Logo Hardware.com.br
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas

Encontrou um problema e precisa ser fechado (Tit.Edit)

#1 Por igoreso 02/07/2010 - 09:38
Recomendo que desinstale os programas abaixo:
Iniciar> Painel de Controle> Adicionar / Remover Programas e remova o seguinte (se houver):
SpeedBit Video Accelerator

-- ETAPA 2 --
Acesse o VirusTotal.com
http://www.virustotal.com/pt[code=rich]
c:\windows\system32\apf001.sys[/code]Copie este caminho em vermelho e cole ao lado do botão
Procurar

Depois clique em
Enviar Arquivo

Aguarde a análise, depois copie o resultado e cole na sua resposta.
problema formatar tit fechado pretendo virus ajudarem agradecido encontrou
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#31 Por igoreso
04/07/2010 - 19:27
Recomendo que desinstale os programas abaixo:
Iniciar> Painel de Controle> Adicionar / Remover Programas e remova o seguinte (se houver):
SpeedBit Video Accelerator

-- ETAPA 2 --
Acesse o VirusTotal.com
http://www.virustotal.com/pt[code=rich]
c:\windows\system32\apf001.sys[/code]Copie este caminho em vermelho e cole ao lado do botão
Procurar

Depois clique em
Enviar Arquivo

Aguarde a análise, depois copie o resultado e cole na sua resposta.
6533923
6533923 Novo Membro Registrado
35 Mensagens 0 Curtidas
#33 Por 6533923
04/07/2010 - 19:47
eu clikei em enviar arquivo, ai apareceu para eu procurar um arquivo , la em nome do arquivo , colei isso em vermelho , e dei enviar arquivo , apareceu isso :









Arquivo apf001.sys-4108651549-2-2.f recebido em 2010.04.23 04:08:47 (UTC)
Andamento: terminado
Resultado: 0/39 (0.00%)




Antivírus Versão Última Atualização Resultado a-squared 4.5.0.50 2010.04.23 - AhnLab-V3 5.0.0.2 2010.04.23 - AntiVir 8.2.1.220 2010.04.22 - Antiy-AVL 2.0.3.7 2010.04.21 - Authentium 5.2.0.5 2010.04.23 - Avast 4.8.1351.0 2010.04.22 - Avast5 5.0.332.0 2010.04.22 - AVG 9.0.0.787 2010.04.22 - BitDefender 7.2 2010.04.23 - CAT-QuickHeal 10.00 2010.04.23 - ClamAV 0.96.0.3-git 2010.04.23 - Comodo 4668 2010.04.23 - DrWeb 5.0.2.03300 2010.04.23 - eSafe 7.0.17.0 2010.04.22 - eTrust-Vet 35.2.7444 2010.04.22 - F-Prot 4.5.1.85 2010.04.23 - F-Secure 9.0.15370.0 2010.04.23 - Fortinet 4.0.14.0 2010.04.21 - GData 21 2010.04.23 - Ikarus T3.1.1.80.0 2010.04.23 - Jiangmin 13.0.900 2010.04.22 - Kaspersky 7.0.0.125 2010.04.23 - McAfee 5.400.0.1158 2010.04.23 - McAfee-GW-Edition 6.8.5 2010.04.22 - Microsoft 1.5703 2010.04.22 - NOD32 5051 2010.04.22 - Norman 6.04.11 2010.04.22 - nProtect 2010-04-22.01 2010.04.22 - Panda 10.0.2.7 2010.04.22 - PCTools 7.0.3.5 2010.04.23 - Rising 22.44.03.04 2010.04.22 - Sophos 4.53.0 2010.04.23 - Sunbelt 6211 2010.04.23 - Symantec 20091.2.0.41 2010.04.23 - TheHacker 6.5.2.0.267 2010.04.22 - TrendMicro 9.120.0.1004 2010.04.22 - VBA32 3.12.12.4 2010.04.22 - ViRobot 2010.4.22.2290 2010.04.22 - VirusBuster 5.0.27.0 2010.04.22 - Informações adicionais File size: 10872 bytes MD5 : 0bf848f3cdd883843769a9070f55a023 SHA1 : e077d5c8fdf95c8cb2f414defc1f966f53816c7f SHA256: ae7c3b621cfc00cb1e6a372e64e9a802e37542883605de9eaa3ca666f45e808d PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4005
timedatestamp.....: 0x4BA615E0 (Sun Mar 21 13:49:36 2010)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x36E 0x400 5.06 da4cb49010672c9b6bc1110f9769bcae
.rdata 0x2000 0x90 0x200 1.69 b4d05155aaae575bcbef9832aee758e5
.data 0x3000 0x84 0x200 0.18 aacbcb3c40fdddb88b50fb7856b36ff2
INIT 0x4000 0x180 0x200 4.09 3a2cb9896ad586130de9b8e063ec6285
.reloc 0x5000 0x102 0x200 1.45 d50d283c9db64f48c0fc2cce7a2379c9

( 2 imports )

> apl001.sys: GetLoadFunc
> ntoskrnl.exe: IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, PsGetCurrentProcessId, IoDeleteSymbolicLink, IofCompleteRequest, IoDeleteDevice, KeTickCount

( 0 exports )
TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ssdeep: 192:e+xKmyowJL/8Qpkqs1I5ZgjlEyKmz+ebCfoF8w:e+xYJLu1M6jXKmlbCg sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: Beijing Apex Weifeng Technology Co.,Ltd.
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 2:57 PM 3/21/2010
verified.....: -
PEiD : - packers (F-Prot): embedded RDS : NSRL Reference Data Set
-
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#37 Por igoreso
04/07/2010 - 20:00
6533923 disse:
vou fazer isso que voce disse , mais na moral , ja é o 4 negocio q falam pra baixar, que aparentemente faz amesma coisa !


Isso é para verificar rootkit!
Esse arquivo que mandei analisar ápos uma busca não achei nada ele é muito estranho.
c:\windows\system32\apf001.sys

Se conhecer essa empresa me fale e fique atento ao tópico.
Beijing Apex Weifeng Technology Co.,Ltd.
6533923
6533923 Novo Membro Registrado
35 Mensagens 0 Curtidas
#40 Por 6533923
04/07/2010 - 20:08
LOG DO ROOTKIT UNHOOKER \/








RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237C8-->B9EB50E0 [spjg.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624014-->B9ECDDA4 [spjg.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062427E-->B9ECE132 [spjg.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BA6-->B9EB50C0 [spjg.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EE8-->B9ECE20A [spjg.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806219EC-->B9ECE08A [spjg.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D3A-->B9ECE29C [spjg.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8A6A4A00 [4] System
0x89A9DBE0 [132] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x8A42C570 [144] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x8A3E17C0 [196] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG, Nero Home)
0x89BFB4F8 [204] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x89C44BE8 [212] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A., Skype )
0x89CF75A8 [476] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd., Speedbit Video Accelerator )
0x8A42D988 [628] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Gerenciador de Sessão do Windows NT)
0x89C62020 [676] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89BF7DA0 [700] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Aplicativo de logon do Windows NT)
0x8A3A03C0 [744] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Aplicativo de serviços e controle)
0x8A404170 [756] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8A3A83C0 [928] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A450AB0 [1016] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89C0C600 [1112] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89CA7DA0 [1204] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A479B38 [1316] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A3FB3E8 [1364] C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe (Speedbit Ltd., VideoAcceleratorEngine)
0x89C15610 [1492] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8997B978 [1540] C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x8A16DD50 [1624] C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8A14BA40 [1648] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A4CCB28 [1764] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x89BDCB78 [1868] C:\Arquivos de programas\Tibia\Tibia.exe (CipSoft GmbH, Tibia Player)
0x89C075D0 [1920] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x89C99B28 [1968] C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp., PowerDVD RC Service)
0x89C2F958 [1988] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x89AB4BE0 [2016] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x89C91870 [2040] C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe (Crawler.com, Spyware Terminator Realtime Shield Service)
0x8A403460 [2084] C:\Documents and Settings\sim1\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x89C6ADA0 [2104] C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe (Speedbit Ltd., VideoAcceleratorEngine)
0x8997CDA0 [2308] C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe (Skype Technologies, Skype Extras Manager)
0x898D56F0 [2408] C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe (Asprate, MULTI IP Changer)
0x89B2E5E8 [2604] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (Nero AG, Nero Home)
0x89B17978 [2768] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG, Nero Home)
0x89B72BE0 [3252] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x89B675B8 [3324] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x89A21818 [3752] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x899F65E0 [3780] C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x89C9D3C0 [4052] C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe (Asprate, MULTI IP Changer)
==============================================
>Drivers
==============================================
0xA8BAF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5185536 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Núcleo e sistema do NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Driver Win32 multiusuário)
0xB9430000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1732608 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB9EB4000 PCI_PNP4336 995328 bytes
0xB9EB4000 spjg.sys 995328 bytes
0xB9EB4000 sptd 995328 bytes
0xB9D2A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA81ED000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB920A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA831B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA773C000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA704C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9360000 C:\WINDOWS\System32\Drivers\ao331soe.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB9268000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA780B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9CFD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA6DCF000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA825D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB93F4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA82F3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA82CD000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8B8B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB93D0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9399000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8288000 C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 143360 bytes (-, -)
0xA82AB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DE0000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver de disco com tolerância a falhas)
0xB9CE3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E00000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA81AD000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DB7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9349000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7D88000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB93BC000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver de porta paralela)
0xB941C000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8374000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DCE000 sr.sys 73728 bytes (Microsoft Corporation, Driver de filtro do sistema de arquivos da restauração do sistema)
0xB9E5D000 pci.sys 69632 bytes (Microsoft Corporation, Enumerador NT Plug and Play PCI)
0xB9338000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA1E8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver de dispositivo serial)
0xBA178000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB92C8000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA188000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA298000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Driver de porta i8042)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Driver de cópia de sombra de volume)
0xBA308000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver de dispositivo de processador)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA158000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA148000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\atl01_xp.sys 36864 bytes (Attansic Technology corporation., Attansic L1 Gigabit Ethernet Controller ndis miniport driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA752C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA4A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver de classe teclado)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver de classe modem)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA498000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA4A0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA460000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA468000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA348000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9CBB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA80B5000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB91A5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA56C000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA588000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5D0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5D6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5CE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA616000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Driver paralelo VDM)
0xBA5D4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5C8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA74A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6AE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA753000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A6471F8 unknown_irp_handler 3592 bytes
0x8A3B61F8 unknown_irp_handler 3592 bytes
0x8A6B81F8 unknown_irp_handler 3592 bytes
0x8A4001F8 unknown_irp_handler 3592 bytes
0x8A6491F8 unknown_irp_handler 3592 bytes
0x8A3D0318 unknown_irp_handler 3304 bytes
0x89D50400 unknown_irp_handler 3072 bytes
0x8A3CC500 unknown_irp_handler 2816 bytes
0x89A9B500 unknown_irp_handler 2816 bytes
0x8A447500 unknown_irp_handler 2816 bytes
0x89CF5500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\sim1\Configurações locais\Dados de aplicativos\Ahead\Nero Home\idx\_3yw.cfs
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D510, Type: Inline - RelativeJump 0x80504510-->805044D1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[1540]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[1764]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [shimeng.dll]
[1764]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77E510B4-->00000000 [shimeng.dll]
[1764]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1764]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1764]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1764]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3FA514B0-->00000000 [shimeng.dll]
[1764]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A7109C-->00000000 [shimeng.dll]
[1868]Tibia.exe-->advapi32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77F510CC-->00000000 [USkin.dll]
[1868]Tibia.exe-->advapi32.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x77F511D0-->00000000 [USkin.dll]
[1868]Tibia.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F51218-->00000000 [USkin.dll]
[1868]Tibia.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F51214-->00000000 [USkin.dll]
[1868]Tibia.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F5105C-->00000000 [USkin.dll]
[1868]Tibia.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F511E0-->00000000 [USkin.dll]
[1868]Tibia.exe-->gdi32.dll-->DeleteObject, Type: IAT modification 0x005B8058-->00000000 [USkin.dll]
[1868]Tibia.exe-->kernel32.dll-->CreateThread, Type: IAT modification 0x005B8140-->00000000 [USkin.dll]
[1868]Tibia.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x005B82A0-->00000000 [USkin.dll]
[1868]Tibia.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x005B82CC-->00000000 [USkin.dll]
[1868]Tibia.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x005B82C8-->00000000 [USkin.dll]
[1868]Tibia.exe-->mswsock.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71A11160-->00000000 [USkin.dll]
[1868]Tibia.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A11178-->00000000 [USkin.dll]
[1868]Tibia.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A11184-->00000000 [USkin.dll]
[1868]Tibia.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A111A0-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->gdi32.dll-->DeleteObject, Type: IAT modification 0x7C9C1254-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x7C9C15B4-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x7C9C12B0-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->AdjustWindowRectEx, Type: IAT modification 0x7C9C1D1C-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->CallWindowProcW, Type: IAT modification 0x7C9C2054-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->DrawEdge, Type: IAT modification 0x7C9C1F00-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->DrawFrameControl, Type: IAT modification 0x7C9C1EFC-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->FillRect, Type: IAT modification 0x7C9C1EF8-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->GetScrollInfo, Type: IAT modification 0x7C9C1FE8-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x7C9C1EE4-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->RegisterClassW, Type: IAT modification 0x7C9C1EA8-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->SetScrollInfo, Type: IAT modification 0x7C9C20B4-->00000000 [USkin.dll]
[1868]Tibia.exe-->shell32.dll-->user32.dll-->SystemParametersInfoA, Type: IAT modification 0x7C9C1D24-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->AdjustWindowRectEx, Type: IAT modification 0x005B83C0-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->CallWindowProcA, Type: IAT modification 0x005B83D8-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->DefWindowProcA, Type: IAT modification 0x005B83D4-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->FillRect, Type: IAT modification 0x005B8568-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->GetMessageA, Type: IAT modification 0x005B8428-->00000000 [elfbot.dll]
[1868]Tibia.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x005B8404-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x005B8570-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->RegisterClassA, Type: IAT modification 0x005B83C8-->00000000 [USkin.dll]
[1868]Tibia.exe-->user32.dll-->SystemParametersInfoA, Type: IAT modification 0x005B83DC-->00000000 [USkin.dll]
[1868]Tibia.exe-->ws2_32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x71A710AC-->00000000 [USkin.dll]
[1868]Tibia.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A7109C-->00000000 [USkin.dll]
[1868]Tibia.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A710A8-->00000000 [USkin.dll]
[3780]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->00000000 [xul.dll]
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#41 Por igoreso
04/07/2010 - 20:11
Faça o download do DDS e salve no desktop.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
17c004ff757474cda22635c154079dfa
Execute na conta administradora do computador, e com permissão de administrador (no caso Windows Vista e 7).
Temporariamente desative seus programas de proteção, (anti-vírus e anti-spyware).
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve os resultados e cole-os na resposta.
6533923
6533923 Novo Membro Registrado
35 Mensagens 0 Curtidas
#42 Por 6533923
04/07/2010 - 20:17
OS 2 LOG ABAIXO !


DDS.TXT

DDS (Ver_10-03-17.01) - NTFSx86
Run by sim1 at 20:17:05,76 on dom 04/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3574.2878 [GMT -3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe
svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe
C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Tibia\Tibia.exe
C:\Arquivos de programas\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
C:\Documents and Settings\sim1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
mStart Page = hxxp://search.localstrike.com.ar/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquiv~1\micros~3\office12\GRA8E1~1.DLL
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"
uRun: [Skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\DTLite.exe" -autorun
uRun: [SpeedBitVideoAccelerator] c:\arquivos de programas\speedbit video accelerator\VideoAccelerator.exe
uRun: [SpywareTerminatorUpdate] "c:\arquivos de programas\spyware terminator\SpywareTerminatorUpdate.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\arquivos de programas\realtek\audio\drivers\AzMixerSel.exe
mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"
mRun: [RemoteControl9] "c:\arquivos de programas\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\arquivos de programas\cyberlink\powerdvd9\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office12\REFIEBAR.DLL
LSP: %SystemRoot%\system32\PrxerDrv.dll
LSP: c:\arquiv~1\speedb~2\sblsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~3\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\arquivos de programas\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LogonInit - logonInit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquiv~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sim1\dadosd~1\mozilla\firefox\profiles\vhf9s7wj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com.br
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60347&qkw=
FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-6-29 142592]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\arquiv~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2010-5-29 34944]
S3 apf001;apf001;c:\windows\system32\apf001.sys [2010-6-6 10872]
S3 cpudrv;cpudrv;c:\arquivos de programas\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\sim1\config~1\temp\bik78.tmp --> c:\docume~1\sim1\config~1\temp\BIK78.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2010-07-04 21:58:49 0 d-----w- C:\ComboFix
2010-07-04 15:11:53 0 d-sha-r- C:\cmdcons
2010-07-04 15:09:09 98816 ----a-w- c:\windows\sed.exe
2010-07-04 15:09:09 77312 ----a-w- c:\windows\MBR.exe
2010-07-04 15:09:09 256512 ----a-w- c:\windows\PEV.exe
2010-07-04 15:09:09 161792 ----a-w- c:\windows\SWREG.exe
2010-07-03 16:28:56 0 d-----w- c:\docume~1\sim1\dadosd~1\Malwarebytes
2010-07-03 16:28:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-03 16:28:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-03 16:28:48 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes
2010-07-03 16:28:48 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-07-03 01:20:31 0 d-----w- c:\arquivos de programas\Garena HostBot
2010-07-01 19:40:24 2 ----a-w- c:\windows\intelupdate.version
2010-07-01 13:06:58 0 d-----w- c:\docume~1\sim1\dadosd~1\DeviceDoctorSoftware
2010-07-01 13:06:56 0 d-----w- c:\arquivos de programas\Device Doctor
2010-06-30 14:23:51 0 d-----w- c:\arquivos de programas\Tibia
2010-06-30 00:01:58 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-30 00:01:58 0 d-----w- c:\docume~1\sim1\dadosd~1\Spyware Terminator
2010-06-30 00:01:57 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Spyware Terminator
2010-06-30 00:01:57 0 d-----w- c:\arquivos de programas\Spyware Terminator
2010-06-27 02:10:42 0 d-----w- c:\arquivos de programas\Screaming Bee
2010-06-26 20:08:09 0 d-----w- c:\docume~1\sim1\dadosd~1\Tibiacast
2010-06-26 20:07:34 0 d-----w- c:\arquivos de programas\Tibiacast
2010-06-26 16:32:39 14048 ------w- c:\windows\system32\spmsg2.dll
2010-06-26 16:30:50 0 d-----w- c:\windows\system32\XPSViewer
2010-06-26 16:30:10 0 d-----w- c:\windows\Driver Cache
2010-06-26 16:29:59 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-06-26 16:29:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-06-26 16:29:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-26 16:29:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-26 16:29:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-26 16:29:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-26 16:29:59 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-26 16:29:59 0 d-----w- C:\2b04bbd852fb07a575a07520
2010-06-24 19:19:11 0 d-----w- c:\docume~1\sim1\dadosd~1\BitTorrent
2010-06-24 19:19:08 0 d-----w- c:\arquivos de programas\BitTorrent
2010-06-18 21:59:16 53248 ----a-w- c:\windows\system32\dsnpstd.dll
2010-06-18 21:59:16 286720 ----a-w- c:\windows\vsnpstd.exe
2010-06-18 21:59:16 15541 ----a-w- c:\windows\snpstd.ini
2010-06-18 21:59:16 13023 ----a-w- c:\windows\snpstd.src
2010-06-18 21:59:15 390784 ----a-w- c:\windows\system32\drivers\snpstd.sys
2010-06-18 21:59:13 61440 ----a-w- c:\windows\system32\rsnpstd.dll
2010-06-18 21:59:13 61440 ----a-w- c:\windows\system32\csnpstd.dll
2010-06-18 21:59:13 36864 ----a-w- c:\windows\system32\vsnpstd.dll
2010-06-18 21:59:13 36864 ----a-w- c:\windows\system32\dsnpstd.ax
2010-06-18 21:59:13 20480 ----a-w- c:\windows\usnpstd.exe
2010-06-18 21:59:13 0 d-----w- c:\arquivos de programas\arquivos comuns\snpstd
2010-06-18 17:39:43 151 ----a-w- c:\windows\PhotoSnapViewer.INI
2010-06-18 17:31:24 102400 ----a-r- c:\windows\ZS211Cap.exe
2010-06-18 17:31:23 53248 ----a-w- c:\windows\amcap.exe
2010-06-18 17:31:23 49152 ----a-r- c:\windows\ZSSnp211.EXE
2010-06-18 17:31:23 49152 ----a-r- c:\windows\Domino.EXE
2010-06-18 17:31:22 81920 ----a-r- c:\windows\system32\ZS211STI.dll
2010-06-18 17:31:22 391836 ----a-r- c:\windows\system32\drivers\ZS211.sys
2010-06-18 17:31:22 172115 ----a-r- c:\windows\system32\ZS211Prp.Ax
2010-06-15 17:29:00 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Alwil Software
2010-06-15 00:39:51 0 d-----w- c:\arquivos de programas\CCleaner
2010-06-15 00:18:43 3300 ----a-w- c:\windows\system32\wbem\Outlook_01cb0c20504b2a82.mof
2010-06-13 14:39:48 0 d-----w- c:\docume~1\sim1\dadosd~1\PhotoFiltre
2010-06-13 14:39:32 0 d-----w- c:\arquivos de programas\PhotoFiltre
2010-06-11 22:30:27 73728 ----a-w- c:\windows\system32\PrxerDrv.dll
2010-06-11 22:30:27 61440 ----a-w- c:\windows\system32\PrxerNsp.dll
2010-06-11 22:30:27 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2010-06-11 22:30:27 0 d-----w- c:\arquivos de programas\Proxifier
2010-06-11 18:29:25 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-06-11 18:29:25 0 d-----w- c:\arquivos de programas\SpeedBit Video Accelerator
2010-06-11 18:29:22 0 d-----w- c:\arquivos de programas\SpeedBit Video Downloader
2010-06-09 23:01:52 0 d-----w- c:\arquivos de programas\Teamspeak2_RC2 SERVER
2010-06-06 21:49:56 70264 ----a-w- c:\windows\system32\wolf.sys
2010-06-06 21:49:56 12920 ----a-w- c:\windows\system32\apl001.sys
2010-06-06 21:49:56 10872 ----a-w- c:\windows\system32\apf001.sys
2010-06-06 13:43:08 1674683 ----a-w- c:\windows\system32\igxpxa32.cpa
2010-06-06 13:43:08 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2010-06-06 13:43:08 1023 ----a-w- c:\windows\system32\igxpxa32.vp
2010-06-05 04:27:01 0 d-----w- c:\arquivos de programas\sXe Injected
2010-06-05 01:57:41 0 d-----w- c:\arquivos de programas\Valve

==================== Find3M ====================

2010-07-04 23:16:19 0 ----a-w- c:\arquivos de programas\arquivos comuns\userInit.dll
2010-07-04 16:19:42 7579648 ----a-w- c:\arquivos de programas\War3Patch.mpq
2010-06-26 16:31:11 81422 ----a-w- c:\windows\system32\perfc016.dat
2010-06-26 16:31:11 476586 ----a-w- c:\windows\system32\perfh016.dat
2010-06-06 18:59:50 13 ----a-w- C:\pipe11.dat
2010-06-03 18:24:08 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-05-31 20:55:23 27958 ----a-w- c:\arquivos de programas\arquivos comuns\logonInit.dll
2010-05-30 10:55:41 86042 ----a-w- c:\windows\War3Unin.dat
2010-05-30 10:55:17 2829 ----a-w- c:\windows\War3Unin.pif
2010-05-30 10:55:17 139264 ----a-w- c:\windows\War3Unin.exe
2010-05-30 02:49:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-29 19:34:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 19:20:35 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-29 19:20:35 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-29 19:20:35 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-29 18:12:24 21844 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-09 15:55:46 50362104 ----a-w- c:\windows\system32\setup_av_pro.exe
2010-04-17 01:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll

============= FINISH: 20:17:10,32 ===============












ATTACH.TXT




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29/5/2010 15:16:54
System Uptime: 7/4/2010 19:15:42 (2113 hours ago)

Motherboard: Positivo Informatica SA | | POS-AG31AP
Processor: Processador Intel Pentium III Xeon | Socket 775 | 2933/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 449,587 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 29/5/2010 15:19:52 - Ponto de verificação do sistema
RP2: 29/5/2010 15:35:48 - Instalado Realtek High Definition Audio Driver
RP3: 29/5/2010 16:10:23 - Installed Attansic L1 Utility
RP4: 29/5/2010 16:11:10 - Installed Attansic Giga Ethernet Utility
RP5: 29/5/2010 16:12:23 - Installed Adobe Reader 9.3 - Português.
RP6: 29/5/2010 16:14:07 - Software Distribution Service 3.0
RP7: 29/5/2010 16:20:37 - Installed PowerDVD
RP8: 29/5/2010 16:34:53 - Installed Java(TM) 6 Update 20
RP9: 29/5/2010 16:35:10 - Installed Java Runtime Environment
RP10: 29/5/2010 16:39:04 - Installed AVG Free 9.0
RP11: 29/5/2010 16:43:06 - Software Distribution Service 3.0
RP12: 29/5/2010 16:53:58 - Windows XP WgaNotify instalado.
RP13: 29/5/2010 16:58:00 - Installed Windows Media Player 11
RP14: 29/5/2010 16:58:09 - Installed Windows XP Wudf01000.
RP15: 29/5/2010 16:59:18 - Installed Windows XP MSCompPackV1.
RP16: 29/5/2010 16:01:11 - Installed Microsoft Office Enterprise 2007
RP17: 29/5/2010 16:04:28 - Driver de impressão Send To Microsoft OneNote Driver instalado
RP18: 29/5/2010 16:18:36 - DirectX instalado
RP19: 29/5/2010 16:19:01 - Instalado Nero 7 Essentials
RP20: 29/5/2010 17:03:58 - Removed AVG Free 9.0
RP21: 29/5/2010 17:05:17 - Installed AVG Free 9.0
RP22: 29/5/2010 23:49:55 - SPTD setup V1.62
RP23: 1/6/2010 21:45:26 - Ponto de verificação do sistema
RP24: 2/6/2010 14:05:39 - Removed Ask Toolbar.
RP25: 4/6/2010 22:57:41 - ??????????? Counter-Strike 1.6
RP26: 5/6/2010 02:02:08 - ????????? Counter-Strike 1.6
RP27: 5/6/2010 14:57:58 - ????????? Counter-Strike 1.6
RP28: 5/6/2010 16:48:15 - ????????? Counter-Strike 1.6
RP29: 5/6/2010 16:52:32 - ??????????? Counter-Strike 1.6
RP30: 5/6/2010 16:53:57 - ??????? Counter-Strike 1.6
RP31: 5/6/2010 16:54:42 - ??????????? Counter-Strike 1.6
RP32: 5/6/2010 16:56:47 - ????????? Counter-Strike 1.6
RP33: 5/6/2010 16:57:01 - ??????????? Counter-Strike 1.6
RP34: 5/6/2010 17:00:02 - ????????? Counter-Strike 1.6
RP35: 5/6/2010 17:00:12 - ??????? Counter-Strike 1.6
RP36: 5/6/2010 17:00:23 - ????????? Counter-Strike 1.6
RP37: 5/6/2010 17:00:58 - ??????????? Counter-Strike 1.6
RP38: 5/6/2010 17:01:05 - ????????? Counter-Strike 1.6
RP39: 5/6/2010 17:01:16 - ????????? Counter-Strike 1.6
RP40: 6/6/2010 10:05:52 - ????????? Counter-Strike 1.6
RP41: 6/6/2010 12:08:32 - ??????????? Counter-Strike 1.6
RP42: 6/6/2010 12:16:35 - ????????? Counter-Strike 1.6
RP43: 6/6/2010 12:17:53 - ??????? Counter-Strike 1.6
RP44: 6/6/2010 13:20:34 - ????????? Counter-Strike 1.6
RP45: 13/6/2010 19:58:24 - ??????????? Counter-Strike 1.6
RP46: 13/6/2010 19:58:32 - ????????? Counter-Strike 1.6
RP47: 13/6/2010 19:58:42 - ??????????? Counter-Strike 1.6
RP48: 13/6/2010 20:04:21 - ??????? Counter-Strike 1.6
RP49: 13/6/2010 20:04:34 - ????????? Counter-Strike 1.6
RP50: 13/6/2010 20:04:41 - ??????????? Counter-Strike 1.6
RP51: 13/6/2010 20:09:01 - ??????????? Counter-Strike 1.6
RP52: 13/6/2010 20:15:16 - ????????? Counter-Strike 1.6
RP53: 14/6/2010 18:32:49 - ??????????? Counter-Strike 1.6
RP54: 14/6/2010 18:38:23 - ??????? Counter-Strike 1.6
RP55: 14/6/2010 18:38:34 - ????????? Counter-Strike 1.6
RP56: 14/6/2010 18:38:46 - ??????????? Counter-Strike 1.6
RP57: 15/6/2010 14:29:00 - avast! Free Antivirus Setup
RP58: 15/6/2010 14:42:57 - avast! Free Antivirus Setup
RP59: 15/6/2010 16:31:01 - ??????????? Counter-Strike 1.6
RP60: 16/6/2010 21:54:09 - Ponto de verificação do sistema
RP61: 18/6/2010 14:19:44 - Instalado USB PC Camera (ZS0211)
RP62: 18/6/2010 14:21:36 - Removido USB PC Camera (ZS0211)
RP63: 18/6/2010 14:31:21 - Instalação de driver não assinada
RP64: 18/6/2010 14:34:31 - Instalado USB PC Camera (ZS0211)
RP65: 18/6/2010 14:43:11 - Instalação de driver não assinada
RP66: 18/6/2010 14:44:59 - Instalação de driver não assinada
RP67: 18/6/2010 18:35:00 - Instalação de driver não assinada
RP68: 18/6/2010 18:36:25 - Installed USB PC Camera (SN9C101)
RP69: 18/6/2010 18:41:43 - Configured USB PC Camera (SN9C101)
RP70: 18/6/2010 18:57:36 - Instalação de driver não assinada
RP71: 18/6/2010 18:58:49 - Removed USB PC Camera (SN9C101)
RP72: 18/6/2010 18:59:11 - Installed USB PC Camera (SN9C101)
RP73: 26/6/2010 13:30:06 - Installed Windows KB954550-v5.
RP74: 26/6/2010 13:30:16 - Driver de impressão Microsoft XPS Document Writer instalado
RP75: 26/6/2010 13:30:22 - Driver de impressão Microsoft XPS Document Writer instalado
RP76: 26/6/2010 13:32:39 - Installed %1 %2.
RP77: 26/6/2010 17:07:32 - Installed Tibiacast
RP78: 26/6/2010 23:11:05 - Installed MorphVOX Junior
RP79: 27/6/2010 16:36:32 - Installed MorphVOX Junior
RP80: 28/6/2010 22:53:28 - Ponto de verificação do sistema
RP81: 30/6/2010 10:45:42 - Spyware Terminator - restore point
RP82: 30/6/2010 14:55:44 - Installed Tibiacast
RP83: 1/7/2010 16:29:50 - avast! Pro Antivirus Setup
RP84: 1/7/2010 17:27:54 - avast! Pro Antivirus Setup
RP85: 1/7/2010 17:33:12 - avast! Pro Antivirus Setup
RP86: 1/7/2010 17:33:16 - avast! Pro Antivirus Setup
RP87: 1/7/2010 17:57:26 - avast! Pro Antivirus Setup
RP88: 2/7/2010 09:49:40 - avast! Pro Antivirus Setup
RP89: 4/7/2010 12:09:21 - ComboFix created restore point

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 - Português
Ask Toolbar
Assistente de Conexão do Windows Live
Attansic Giga Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB954155)
Atualização de Segurança para o Windows Media Player (KB968816)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para o Windows Media Player (KB979402)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB923689)
Atualização de Segurança para Windows XP (KB923789)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950760)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB954459)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956744)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956844)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958869)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB969059)
Atualização de Segurança para Windows XP (KB969947)
Atualização de Segurança para Windows XP (KB970238)
Atualização de Segurança para Windows XP (KB971468)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB971961)
Atualização de Segurança para Windows XP (KB972270)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973869)
Atualização de Segurança para Windows XP (KB973904)
Atualização de Segurança para Windows XP (KB974112)
Atualização de Segurança para Windows XP (KB974318)
Atualização de Segurança para Windows XP (KB974392)
Atualização de Segurança para Windows XP (KB974571)
Atualização de Segurança para Windows XP (KB975025)
Atualização de Segurança para Windows XP (KB975467)
Atualização de Segurança para Windows XP (KB975560)
Atualização de Segurança para Windows XP (KB975561)
Atualização de Segurança para Windows XP (KB975713)
Atualização de Segurança para Windows XP (KB977816)
Atualização de Segurança para Windows XP (KB977914)
Atualização de Segurança para Windows XP (KB978037)
Atualização de Segurança para Windows XP (KB978262)
Atualização de Segurança para Windows XP (KB978338)
Atualização de Segurança para Windows XP (KB978542)
Atualização de Segurança para Windows XP (KB978601)
Atualização de Segurança para Windows XP (KB978706)
Atualização de Segurança para Windows XP (KB979309)
Atualização de Segurança para Windows XP (KB979683)
Atualização de Segurança para Windows XP (KB980232)
Atualização de Segurança para Windows XP (KB981349)
Atualização para Windows Internet Explorer 8 (KB980182)
Atualização para Windows Internet Explorer 8 (KB982632)
Atualização para Windows XP (KB898461)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955759)
Atualização para Windows XP (KB967715)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB973687)
Atualização para Windows XP (KB973815)
Atualização para Windows XP (KB980182)
BitTorrent
CCleaner
Counter-Strike 1.6
CyberLink PowerDVD 9
ElfBot NG 4.5.6
EVEREST Ultimate Edition v5.50
Ferramenta de Carregamento do Windows Live
Garena 2010
Garena HostBot
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
PhotoFiltre
Proxifier version 2.91
Realtek High Definition Audio Driver
Segoe UI
Skype Toolbars
Skype™ 4.2
SpeedBit Video Accelerator
Spyware Terminator
sXe Injected
System Requirements Lab for Intel
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
Tibia
Tibia MULTI-ip changer
TibiaCam TV Lite 3.3
Tibiacast
USB PC Camera (SN9C101)
Warcraft III: All Products
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XP Codec Pack

==== End Of File ===========================
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#43 Por igoreso
04/07/2010 - 20:28
Faça o download SystemLook de um dos links abaixo e salve-o em seu Desktop.
Lembre-se que estiver executando Windows Vista ou 7 é necessário dar privilégio de administrador a ferramenta para isso:
Clique com o direito do mouse sobre o arquivo e depois clique em
Imagem
SystemLook.exe duplo clique para executá-lo.
Copiar o conteúdo do codebox a seguir para o campo de texto principal: 
:filefind 

snpstd.src 

filterpipelineprintpr oc.dll 

apf001.sys 

wolf.sys 

igfxCoIn_v5218.dll 

pipe11.dat 

setup_av_pro.exe

Clique no botão Procurar para iniciar a análise.
Quando terminar, uma janela abrirá o Bloco de notas com os resultados da verificação. Por favor, post esse log na sua próxima resposta.
Nota: O registro também pode ser encontrado em seu desktop intitulado SystemLook.txt.
6533923
6533923 Novo Membro Registrado
35 Mensagens 0 Curtidas
#44 Por 6533923
04/07/2010 - 20:31
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:30 on 04/07/2010 by sim1 (Administrator - Elevation successful)

========== filefind ==========

Searching for "snpstd.src "
C:\Arquivos de programas\Arquivos comuns\snpstd\snpstd.src --a--- 13023 bytes [21:59 18/06/2010] [20:35 17/01/2003] B322118EF59D45C1B6CA13BCDE1EB9CA
C:\WINDOWS\snpstd.src --a--- 13023 bytes [21:59 18/06/2010] [20:35 17/01/2003] B322118EF59D45C1B6CA13BCDE1EB9CA

Searching for "filterpipelineprintpr oc.dll "
No files found.

Searching for "apf001.sys "
C:\WINDOWS\system32\apf001.sys --a--- 10872 bytes [21:49 06/06/2010] [21:49 06/06/2010] 0BF848F3CDD883843769A9070F55A023

Searching for "wolf.sys "
C:\WINDOWS\system32\wolf.sys --a--- 70264 bytes [21:49 06/06/2010] [21:49 06/06/2010] 838E5FC8D90E48F0890C09D45476F767

Searching for "igfxCoIn_v5218.dll "
C:\WINDOWS\system32\igfxCoIn_v5218.dll --a--- 155648 bytes [13:43 06/06/2010] [15:28 13/01/2010] 9E318ABD60F6D37E5A47D19F3E23E966

Searching for "pipe11.dat "
C:\pipe11.dat --a--- 13 bytes [17:58 30/05/2010] [18:59 06/06/2010] 7808C3E637CA991E5E134E35499063D6

Searching for "setup_av_pro.exe"
C:\WINDOWS\system32\setup_av_pro.exe --a--- 50362104 bytes [15:55 09/05/2010] [15:55 09/05/2010] 6BD28446FB9FE034B45E0C7C2D45CC58

-=End Of File=-
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#45 Por igoreso
04/07/2010 - 20:43
-- ETAPA 1 --
Para desinstalar o Combofix siga os procedimentos abaixo:
Por favor, pressione a tecla Windows e R no seu teclado. Isso fará com que apareça a janela executar e digite Combofix /Uninstal:
http://img14.imageshack.us/img14/8436/capture10.gif
Por favor, siga as instruções para desinstalar o Combofix.
Você irá receber uma mensagem dizendo ComboFix foi desinstalado com êxito uma vez que é feita a desinstalação própria.

-- ETAPA 2 --
Execute o hijackthis-> veja na aba "Do a system scan only". Selecione o item:
O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing)




Clique em "Fix checked".
-- ETAPA 3 --
* Download TDSSKiller e salve-o em seu Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Extraia o arquivo e executá-lo.


Se TDSSKiller solicita que você feche todos os programas, por favor, deixe para fazê-lo.


Depois de concluído, irá criar um log na sua unidade C: \ ou drive do sistema TDSSKiller_ * (* indica a versão e data)


Se TDSSKiller pede para reiniciar o seu computador, por favor deixe-a fazer isso.

Por favor, poste o conteúdo do log TDSSKiller.

Exclua todas as outras ferramentas exceto o DDS execute poste um novo log.
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal