Logo Hardware.com.br
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas

winmap32

#1 Por esthernot 09/04/2010 - 22:16
gente, acho que peguei vírus do pendrive
segue o log

Logfile of HijackThis v1.99.1
Scan saved at 21:55:44, on 9/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe
C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de Programas\Skype\Phone\Skype.exe
C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de Programas\palmOne\HOTSYNC.EXE
C:\Arquivos de Programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de Programas\Internet Explorer\iexplore.exe
C:\Arquivos de Programas\Internet Explorer\iexplore.exe
C:\Arquivos de Programas\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de Programas\Arquivos Comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de Programas\Arquivos Comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON TX105 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Arquivos de Programas\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#2 Por Espírita
09/04/2010 - 22:23
Faça o Download do AD-Remover.
http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe
* Salve-o no desktop.
* Execute-o
Clique em Clean – Aguarde.
Copie e cole o Log que será exibido no Bloco de Notas.

Faça o download do Malwarebytes:
http://majorgeeks.com/download.php?det=5756

1) Instale o aplicativo, atualiza-o e efetue uma verificação completa.

2) Quando terminar o scan., se algum "malware" foi detectado., clique em (Exibir resultado), e depois clique em (remover selecionados).
Abrirá um Relatório automatico, Copia e cole aqui.

3) as infecções serão enviadas para quarentena., e alguns tipos poderão exigir a reinicialização do sistema.
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#3 Por esthernot
09/04/2010 - 22:48
segue o log do ad remover -

.
======= LOGFILE OF AD-REMOVER 2.0.0.0,B | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 31/03/10 à 21:30
Contact: [email]AdRemover.contact@gmail.com[/email]
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Started: 22:26:31 le 09/04/2010 | Normal boot | Option: CLEAN
Executed from: C:\Ad-Remover\ADR.exe
OS: Microsoft® Windows XP™ Service Pack 3 - X86
Computer name: MICRO | Current user: Administrador (Administrator)
.
============== FIXED ELEMENTS ==============
.
.
C:\Arquivos de Programas\Ask.com
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AskToolbar
C:\Documents and Settings\Administrador\Dados de aplicativos\AskToolbar
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

(!) -- Deleted temporary files.
.
HKCU\Software\AppDataLow\AskToolbarInfo
HKCU\Software\Ask.com
HKCU\Software\AskToolbar
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Arquivos de Programas\Ask.com\UpdateTask.exe
.
(Orphan) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID missing)
.
============== ADDITIONNAL SCAN ==============
.
* Mozilla FireFox Version 3.0.18 (pt-BR) *
.
C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Administrador\\Desktop
C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.18
C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.cbid", "NA");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.fresh-install", false);
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.l", "dis");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.last-config-req", "1269657099417");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.locale", "pt_BR");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.nero.userName", "");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.o", "15422");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.qsrc", "2871");
ERASED: C:\Documents and Settings\Administrador\Dados de aplicativos\mozilla\firefox\profiles\7o3sb4h5.default\prefs.js - user_pref("extensions.asktb.r", "2");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp: 2 Files, 9 Folders
C:\WINDOWS\temp: 2 Files, 2 Folders
Temporary Internet Files: 2 Files, 12 Folders
.
C:\Ad-Remover\Quarantine: 1 Files
C:\Ad-Remover\Backup: 14 Files
.
C:\Ad-Report-CLEAN[1].txt - 7043 Byte(s)
.
End at: 22:31:45, 09/04/2010
.
============== E.O.F - CLEAN[1] ==============
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#4 Por esthernot
09/04/2010 - 23:36
segue o do malwarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versão da Base de Dados: 3973

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/4/2010 23:36:14
mbam-log-2010-04-09 (23-36-14).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 124114
Tempo decorrido: 40 minuto(s), 50 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 3
Itens de Dados no Registro Infectados: 1
Pastas Infectadas: 1
Arquivos Infectados: 4

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-9380866953-5950598125-085753904-0785\winmap32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Pastas Infectadas:
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455 (Worm.AutoRun) -> Quarantined and deleted successfully.

Arquivos Infectados:
C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender\Desktop\Quarantine\ftoe.rho (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\BitDefender\Desktop\Quarantine\qtplugin.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-9380866953-5950598125-085753904-0785\winmap32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#6 Por esthernot
10/04/2010 - 09:02
segue o novo HJT


Logfile of HijackThis v1.99.1
Scan saved at 09:01:27, on 10/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe
C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de Programas\Skype\Phone\Skype.exe
C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de Programas\palmOne\HOTSYNC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de Programas\Skype\Plugin Manager\skypePM.exe
C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de Programas\Arquivos Comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de Programas\Arquivos Comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON TX105 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Arquivos de Programas\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
igoreso
igoreso Super Participante Registrado
704 Mensagens 22 Curtidas
#7 Por igoreso
10/04/2010 - 09:25
Etapa 1
Faça o download do urple">ATF-Cleaner e salve no Desktop:
Rode o urple">ATF-Cleaner.
Marque Select All. Depois clique em Empty Selected. Na janela Done Cleaning dê o OK e Exit.

Etapa 2
Faça o download OTL e salve no seu desktop. Dê um clique duplo no ícone do OTL para executá-lo. Certifique-se de todas as outras janelas estão fechadas e deixá-lo a funcionar sem interrupções. Sob a pasta caixa de presente em Custom Scan:

netsvcs
msconfig
activex
drivers32
safebootminimal
safebootnetwork

%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
Clique no botão Run Scan. Não alterar qualquer configuração, salvo permissão para o fazer. A verificação não vai demorar muito.
Quando a verificação for concluída, vai abrir duas janelas do bloco de notas. OTL.txt e Extras.txt. Estes são salvos no mesmo local OTL, copie e cole (CTRL+C/CTRL+V) este dois log's junto a resposta.

Etapa 3
Atualize o Firefox para versão mais recente.
observe.pngNão respondo duvidas por MP, e-mail e msn! Use o fórum!

esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#8 Por esthernot
10/04/2010 - 10:07
Log do OLT

OTL logfile created on: 10/4/2010 10:01:38 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

575,00 Mb Total Physical Memory | 321,00 Mb Available Physical Memory | 56,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 864 1728 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de Programas
Drive C: | 37,30 Gb Total Space | 28,32 Gb Free Space | 75,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,84 Gb Total Space | 0,83 Gb Free Space | 21,52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICRO
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/10 09:35:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/11 15:55:40 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe
PRC - [2008/04/13 18:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/24 12:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) -- C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe
PRC - [2007/04/02 14:48:40 | 000,290,816 | ---- | M] (SOFTWIN S.R.L.) -- C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe
PRC - [2007/03/28 12:55:42 | 000,673,352 | ---- | M] (SOFTWIN S.R.L.) -- C:\Arquivos de Programas\Softwin\BitDefender10\bdlite.exe
PRC - [2007/03/26 13:49:46 | 000,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe
PRC - [2007/03/14 02:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007/01/19 14:12:56 | 000,081,920 | ---- | M] () -- C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe
PRC - [2006/11/09 11:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe
PRC - [2004/04/13 16:03:10 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Arquivos de Programas\palmOne\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/10 09:35:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/07/11 15:55:40 | 000,278,528 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2007/10/24 12:16:44 | 000,462,848 | ---- | M] (SOFTWIN S.R.L.) [Auto | Running] -- C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe -- (VSSERV)
SRV - [2007/01/19 14:12:56 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe -- (bdss)
SRV - [2006/11/09 11:33:04 | 000,086,016 | ---- | M] (SOFTWIN S.R.L) [Auto | Running] -- C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 08:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 08:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 06:35:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2007/10/25 07:10:00 | 000,215,040 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/08/19 03:33:24 | 000,013,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Softwin\BitDefender10\profos.sys -- (Profos)
DRV - [2006/08/16 10:11:12 | 000,022,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de Programas\Softwin\BitDefender10\trufos.sys -- (Trufos)
DRV - [2004/04/13 16:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 19:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 17:50:46 | 000,101,760 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis300ip.sys -- (SiS300i)
DRV - [2001/08/17 17:20:16 | 000,297,728 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97sis.sys -- (SiS7018) Service for AC'97 Sample Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-1644491937-920026266-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\S-1-5-21-1644491937-920026266-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1644491937-920026266-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKU\S-1-5-21-1644491937-920026266-1202660629-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 1E 63 90 37 D3 CA 01 [binary data]
IE - HKU\S-1-5-21-1644491937-920026266-1202660629-500\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKU\S-1-5-21-1644491937-920026266-1202660629-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email]twitternotifier@naan.net[/email]:1.9.6.1
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Arquivos de Programas\Mozilla Firefox\components [2010/03/26 23:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Arquivos de Programas\Mozilla Firefox\plugins [2010/03/11 07:05:26 | 000,000,000 | ---D | M]

[2010/01/07 19:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions
[2010/04/10 09:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\7o3sb4h5.default\extensions
[2010/03/27 18:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\7o3sb4h5.default\extensions\twitternotifier@naan.net
[2010/04/09 06:57:44 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2010/01/16 19:04:08 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/01/16 19:04:08 | 000,001,135 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2010/01/16 19:04:08 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2010/01/16 19:04:08 | 000,000,648 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010/04/03 13:45:51 | 000,000,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de Programas\Arquivos Comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de Programas\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de Programas\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1644491937-920026266-1202660629-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de Programas\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de Programas\Arquivos Comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [BDMCon] C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe (SOFTWIN S.R.L.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe ()
O4 - HKU\S-1-5-21-1644491937-920026266-1202660629-500..\Run: [EPSON TX105 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1644491937-920026266-1202660629-500..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\HotSync Manager.lnk = C:\Arquivos de Programas\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de Programas\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1644491937-920026266-1202660629-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1644491937-920026266-1202660629-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.17.0.114 201.17.0.115
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Arquivos Comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Arquivos Comuns\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1644491937-920026266-1202660629-500 Winlogon: Shell - (硅汰牯牥攮數18) - File not found
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/04 18:00:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{abfa1330-fe26-11de-ad73-000795f1fdb2}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O33 - MountPoints2\{abfa1330-fe26-11de-ad73-000795f1fdb2}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/10 09:35:26 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrador\Desktop\ATF-Cleaner.exe
[2010/04/10 09:34:21 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2010/04/09 23:22:19 | 000,000,000 | ---D | C] -- C:\PenClean
[2010/04/09 22:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes
[2010/04/09 22:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/09 22:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2010/04/09 22:50:34 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/09 22:50:34 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware
[2010/04/09 22:27:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/04/09 22:25:47 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010/04/09 22:24:33 | 001,328,219 | ---- | C] (C_XX) -- C:\Documents and Settings\Administrador\Desktop\AD-R.exe
[2010/04/09 21:54:19 | 000,000,000 | ---D | C] -- C:\HijackThis
[2010/04/09 07:35:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/08 21:37:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent
[2010/04/05 06:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Atalhos não utilizados da área de trabalho
[2010/04/04 10:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\.receitanet
[2010/04/03 11:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy
[2010/04/03 11:34:14 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Spybot - Search & Destroy
[2010/04/03 11:02:33 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Enigma Software Group
[2010/03/25 22:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Nero
[2010/03/25 21:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nero
[2010/03/25 21:49:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Arquivos Comuns\Nero
[2010/03/13 17:16:25 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Programas RFB
[2010/03/13 17:15:34 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2010/02/07 19:36:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2010/01/04 18:10:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2010/01/04 18:10:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2010/01/04 18:10:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/10 10:03:29 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/04/10 09:38:54 | 001,960,960 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\usb_antivirus.exe
[2010/04/10 09:35:27 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrador\Desktop\ATF-Cleaner.exe
[2010/04/10 09:35:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2010/04/10 08:41:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/10 08:41:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/10 08:41:01 | 603,508,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 23:54:06 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Administrador\NTUSER.DAT
[2010/04/09 23:54:06 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini
[2010/04/09 23:53:44 | 005,862,144 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db
[2010/04/09 23:31:28 | 001,777,095 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\UsbFix.exe
[2010/04/09 23:21:13 | 000,290,604 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\PenClean.zip
[2010/04/09 22:50:59 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 22:25:13 | 001,328,219 | ---- | M] (C_XX) -- C:\Documents and Settings\Administrador\Desktop\AD-R.exe
[2010/04/09 21:48:53 | 003,911,239 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
[2010/04/09 21:46:53 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Flash_Disinfector.exe
[2010/04/09 07:39:32 | 000,000,468 | RHS- | M] () -- C:\Documents and Settings\Administrador\ntuser.pol
[2010/04/08 22:58:50 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/03 13:45:51 | 000,000,776 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/03 11:34:23 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Spybot - Search & Destroy.lnk
[2010/04/02 17:13:05 | 000,001,956 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/02 15:36:29 | 000,740,352 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Direitos_Reais_-_completo_-_Nelson_Rosenvald.doc
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/24 06:23:16 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\OAB BRANCA-ESTUDOS COM ESTHERZITA E BIANCA-office 2003.doc
[2010/03/16 21:21:43 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 15:22:10 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\MSJCE.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/10 09:38:16 | 001,960,960 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\usb_antivirus.exe
[2010/04/09 23:31:00 | 001,777,095 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\UsbFix.exe
[2010/04/09 23:21:07 | 000,290,604 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\PenClean.zip
[2010/04/09 22:50:59 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 21:48:53 | 003,911,239 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
[2010/04/09 21:46:51 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Flash_Disinfector.exe
[2010/04/09 07:39:32 | 000,000,468 | RHS- | C] () -- C:\Documents and Settings\Administrador\ntuser.pol
[2010/04/08 21:22:49 | 603,508,736 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/03 11:34:23 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Spybot - Search & Destroy.lnk
[2010/04/02 15:30:56 | 000,740,352 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Direitos_Reais_-_completo_-_Nelson_Rosenvald.doc
[2010/03/24 06:23:15 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\OAB BRANCA-ESTUDOS COM ESTHERZITA E BIANCA-office 2003.doc
[2010/03/13 17:16:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2010/01/09 10:40:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/08 19:14:34 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 18:57:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/06 19:59:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2010/01/05 09:38:41 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/04 18:11:27 | 000,000,330 | -HS- | C] () -- C:\Documents and Settings\Administrador\ntuser.ini
[2010/01/04 18:11:25 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\Administrador\NTUSER.DAT
[2010/01/04 18:11:25 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrador\NTUSER.DAT.LOG
[2010/01/04 18:03:31 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/01/04 18:02:44 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/04 18:02:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/04 18:02:39 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/04 18:02:38 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/04 18:02:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/01/04 18:02:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/04 18:02:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/01/31 12:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
< End of report >


************************

Log do Extras.TXT

OTL Extras logfile created on: 10/4/2010 10:01:38 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

575,00 Mb Total Physical Memory | 321,00 Mb Available Physical Memory | 56,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 864 1728 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de Programas
Drive C: | 37,30 Gb Total Space | 28,32 Gb Free Space | 75,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,84 Gb Total Space | 0,83 Gb Free Space | 21,52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICRO
Current User Name: Administrador
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Arquivos de Programas\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Arquivos de Programas\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de Programas\palmOne\Hotsync.exe" = C:\Arquivos de Programas\palmOne\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
"C:\Arquivos de Programas\Java\jre1.6.0_01\bin\javaw.exe" = C:\Arquivos de Programas\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90280416-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional com FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.1 - Português
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{CEFC581D-BEAE-4F75-989E-BD931970D8AD}" = BitDefender Free Edition v10
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover By C_XX
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"EPSON TX105 Series" = Desinstalar impressora EPSON TX105 Series
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"Picasa 3" = Picasa 3
"Receitanet Java 2010.02a" = Receitanet Java 2010.02a
"ThumbView_Lite 1.0" = ThumbView_Lite 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2010 06:08:21 | Computer Name = MICRO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 9/4/2010 06:18:38 | Computer Name = MICRO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 9/4/2010 06:42:40 | Computer Name = MICRO | Source = Application Error | ID = 1000
Description = Aplicativo com falha 725.exe, versão 0.0.0.0, módulo com falha 725.exe,
versão 0.0.0.0, endereço com falha 0x0000401b.

Error - 9/4/2010 20:00:07 | Computer Name = MICRO | Source = Application Error | ID = 1000
Description = Aplicativo com falha 843.exe, versão 0.0.0.0, módulo com falha 843.exe,
versão 0.0.0.0, endereço com falha 0x0000401b.

Error - 9/4/2010 20:17:18 | Computer Name = MICRO | Source = Application Error | ID = 1000
Description = Aplicativo com falha 750.exe, versão 0.0.0.0, módulo com falha 750.exe,
versão 0.0.0.0, endereço com falha 0x0000401b.

Error - 9/4/2010 21:20:14 | Computer Name = MICRO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha firefox.exe, versão 1.9.0.3685, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 9/4/2010 21:20:20 | Computer Name = MICRO | Source = Application Hang | ID = 1001
Description = Falha no compartimento de memória 1696040612.

Error - 9/4/2010 21:27:54 | Computer Name = MICRO | Source = Application Error | ID = 1000
Description = Aplicativo com falha 035.exe, versão 0.0.0.0, módulo com falha 035.exe,
versão 0.0.0.0, endereço com falha 0x0000401b.

Error - 9/4/2010 22:17:00 | Computer Name = MICRO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 9/4/2010 22:22:58 | Computer Name = MICRO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha PenClean.exe, versão 2.0.6.0, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

[ System Events ]
Error - 8/4/2010 06:09:39 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço BDFsDrv devido ao seguinte erro:
%%2

Error - 8/4/2010 06:09:39 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço BDRsDrv devido ao seguinte erro:
%%2

Error - 8/4/2010 06:25:22 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço bdfdll devido ao seguinte erro:
%%2

Error - 8/4/2010 06:25:23 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço BDFsDrv devido ao seguinte erro:
%%2

Error - 8/4/2010 06:25:23 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço BDRsDrv devido ao seguinte erro:
%%2

Error - 8/4/2010 20:16:13 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço bdfdll devido ao seguinte erro:
%%2

Error - 8/4/2010 20:16:14 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço BDFsDrv devido ao seguinte erro:
%%2

Error - 8/4/2010 20:16:14 | Computer Name = MICRO | Source = Service Control Manager | ID = 7000
Description = Não foi possível iniciar o serviço BDRsDrv devido ao seguinte erro:
%%2

Error - 8/4/2010 20:21:19 | Computer Name = MICRO | Source = DCOM | ID = 10005
Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem
com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/4/2010 20:22:16 | Computer Name = MICRO | Source = DCOM | ID = 10005
Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem
com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#9 Por Espírita
10/04/2010 - 12:47
Continuando::

Desabilitando o Autorun:
Menu Iniciar->Executar. Na janela "Executar" digite: "gpedit.msc" (sem as aspas).
Isso abrirá as "Diretivas de Grupo" do Windows XP.
Dentro das "Diretivas de Grupo", abra "Configuração do Computador", "Modelos Administrativos", "Sistema".
No ítem "Sistema" localize o item "Desativar AutoExecutar" e clique duas vezes sobre ele.
Será exibida a opção: "Propriedades de Desativar AutoExecutar" escolha a opção "Ativado". "Todas as Unidades".
Clique em OK para concluir a operação e feche todas as janelas abertas nesse procedimento.
--------------------------------//-----------------------------------------
Faça o download do USBFix:
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

Desative temporariamente seu Antivírus...
Conecte o seu Dispositivo Removível na porta USB do seu PC e não remova
até segunda ordem.
Duplo clique em USBFix
Tecle P -> “Enter”
Tecle 1 -> “Enter”
Ao término tecle [Q] -> “Enter”
Copie e Cole o resultado criado em C:\UsbFix.txt...
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#10 Por esthernot
10/04/2010 - 13:09
Log do Pendrive


############################## | UsbFix V6.102 |

User : Administrador (Administradores) # MICRO
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:08:00 | 10/4/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : [email]FindyKill.Contact@gmail.com[/email]

AMD Duron(tm) Processor
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]

A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 37,3 Go (28,29 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco removível # 3,84 Go (845,22 Mo free) [KINGSTON] # FAT32

################## | Ficheiros # pastas infeciosos |

E:\RECYCLER32\desktop.ini
E:\RECYCLER32

################## | Registro |


################## | Mountpoints2 |


################## | Vaccin |

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | ! Fim do relatório # UsbFix V6.102 ! |
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#11 Por esthernot
10/04/2010 - 13:11
log do MP3



############################## | UsbFix V6.102 |

User : Administrador (Administradores) # MICRO
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:10:59 | 10/4/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : [email]FindyKill.Contact@gmail.com[/email]

AMD Duron(tm) Processor
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]

A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 37,3 Go (28,29 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco removível # 1,81 Go (1,68 Go free) [PHILIPS] # FAT32

################## | Ficheiros # pastas infeciosos |


################## | Registro |


################## | Mountpoints2 |


################## | Vaccin |

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | ! Fim do relatório # UsbFix V6.102 ! |
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#13 Por esthernot
10/04/2010 - 13:36
Segue resultado do USBFIX com o Pendrive



############################## | UsbFix V6.102 |

User : Administrador (Administradores) # MICRO
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:28:51 | 10/4/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : [email]FindyKill.Contact@gmail.com[/email]

AMD Duron(tm) Processor
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]

A:\ -> Unidade de disquete de 3 1/2 polegadas
C:\ -> Disco fixo local # 37,3 Go (28,26 Go free) # NTFS
D:\ -> Disco CD-ROM
E:\ -> Disco removível # 3,84 Go (845,22 Mo free) [KINGSTON] # FAT32

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Recycler\S-1-5-21-1644491937-920026266-1202660629-500
Supprimido ! C:\Recycler\S-1-5-21-9380866953-5950598125-085753904-0785
Supprimido ! C:\Recycler\S-1-5-21-9474843005-6348969481-392814464-1615
Supprimido ! E:\RECYCLER32\desktop.ini
Supprimido ! E:\RECYCLER32

################## | Registro |


################## | Mountpoints2 |


################## | Listing |

[04/01/2010 18:00|--a------|0] C:\AUTOEXEC.BAT
[04/01/2010 17:49|---hs----|211] C:\boot.ini
[28/10/2001 11:06|-rahs----|4952] C:\Bootfont.bin
[04/01/2010 18:00|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[04/01/2010 18:00|-rahs----|0] C:\IO.SYS
[04/01/2010 18:00|-rahs----|0] C:\MSDOS.SYS
[13/04/2008 08:43|-rahs----|47564] C:\NTDETECT.COM
[13/04/2008 10:31|-rahs----|251696] C:\ntldr
[?|?|?] C:\pagefile.sys
[10/04/2010 13:32|--a------|1598] C:\UsbFix.txt
[19/12/2009 10:39|--a------|11563081] E:\Manual FZ35.pdf
[20/04/2008 12:02|--ah-----|296] E:\WMPInfo.xml
[27/10/2009 12:22|--a------|743424] E:\Direitos_Reais_-_completo_-_Nelson_Rosenvald.doc

################## | Vaccinação |

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | Upload |

Favor enviar o arquivo : C:\UsbFix_Upload_Me_MICRO.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição .

################## | ! Fim do relatório # UsbFix V6.102 ! |
esthernot
esthernot Novo Membro Registrado
23 Mensagens 0 Curtidas
#14 Por esthernot
10/04/2010 - 13:39
E o novo do HijackThis



Logfile of HijackThis v1.99.1
Scan saved at 13:38:10, on 10/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de Programas\Arquivos Comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Arquivos de Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de Programas\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Arquivos de Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\HDbar\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de Programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Arquivos de Programas\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de Programas\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de Programas\Arquivos Comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nusbantivirus] "C:\Arquivos de Programas\Naevius USB Antivirus\usbantivirus.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de Programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON TX105 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE /FU "C:\WINDOWS\TEMP\E_S63.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Arquivos de Programas\palmOne\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de Programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de Programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de Programas\Arquivos Comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Espírita
Espírita Cyber Highlander Registrado
9.6K Mensagens 2.1K Curtidas
#15 Por Espírita
10/04/2010 - 13:47
Execute o hijackthis e escolha a opção do a system scan only. selecione os itens:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

clique em fix checked.

faça o download do wise registry cleaner:
http://majorgeeks.com/Wise_Registry_Cleaner_d5437.html

Instale o aplicativo., ao executá-lo selecione todas as opções a esquerda e clique em verificar. Encontrando erros selecione todos e clique em corrigir.

faça o download do advanced system care:
http://majorgeeks.com/download.php?det=5927

Instale o aplicativo e efetue uma limpeza e otimização no sistema.

* finalizado os procedimentos., envie um novo log do hijackthis.
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal