Protectorx -> %SystemDrive%\Protectorx -> [Folder | Created Date = 21/5/2009 18:57:23 | Attr = ]
Shutdown -> %SystemDrive%\Shutdown -> [Folder | Created Date = 23/5/2009 14:00:04 | Attr = ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 1462304 bytes | Created Date = 27/5/2009 18:37:06 | Attr = HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 18212 bytes | Created Date = 27/5/2009 18:37:06 | Attr = HS]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Created Date = 18/5/2009 16:33:16 | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 18/5/2009 16:33:19 | Attr = H ]
ac3acm.acm -> %SystemRoot%\System32\ac3acm.acm -> fccHandler [Ver = 1, 40, 0, 0 | Size = 118784 bytes | Created Date = 13/5/2009 18:26:54 | Attr = ]
divx.dll -> %SystemRoot%\System32\divx.dll -> DivX, Inc. [Ver = 6.8.5.9 | Size = 684032 bytes | Created Date = 13/5/2009 18:26:51 | Attr = ]
dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 3, 0, 21 | Size = 86016 bytes | Created Date = 13/5/2009 18:26:52 | Attr = ]
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll -> [Ver = | Size = 67584 bytes | Created Date = 13/5/2009 18:26:47 | Attr = ]
lameACM.acm -> %SystemRoot%\System32\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.2 | Size = 839680 bytes | Created Date = 13/5/2009 18:26:55 | Attr = ]
lame_acm.xml -> %SystemRoot%\System32\lame_acm.xml -> [Ver = | Size = 414 bytes | Created Date = 13/5/2009 18:26:56 | Attr = ]
lfbmp13n.dll -> %SystemRoot%\System32\lfbmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 57344 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
lfcmp13n.dll -> %SystemRoot%\System32\lfcmp13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 401408 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
lfgif13n.dll -> %SystemRoot%\System32\lfgif13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 69632 bytes | Created Date = 17/5/2009 12:03:03 | Attr = ]
LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 11/5/2009 20:04:03 | Attr = ]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
ltdis13n.dll -> %SystemRoot%\System32\ltdis13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 299008 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
ltefx13n.dll -> %SystemRoot%\System32\ltefx13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 206336 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
ltfil13n.dll -> %SystemRoot%\System32\ltfil13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 163840 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
ltimg13n.dll -> %SystemRoot%\System32\ltimg13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 450560 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
ltkrn13n.dll -> %SystemRoot%\System32\ltkrn13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 462848 bytes | Created Date = 17/5/2009 12:03:00 | Attr = ]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 55200 bytes | Created Date = 21/5/2009 19:22:36 | Attr = H ]
pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 13/5/2009 18:27:05 | Attr = ]
PreInstall -> %SystemRoot%\System32\PreInstall -> [Folder | Created Date = 13/5/2009 11:53:17 | Attr = ]
qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 13/5/2009 18:26:52 | Attr = ]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution -> [Folder | Created Date = 11/5/2009 12:16:26 | Attr = ]
unrar.dll -> %SystemRoot%\System32\unrar.dll -> [Ver = | Size = 168448 bytes | Created Date = 13/5/2009 18:27:03 | Attr = ]
xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll -> [Ver = | Size = 795648 bytes | Created Date = 13/5/2009 18:26:53 | Attr = ]
xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll -> [Ver = | Size = 130048 bytes | Created Date = 13/5/2009 18:26:53 | Attr = ]
yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 13/5/2009 18:26:54 | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 21/5/2009 12:58:55 | Attr = ]
explorer.exe.local -> %SystemRoot%\explorer.exe.local -> [Ver = | Size = 12 bytes | Created Date = 18/5/2009 16:30:59 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 13/5/2009 12:34:48 | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 19/5/2009 22:07:23 | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Created Date = 11/5/2009 10:05:00 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 29/5/2009 22:58:29 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 280 bytes | Created Date = 11/5/2009 12:17:29 | Attr = ]

[Files/Folders - Modified Within 60 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 25/5/2009 19:17:43 | Attr = RHS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063198720 bytes | Modified Date = 29/5/2009 17:38:43 | Attr = HS]
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 698 bytes | Modified Date = 25/5/2009 19:24:45 | Attr = ]
hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn -> [Ver = | Size = 27 bytes | Modified Date = 21/5/2009 13:03:48 | Attr = ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 1462304 bytes | Modified Date = 27/5/2009 23:04:23 | Attr = HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 18212 bytes | Modified Date = 27/5/2009 23:04:23 | Attr = HS]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 18/5/2009 16:33:19 | Attr = H ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf -> [Ver = | Size = 37732 bytes | Modified Date = 11/5/2009 10:12:58 | Attr = ]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 18/5/2009 16:34:54 | Attr = ]
6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 246312 bytes | Modified Date = 21/5/2009 03:13:06 | Attr = ]
mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 55200 bytes | Modified Date = 21/5/2009 19:22:36 | Attr = H ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 18/5/2009 16:34:54 | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59670 bytes | Modified Date = 29/5/2009 17:43:34 | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 394206 bytes | Modified Date = 29/5/2009 17:43:34 | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 460414 bytes | Modified Date = 29/5/2009 17:43:34 | Attr = ]
pid.PNF -> %SystemRoot%\System32\pid.PNF -> [Ver = | Size = 5208 bytes | Modified Date = 11/5/2009 10:12:46 | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 18/5/2009 16:31:08 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 29/5/2009 17:38:45 | Attr = S]
explorer.exe.local -> %SystemRoot%\explorer.exe.local -> [Ver = | Size = 12 bytes | Modified Date = 18/5/2009 16:30:59 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 21/5/2009 01:07:09 | Attr = ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD -> [Ver = | Size = 8192 bytes | Modified Date = 11/5/2009 10:05:00 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 29/5/2009 22:57:06 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 507 bytes | Modified Date = 25/5/2009 19:17:43 | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 18/5/2009 16:33:55 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 280 bytes | Modified Date = 29/5/2009 21:39:04 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 29/5/2009 22:58:27 | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/5/2009 19:30:06 | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6855 bytes | Modified Date = 29/5/2009 13:07:38 | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6441 bytes | Modified Date = 29/5/2009 13:07:38 | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12/5/2009 13:59:30 | Attr = ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8492 bytes | Modified Date = 26/5/2009 13:50:19 | Attr = ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 98 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\Favorites\CuiabanoTech Blog COMO INSTALAR O WINDOWS XP SP2 NO ASUS EEE PC 701.url:favicon 3638 bytes
C:\Documents and Settings\Paty\Favorites\Download Acer Aspire One XP Driver BlognTech.Com.url:favicon 1150 bytes
C:\Documents and Settings\Paty\Favorites\The West.url:favicon 1406 bytes
C:\Documents and Settings\Paty\Favorites\Tribal Wars.url:favicon 894 bytes
C:\Documents and Settings\Paty\Favorites\Tutorial completo Ipod Touch.url:favicon 1406 bytes
C:\Documents and Settings\Paty\My Documents\Downloads\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\FFOutput\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\A Era do Gelo 1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\A Era do Gelo 2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\A Lenda do Tesouro Perdido\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\A lenda do tesouro perdido (o livro dos segredos - dub)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Gênio Indomável - Drama (dub)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Hancock\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Legais\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Modelos_Nada_Corretos_(Comedia)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Os_Melhores_do_Mundo_(Show_Comedia)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Por Agua Abaixo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Putz a coisa ta feia\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Shrek - Terceiro\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Ta Dando Onda\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\Um_Louco_Apaixonado_(Comedia)\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Movies\videos informatica\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Alex e Alex - Pra Glória do Teu Nome - 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Alex Gonzaga - Canções Eternas Canções - 2001\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Bianca Ryan\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Brian Littrell\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Brian Macknight\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Mandy Moore\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Quatro Por Um - Enquanto Houver Fôlego - 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Music\Roupa Nova\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Pictures\Folguinha\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Pictures\fotos no haiti\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Pictures\varias\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Paty\My Documents\My Videos\videos ipod\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 117

< End of report >
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#50 Por Wings
30/05/2009 - 02:00

Não encontrei nada sobre a McAfee...

Repita o procedimento e selecione as opções:
-Processes => "None"
-File String Search => "None"
-Rootkit search => "No"
-Services => "All"
-Drivers =>"All"
-Registry => "All"
-File String Search => "All"
-Files Created Within => "None"
-Files Modified Within => "None"
*Clique em [Run Scan] e aguarde. Ao finalizar o processo será mostrado um relatório no bloco de notas chamado OTScanIt.txt. Copie-o e cole-o na sua próxima resposta.

Cartilha de Segurança

Moderador - Fórum PC Brasil



Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#52 Por Wings
30/05/2009 - 09:55

Incrível, mas não há nada sobre o McAfee no registro. Isso significa que talvez o responsável pelo bloqueio da instalação do McAfee esteja fora do registro.

Estamos em maus lençóis.


1. Verifique se não há nada sobre o McAfee no Adicionar/Remover programas. Caso tenha desinstale.

2. Procure pela pasta C:\Program Files\McAfee ou C:\Arquivos de programas\McAfee. Caso exista, delete-a.

3. Delete o programa OTScanIt

Podemos tentar um scan com Panda. Mas, vamos dar uma olhada em quais antivírus detectam o arquivo em questão. A Kaspersky eu sei que detecta, porém não resolveu em nada. Assim, acesse o link http://virscan.org e envie o arquivo C:\windows\Wplugin.dll para análise.

Cole o link contendo o resultado da análise

Cartilha de Segurança

Moderador - Fórum PC Brasil



oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#53 Por oswaldobass
30/05/2009 - 13:37

Achei alguns arquivos na psta temp, appdata, e cookies, deletei todos. Estava pensando,eEle não tem um instalador tipo off line? O instalador que estou tentando tem apenas 1,25 MB; vou procurar algo na net, se vc souber posta aí...

Aí a verificação, diz que não encontraram arquivos maliciosos mais o avira ainda acusa... será que já é falso positivo?

http://virscan.org/report/e8541b64f8b1bb1cbd8e955aa9dfd4d2.html

brando lee
brando lee Zerinho Registrado
2.4K Mensagens 97 Curtidas
#54 Por brando lee
30/05/2009 - 15:17

Agora fiquei furioso com esse virus, vamos ver agora.

Faça isso, ultima tentativa.

1: baixa o programa Autoruns.exe no link abaixo e salve no desktop.
http://rapidshare.com/files/238967242/autoruns.exe.html

2: executa-o e quando lista os arquivos *.DLLs você procura o arquivo Wplugin.dll se vc localiza-lo clique com o botão direito do mause em cima dele e depois clique em DELETE, isso vai remover ele do registro, vamos ver depois que vc reniciar o pc, se ele vai executar, eu creio que não.

se dé certo, nos poderemos deletar ele ou renomear.

*********************************************************
se não der certo o procedimento acima faça esse.

vamos tentar mover o arquivo para o desktop e renomea-lo ao mesmo tempo, em modo seguro.

1: copia o comando abaixo MOVE C:\windows\Wplugin.dll Wplugin
MOVE C:\docume~1\paty\APPLIC~1\wplugin.dll Wplugin 2: abri seu bloco de notas e cola o comando e depois salva no desktop com esse nome REMOVER.BAT

3: e entra em modo seguro e executa o arquivo REMOVER.BAT os virus vão aparecer no desktop, e delete-os.

vamos ver se isso vai eliminar os virus, só teste.

Ficarei um tempo ausente no Fórum, muito Ocupado, coisas mais importante pra fazer "Trabalho".

Removendo vírus pelo bloco de notas!

https://www.hardware.com.br/comuni...6/#post4191631
Wings
Wings Cyber Highlander Registrado
20.3K Mensagens 1.2K Curtidas
#55 Por Wings
30/05/2009 - 19:21

oswaldobass disse: Achei alguns arquivos na psta temp, appdata, e cookies, deletei todos. Estava pensando,eEle não tem um instalador tipo off line? O instalador que estou tentando tem apenas 1,25 MB; vou procurar algo na net, se vc souber posta aí...

Achei um link que pode ser a salvação. O arquivo tem 49Mb!!!
http://nms.ncc.metu.edu.tr/mcafee/mcafee8.5/mcafee.zip

Execute o setup.exe...vamos ver se dá certo....

Cartilha de Segurança

Moderador - Fórum PC Brasil



oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#56 Por oswaldobass
01/06/2009 - 00:05

karaca wings, esse mcafee caiu como uma luva novamente kkkk

brando lee, tentei o que você falou, só que quando reiniciei lá tava o bendito novamente, aff...

Demorei pra reponder aqui porque não tava conseguindo atualizar o mcafee, mas quando consegui foi imediato; ele desinfectou todos os arquivos que estavam infectados com esse W32/Wplugin.dll e excluiu os 2 infelizes que tanto me deram trabalho ahsuahsauhsauhsauhsahuas

Muito obrigado a todos os que me ajudaram!!!

Vou ficando por aqui

oswaldobass
oswaldobass Tô em todas Registrado
1.9K Mensagens 88 Curtidas
#58 Por oswaldobass
02/06/2009 - 23:11

Aí está, desculpe a demora

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:49, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Acer\Acer VCM\Vc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Paty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Paty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Marcos Velasco Security\MV RegClean 5.5\MVREGCLEAN.EXE
C:\Documents and Settings\Paty\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tribalwars.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0509&m=aspire_one
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Program Files\Puxa Rápido\IEBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe

--
End of file - 8603 bytes

Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.