Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
caioandrian

Vírus Mensageiro

Recommended Posts

Ola, gostaria de saber como para com essas mensagens (tipo progandas de antivirus).

Logfile of HijackThis v1.99.1

Scan saved at 14:47:08, on 8/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\NVATray.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

C:\WINDOWS\System32\svcchost.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Caio\Desktop\Nova pasta\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4D8A4C-76DE-497C-9930-DFF99792090B}: NameServer = 200.175.5.139 200.175.89.139

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Obrigado pela atenção =)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Santista78,

@- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

- Copie as instruções para o bloco de notas ou imprima!

- Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie o caminho do arquivo abaixo em vermelho, selecionando-o e clicando com o botão direito do mouse -> copiar...

C:\WINDOWS\System32\svcchost.exe

...No KillBox, com o arquivo já copiado para área de transferência, cole-o dentro da box -> Full Path of File to Delete... Com o botão Single File já selecionado, clique no X... e responda Sim à pergunta.

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

- Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes às entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked...

O4 - HKLM\..\Run: [msvcc25] svcchost.exe

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

@- Clique em Iniciar // Executar // Digite: cleanmgr.exe

(Disco C:) // Em Limpeza de disco, marque: Temporary Internet Files | Arquivos Temporários | Temp... Clique em OK.

@- Reinicie em modo normal.

- Faça um scan On-Line com o Ewido.

http://www.ewido.net/en/onlinescan/

@- Copie outro log do Hijack (atualizado), do Ewido e cole-os e na sequência.

- Informe os problemas que ainda estão acontecendo com o seu computador.

<div align="center">Mr. Coruj@</div>

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Desculpe a demora... houve problemas com o pc.

    não pude acessar a internet por causa do virus.

    Logfile of HijackThis v1.99.1

    Scan saved at 21:22:57, on 11/12/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\System32\apggio.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKLM\..\Run: [msvcc25] svcchost.exe

    O4 - HKLM\..\Run: [MSNS PLUS XP2] apggio.exe

    O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

    O4 - HKLM\..\RunServices: [MSNS PLUS XP2] apggio.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3813F7F-F840-445D-B447-19F52249CB5E}: NameServer = 200.175.5.139 200.175.89.139

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    vou postar agora um log do kaspersky.

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Monday, December 11, 2006 9:49:55 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)

    Kaspersky Online Scanner version: 5.0.83.0

    Kaspersky Anti-Virus database last update: 12/12/2006

    Kaspersky Anti-Virus database records: 236018

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: standard

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    A:\

    C:\

    D:\

    E:\

    Scan Statistics:

    Total number of scanned objects: 30946

    Number of viruses found: 5

    Number of infected objects: 61 / 0

    Number of suspicious objects: 0

    Duration of the scan process: 00:21:55

    Infected Object Name / Virus Name / Last Action

    C:\!KillBox\svcchost.exe Infected: Backdoor.Win32.Rbot.bjp skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP2\A0000007.exe Infected: Backdoor.Win32.Rbot.bjp skipped

    C:\WINDOWS\LastGood.Tmp\System32\nvuaudio.exe Infected: Email-Worm.Win32.Luder.a skipped

    C:\WINDOWS\system32\apggio.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    C:\WINDOWS\system32\msnnsg.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    E:\CDex_150\CDex.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\Google\Google Earth\googleearth.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\Google\Google Earth\gpsbabel.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\MuStaff\Data\Local\aaaaaamq.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\MuStaff\Data\Local\aaaaaejq.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\MuStaff\Data\Local\dgyrwemk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\MuStaff\Data\Local\myvsndbf.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\MuStaff\Mu.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\MuStaff\MuStaffLauncher.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\MuStaff\maintest.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\MuStaff\minimizer.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\MuStaff\muplayer.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\OLYMPUS\CAMEDIA Master 4.1\CAMEDIA Master.exe Infected: Email-Worm.Win32.Luder.a

    E:\drivers\2.45\AudioDrv\nvuaudio.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\AudioDrv\nvumpu.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\AudioUtl\SSTray.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\AudioUtl\SndStorm.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\AudioUtl\nvuautl.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\Display\aaaaaabk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\aaaaaauk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\aaaaaqlm.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\dgyrwebq.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\dgyrwily.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\dgyrwura.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\dmcpl.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\Display\gmxjtihe.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\gmxjtine.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\jswbqmtk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\jswbqqxa.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\jswbqqxs.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\myvsnhkd.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\myvsnhkk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\myvsnueg.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\nvsvc32.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\Display\nwiz.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\Display\pfukklqq.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\pfukkuae.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\sltchdml.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\sltchygk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\sltchymk.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\Display\vrstedsx.t Infected: Email-Worm.Win32.Glowa.g skipped

    E:\drivers\2.45\GART\nvugart.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\IDE\WinXP\nvuide.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\2.45\MemCtl\nvumctl.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\video NVIDIA\Win2KXP\77.77\nvudisp.exe Infected: Email-Worm.Win32.Luder.a skipped

    E:\drivers\video NVIDIA\Win2KXP\77.77\setup.exe Infected: Email-Worm.Win32.Mixor.a skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta (2)\fotos_mpb_rsrsrs.rar/K6Hnt7t.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta (2)\fotos_mpb_rsrsrs.rar/abrxNf7.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta (2)\fotos_mpb_rsrsrs.rar/fcK5f3s.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta (2)\fotos_mpb_rsrsrs.rar/iWMsJrb.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta (2)\fotos_mpb_rsrsrs.rar RAR: infected - 4 skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta.rar/qm4vC6I.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta.rar/N8og88k.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta.rar/axJbuMu.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta.rar/Wf6c7g2.exe Infected: Email-Worm.Win32.Glowa.g skipped

    E:\fotos 2\Juliana\Nova pasta\Nova pasta.rar RAR: infected - 4 skipped

    Scan process completed.

    obrigado pela atencao.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Santista78,

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\WINDOWS\System32\apggio.exe

    C:\WINDOWS\System32\svcchost.exe

    C:\WINDOWS\system32\msnnsg.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta. Caso o Killbox não encontre algum arquivo, não tem problema. Continue...

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes às entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked...

    O4 - HKLM\..\Run: [msvcc25] svcchost.exe

    O4 - HKLM\..\Run: [MSNS PLUS XP2] apggio.exe

    O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe

    O4 - HKLM\..\RunServices: [MSNS PLUS XP2] apggio.exe

    @- Clique em Iniciar // Executar // Digite: cleanmgr.exe

    (Disco C:) // Em Limpeza de disco, marque: Temporary Internet Files | Arquivos Temporários | Temp... Clique em OK.

    @- Reinicie em modo normal.

    @- Copie outro log do Hijack (atualizado) e cole-o na sequência.

    - Informe os problemas que ainda estão acontecendo com o seu computador.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ola,

    feito os comandos que voce solicitou, ainda acontece certos problemas.... spam do virus mensageiro, geralmente a pagina de internet não acessa de 1º , sendo preciso clicar em atualizar, além de algumas paginas não apresentarem algumas fotos, ou até mesmo emoticon como é o caso deste site.

    Logfile of HijackThis v1.99.1

    Scan saved at 11:55:17, on 13/12/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3813F7F-F840-445D-B447-19F52249CB5E}: NameServer = 200.175.5.139 200.175.89.139

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Esse "spam do virus mensageiro", seria o serviço mensageiro? Poderia colocar um Print Screen da mensagem?

    @- Sendo... Para desabilitar o SERVIÇO MENSAGEIRO:

    - Clique em Iniciar > Executar > digite: services.msc > OK

    - Selecione Mensageiro ou Messenger

    - Clique com o botão direito do mouse e selecione Propriedades

    - Clique no botão Parar ou Stop

    - Selecione a opção para desabilitar ou colocar o serviço em manual

    - Clique em OK.

    @-Baixe o WinsockFix;

    Execute o WinsockFix e reinicie o computador...

    Veja se os problemas foram resolvidos.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • bom, pelo que parece a mensagem era do servico mensageiro sim.

    porém apareceram outros problemas em cima. Problemas normais já citado em outras respostas continuam.

    colocarei um log do kaspersky para ajudar. logo em seguida desse.

    Logfile of HijackThis v1.99.1

    Scan saved at 16:30:23, on 14/12/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3813F7F-F840-445D-B447-19F52249CB5E}: NameServer = 200.175.5.139 200.175.89.139

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    scan do kaspersky:

    C:\!KillBox\A0000007.exe Infected: Backdoor.Win32.Rbot.bjp skipped

    C:\!KillBox\A0003062.exe Infected: Backdoor.Win32.Rbot.bjp skipped

    C:\!KillBox\A0003074.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    C:\!KillBox\A0003093.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    C:\!KillBox\msnnsg.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    C:\!KillBox\mysvcc.exe Infected: Backdoor.Win32.SdBot.awk skipped

    C:\!KillBox\nvuaudio.exe Infected: Email-Worm.Win32.Luder.a skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP2\A0000007.exe Infected: Backdoor.Win32.Rbot.bjp skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003062.exe Infected: Backdoor.Win32.Rbot.bjp skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003074.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003093.exe Infected: Backdoor.Win32.Rbot.bdu skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003106.exe Infected: Email-Worm.Win32.Luder.a skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP4\A0005207.exe Infected: Backdoor.Win32.IRCBot.yc skipped

    C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP4\A0005215.exe Infected: Backdoor.Win32.SdBot.awk skipped

    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WC0J548U\prevx[1].exe Infected: Backdoor.Win32.IRCBot.yc skipped

    C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped

    Gostaria de saber se são virus esse procedimentos, ou porque estão sendo executados:

    C:\WINDOWS\system32\cmd.exe

    C:\WINDOWS\system32\ftp.exe

    Obrigado pela atenção

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Santista78,

    Gostaria de saber se são virus esse procedimentos, ou porque estão sendo executados:

    C:\WINDOWS\system32\cmd.exe

    C:\WINDOWS\system32\ftp.exe

    Não, são originais. Porém..., o segundo, pode ser usado por aplicações boas ou ruiins

    - Instale um anti-vírus: http://baixaki.ig.com.br/categorias/cat107_1.htm

    @- Faça o download do programa abaixo, a descompactação e reserve-o em uma pasta própria ou em seu desktop.

    - Copie as instruções para o bloco de notas ou imprima!

    @- Execute a Ferramenta avenger.exe. Confirme: OK.

    • Dentre as opções em "Script file to execute", selecione "Input Script Manually".
    • Clique no ícone da lupa.
    • Copie (Ctrl+C) o conteúdo (em vermelho) do Quote abaixo e cole-o (Ctrl+V) em "View/edit script".
      Folders to delete:
      C:\!KillBox\
      Files to delete:
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP2\A0000007.exe
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003062.exe
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003074.exe
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003093.exe
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP3\A0003106.exe
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP4\A0005207.exe
      C:\System Volume Information\_restore{1D0A5AFF-A008-4C9B-91E7-078B542D7B93}\RP4\A0005215.exe
      C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\WC0J548U\prevx[1].exe
      C:\WINDOWS\system32\o
    • Clique em "Done".
    • Clique no ícone do semáforo para começar o script de remoção. Confirme: OK.

    - O computador reiniciará automaticamente.

    - Reserve o log: C:\avenger.txt

    --|--

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    @- Clique em Iniciar > Executar > digite: services.msc > OK. Localize o serviço: Network helper Service, clique com o botão direito do mouse. Em propriedades, clique em Parar e troque o Tipo de Inicialização para Desativado.

    >- Clique em Iniciar // Executar // Digite: cleanmgr.exe

    >- (Disco C:) // Em Limpeza de disco, marque: Temporary Internet Files | Arquivos Temporários | Temp... Clique em OK.

    - Abra o HijackThis. Clique em Open the Misc Tools section. Agora, clique em Delete an NT Service. Na caixa, cole o serviço abaixo em negrito e clique em Ok. Clique em Não, quando for perguntado se deseja reiniciar.

    MSDisk

    >- Faça um Scan completo com o seu novo AV -> Limpeza com backup... Reserve o log.

    @- Reinicie em modo normal.

    O seu sistema está desatualizado e vulnerável às infecções. Lhe recomendo fazer a atualização para o SP2.

    @- Copie outro log do Hijack (atualizado), do Avenger.txt e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não sei o que aconteceu para resultar nisso, mas o jogo que estava jogando online (MuOnline) não esta dando para jogar... quando entra no jogo o computardor reinicia. OBS: antes dessas alteracoes, ele pegava normal, até a internet cair, devido ao procedimento : "C:\WINDOWS\System32\irdvxc.exe" /service

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Logfile of HijackThis v1.99.1

    Scan saved at 10:24:20, on 16/12/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Discador WebLine\WEBLineDiscador.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\cmd.exe

    C:\WINDOWS\System32\ActiveScan.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\MuStaff\MuStaffLauncher.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\MuStaff\minimizer.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\MuStaff\main.exe

    C:\WINDOWS\System32\taskmgr.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe

    O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3813F7F-F840-445D-B447-19F52249CB5E}: NameServer = 200.175.5.139 200.175.89.139

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Santista78, o seu computador está sendo vítima constante de reinfecção devido a falta de anti-vírus e, principalmente, pela falta de atualização do windows (SP2). Se você não fizer exatamente o que está sendo proposto, dificilmente conseguirá se livrar dos problemas.

    Não sei o que aconteceu para resultar nisso, mas o jogo que estava jogando online (MuOnline) não esta dando para jogar... quando entra no jogo o computardor reinicia. OBS: antes dessas alteracoes, ele pegava normal, até a internet cair, devido ao procedimento : "C:\WINDOWS\System32\irdvxc.exe" /service

    Bom..., é um EXPLOIT...

    --|--

    - Instale um anti-vírus FREE: http://baixaki.ig.com.br/categorias/cat107_1.htm

    - Copie as instruções para o bloco de notas ou imprima!

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie o caminho do arquivo abaixo em vermelho, selecionando-o e clicando com o botão direito do mouse -> copiar...

    C:\WINDOWS\System32\ActiveScan.exe

    ...No KillBox, com o arquivo já copiado para área de transferência, cole-o dentro da box -> Full Path of File to Delete... Com o botão Single File já selecionado, clique no X... e responda Sim à pergunta.

    --|--

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Execute o HijackThis - Clique em Do a System Scan Only. Marque as caixinhas referentes à(s) entradas relacionadas abaixo em azul. Ao final da seleção, clique em Fix Checked...

    O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe

    O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe

    @- Clique em Iniciar // Executar // Digite: cleanmgr.exe

    (Disco C:) // Em Limpeza de disco, marque: Temporary Internet Files | Arquivos Temporários | Temp... Clique em OK.

    >- Faça um Scan completo com o seu novo AV -> Limpeza com backup... Reserve o log.

    @- Reinicie em modo normal.

    --|--

    @- Baixe o Combofix;

    - Copie as instruções para o bloco de notas ou imprima!

    @- Feche todas as janelas abertas e execute o Hijack. Clique em Open the Misc Tools section. Agora, clique em Open Process Manager e na lista (Running Processes) clique no C:\WINDOWS\Explorer.EXE. Marque a caixa Show DLLs e clique na imagem do disquete. Salve e reserve o arquivo Processlist.txt...

    --|--

    - Execute a Ferramenta ComboFix.

    • Digite "Y" e <Enter> para continuar.
    • Não abra, nem feche nenhum programa. Aguarde pacientemente pelo scan.

    @- Reiniciando em modo normal...

    - Reserve o log: C:\ComboFix.txt

    @- Copie outro log do Hijack (atualizado), ComboFix.txt, Processlist.txt e cole-os na sequência.

    --|--

    O seu sistema está desatualizado e vulnerável às infecções. Lhe recomendo fazer a atualização para o SP2.

    PS: Lhe recomendo a não jogar on-line por enquanto, ok?

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ok, infelizmente minha internet é de 56k, ou seja, muito difícil para baixar o sp2. =(

    coloquei o kaspersky internet security (6.0.1) - registrado.

    ele já detectou varios virus ou objetos infectados, e exclui-os ( cerca de 480).

    mas o que chamou a atenção é o fato dele fazer constantemente um scan do processos realizados no pc.

    Encontrou o seguinte processo durante o jogo:

    17/12/2006 00:41:43 Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 219.146.96.78. Protocol/service: UDP on local port 1434. Time: 17/12/2006 00:41:43

    Sendo assim o computador reinicia por segurança.

    Outro:

    17/12/2006 11:03:42 Intrusion.Win.Messenger.exploit 65.126.146.164 UDP 1026

    Obrigado pela atenção

    Logs:

    Logfile of HijackThis v1.99.1

    Scan saved at 10:54:08, on 17/12/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\RUNDLL32.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D3813F7F-F840-445D-B447-19F52249CB5E}: NameServer = 200.175.5.139 200.175.89.139

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Kinhu - 06-12-17 10:51:10,81 Service Pack 1

    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Kinhu\Desktop\Nova pasta"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-17 to 2006-12-17 ))))))))))))))))))))))))))))))))))

    2006-12-17 10:42 <DIR> d-------- C:\!KillBox

    2006-12-16 18:20 61,584 --a------ C:\WINDOWS\system32\drivers\klick.sys

    2006-12-16 18:20 59,536 --a------ C:\WINDOWS\system32\drivers\klin.sys

    2006-12-16 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

    2006-12-16 18:20 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

    2006-12-16 18:19 <DIR> d-------- C:\kav

    2006-12-16 15:54 <DIR> d--h----- C:\WINDOWS\PIF

    2006-12-16 09:20 <DIR> d-------- C:\avenger

    2006-12-16 01:06 109,996 --a------ C:\WINDOWS\system32\msnlive.exe

    2006-12-14 18:26 <DIR> d-------- C:\Arquivos de programas\LastChaosMal

    2006-12-14 16:45 0 --a------ C:\WINDOWS\system32\updaters.exe

    2006-12-14 15:56 0 --ahs---- C:\WINDOWS\system32\.exe

    2006-12-11 18:38 <DIR> d-------- C:\Documents and Settings\Kinhu\Dados de aplicativos\Lavasoft

    2006-12-11 18:38 <DIR> d-------- C:\Arquivos de programas\Lavasoft

    2006-12-11 16:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2006-12-11 16:25 <DIR> d---s---- C:\Documents and Settings\Kinhu\UserData

    2006-12-11 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

    2006-12-11 10:51 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS

    2006-12-11 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\OLYMPUS

    2006-12-11 10:49 <DIR> d-------- C:\Arquivos de programas\OLYMPUS

    2006-12-11 10:45 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

    2006-12-11 10:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield

    2006-12-10 18:56 <DIR> d--hs---- C:\RECYCLER

    2006-12-10 11:41 <DIR> d-------- C:\Documents and Settings\Kinhu\Dados de aplicativos\Real

    2006-12-10 02:51 <DIR> d-------- C:\WINDOWS\system32\QuickTime

    2006-12-10 02:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\QuickTime

    2006-12-10 02:51 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

    2006-12-09 12:56 <DIR> d-------- C:\Documents and Settings\Kinhu\Dados de aplicativos\Ahead

    2006-12-09 12:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Ahead

    2006-12-09 12:54 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll

    2006-12-09 12:54 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe

    2006-12-09 12:54 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys

    2006-12-09 12:54 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe

    2006-12-09 12:54 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll

    2006-12-09 12:54 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll

    2006-12-09 12:54 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll

    2006-12-09 12:54 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll

    2006-12-09 12:54 76,800 --a------ C:\WINDOWS\system32\dmscript.dll

    2006-12-09 12:54 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll

    2006-12-09 12:54 723,968 --a------ C:\WINDOWS\system32\dpnet.dll

    2006-12-09 12:54 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys

    2006-12-09 12:54 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll

    2006-12-09 12:54 64,512 --a------ C:\WINDOWS\system32\amstream.dll

    2006-12-09 12:54 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll

    2006-12-09 12:54 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll

    2006-12-09 12:54 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys

    2006-12-09 12:54 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys

    2006-12-09 12:54 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys

    2006-12-09 12:54 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll

    2006-12-09 12:54 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys

    2006-12-09 12:54 470,528 --a------ C:\WINDOWS\system32\qdvd.dll

    2006-12-09 12:54 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll

    2006-12-09 12:54 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe

    2006-12-09 12:54 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys

    2006-12-09 12:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

    2006-12-09 12:54 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys

    2006-12-09 12:54 381,952 --a------ C:\WINDOWS\system32\dsound.dll

    2006-12-09 12:54 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll

    2006-12-09 12:54 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll

    2006-12-09 12:54 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll

    2006-12-09 12:54 33,280 --a------ C:\WINDOWS\system32\dmloader.dll

    2006-12-09 12:54 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll

    2006-12-09 12:54 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll

    2006-12-09 12:54 316,928 --a------ C:\WINDOWS\system32\qdv.dll

    2006-12-09 12:54 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll

    2006-12-09 12:54 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll

    2006-12-09 12:54 292,864 --a------ C:\WINDOWS\system32\ddraw.dll

    2006-12-09 12:54 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe

    2006-12-09 12:54 27,136 --a------ C:\WINDOWS\system32\dmband.dll

    2006-12-09 12:54 257,024 --a------ C:\WINDOWS\system32\qcap.dll

    2006-12-09 12:54 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll

    2006-12-09 12:54 230,400 --a------ C:\WINDOWS\system32\dplayx.dll

    2006-12-09 12:54 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll

    2006-12-09 12:54 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll

    2006-12-09 12:54 181,248 --a------ C:\WINDOWS\system32\dmime.dll

    2006-12-09 12:54 18,944 --a------ C:\WINDOWS\system32\encapi.dll

    2006-12-09 12:54 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys

    2006-12-09 12:54 18,432 --a------ C:\WINDOWS\system32\dswave.dll

    2006-12-09 12:54 173,056 --a------ C:\WINDOWS\system32\qasf.dll

    2006-12-09 12:54 16,896 --a------ C:\WINDOWS\system32\msyuv.dll

    2006-12-09 12:54 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe

    2006-12-09 12:54 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys

    2006-12-09 12:54 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys

    2006-12-09 12:54 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys

    2006-12-09 12:54 132,608 --a------ C:\WINDOWS\system32\devenum.dll

    2006-12-09 12:54 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys

    2006-12-09 12:54 13,312 --a------ C:\WINDOWS\system32\msdmo.dll

    2006-12-09 12:54 122,880 --a------ C:\WINDOWS\system32\dmusic.dll

    2006-12-09 12:54 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll

    2006-12-09 12:54 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys

    2006-12-09 12:54 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll

    2006-12-09 12:54 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys

    2006-12-09 12:54 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys

    2006-12-09 12:54 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll

    2006-12-09 12:54 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll

    2006-12-09 12:54 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll

    2006-12-09 12:54 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll

    2006-12-09 12:54 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll

    2006-12-09 12:54 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll

    2006-12-09 12:54 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll

    2006-12-09 12:54 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll

    2006-12-09 12:54 <DIR> d-------- C:\WINDOWS\RegisteredPackages

    2006-12-09 12:20 <DIR> d-------- C:\Arquivos de programas\Nero

    2006-12-09 12:18 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

    2006-12-09 12:17 <DIR> d-------- C:\WINDOWS\SHELLNEW

    2006-12-09 12:17 <DIR> d-------- C:\Arquivos de programas\Microsoft.NET

    2006-12-09 12:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DESIGNER

    2006-12-09 12:16 <DIR> d-------- C:\Arquivos de programas\Microsoft Office

    2006-12-09 12:11 <DIR> dr-h----- C:\MSOCache

    2006-12-08 23:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

    2006-12-08 22:39 <DIR> d-------- C:\Documents and Settings\Kinhu\Contacts

    2006-12-08 22:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

    2006-12-08 22:38 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

    2006-12-08 21:29 <DIR> d-------- C:\Arquivos de programas\WinRAR

    2006-12-08 19:21 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

    2006-12-08 19:21 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2006-12-08 19:20 9,856 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

    2006-12-08 19:20 69,120 --a------ C:\WINDOWS\system32\usbui.dll

    2006-12-08 19:20 57,216 --a------ C:\WINDOWS\system32\drivers\redbook.sys

    2006-12-08 19:19 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL

    2006-12-08 19:19 9,072 --a------ C:\WINDOWS\system\VER.DLL

    2006-12-08 19:19 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

    2006-12-08 19:19 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL

    2006-12-08 19:19 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll

    2006-12-08 19:19 72,192 --a------ C:\WINDOWS\system32\storprop.dll

    2006-12-08 19:19 70,240 --a------ C:\WINDOWS\system\MMSYSTEM.DLL

    2006-12-08 19:19 70,144 --a------ C:\WINDOWS\system\AVICAP.DLL

    2006-12-08 19:19 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll

    2006-12-08 19:19 67,072 --a------ C:\WINDOWS\NOTEPAD.EXE

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll

    2006-12-08 19:19 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL

    2006-12-08 19:19 6,656 --a------ C:\WINDOWS\system32\batt.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll

    2006-12-08 19:19 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll

    2006-12-08 19:19 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll

    2006-12-08 19:19 5,120 --a------ C:\WINDOWS\system\SHELL.DLL

    2006-12-08 19:19 33,504 --a------ C:\WINDOWS\system\COMMDLG.DLL

    2006-12-08 19:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

    2006-12-08 19:19 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL

    2006-12-08 19:19 19,200 --a------ C:\WINDOWS\system\TAPI.DLL

    2006-12-08 19:19 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll

    2006-12-08 19:19 15,360 --a------ C:\WINDOWS\TASKMAN.EXE

    2006-12-08 19:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll

    2006-12-08 19:19 127,120 --a------ C:\WINDOWS\system\MSVIDEO.DLL

    2006-12-08 19:19 109,536 --a------ C:\WINDOWS\system\AVIFILE.DLL

    2006-12-08 19:19 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

    2006-12-08 19:19 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys

    2006-12-08 19:19 <DIR> dr------- C:\Arquivos de programas\Arquivos comuns\..

    2006-12-08 19:19 <DIR> dr------- C:\Arquivos de programas\.

    2006-12-08 19:19 <DIR> dr------- C:\Arquivos de programas

    2006-12-08 19:19 <DIR> d-ahs---- C:\Arquivos de programas\..

    2006-12-08 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

    2006-12-08 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

    2006-12-08 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

    2006-12-08 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\.

    2006-12-08 19:19 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns

    2006-12-08 19:18 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos\.

    2006-12-08 19:18 <DIR> dr-h----- C:\Documents and Settings\All Users\Dados de aplicativos

    2006-12-08 19:18 <DIR> dr------- C:\Documents and Settings\All Users\Menu Iniciar

    2006-12-08 19:18 <DIR> dr------- C:\Documents and Settings\All Users\Documentos

    2006-12-08 19:18 <DIR> d--h----- C:\Documents and Settings\All Users\Modelos

    2006-12-08 19:18 <DIR> d---s---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

    2006-12-08 19:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

    2006-12-08 19:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot

    2006-12-08 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

    2006-12-08 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Desktop

    2006-12-08 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\..

    2006-12-08 19:18 <DIR> d-------- C:\Documents and Settings\All Users\..

    2006-12-08 19:18 <DIR> d-------- C:\Documents and Settings\All Users\.

    2006-12-08 19:18 <DIR> d-------- C:\Documents and Settings

    2006-12-08 19:15 <DIR> d-------- C:\Documents and Settings\Kinhu\Dados de aplicativos\Macromedia

    2006-12-08 19:07 88,363 -ra------ C:\WINDOWS\AGRSMMSG.exe

    2006-12-08 19:07 65,024 -ra------ C:\WINDOWS\agrsmdel.exe

    2006-12-08 19:07 1,196,908 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys

    2006-12-08 19:06 65,024 --------- C:\WINDOWS\system32\agrsmdel.exe

    2006-12-08 19:06 <DIR> d-------- C:\WINDOWS\LastGood

    2006-12-08 19:00 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups

    2006-12-08 18:48 <DIR> d-------- C:\Arquivos de programas\Discador WebLine

    2006-12-08 18:45 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys

    2006-12-08 18:45 <DIR> d-------- C:\WINDOWS\Options

    2006-12-08 18:43 <DIR> d-------- C:\WINDOWS\nview

    2006-12-08 18:38 908,800 -ra------ C:\WINDOWS\system32\drivers\nvmcp.sys

    2006-12-08 18:38 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

    2006-12-08 18:38 66,816 -ra------ C:\WINDOWS\system32\drivers\nvarm.sys

    2006-12-08 18:38 6,656 -ra------ C:\WINDOWS\system32\nvack.dll

    2006-12-08 18:38 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys

    2006-12-08 18:38 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

    2006-12-08 18:38 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

    2006-12-08 18:38 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

    2006-12-08 18:38 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys

    2006-12-08 18:38 5,120 -ra------ C:\WINDOWS\system32\ALut.dll

    2006-12-08 18:38 44,032 -ra------ C:\WINDOWS\system32\OpenAL32.dll

    2006-12-08 18:38 44,032 -ra------ C:\WINDOWS\system32\nvopenal.dll

    2006-12-08 18:38 30,336 -ra------ C:\WINDOWS\system32\drivers\nvax.sys

    2006-12-08 18:38 30,208 -ra------ C:\WINDOWS\system32\nvasio.dll

    2006-12-08 18:38 286,976 -ra------ C:\WINDOWS\system32\drivers\nvapu.sys

    2006-12-08 18:38 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

    2006-12-08 18:38 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

    2006-12-08 18:38 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys

    2006-12-08 18:38 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys

    2006-12-08 18:37 80,896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys

    2006-12-08 18:37 <DIR> d-------- C:\WINDOWS\LastGood.Tmp

    2006-12-08 18:32 <DIR> dr-h----- C:\Documents and Settings\Kinhu\SendTo

    2006-12-08 18:32 <DIR> dr-h----- C:\Documents and Settings\Kinhu\Recent

    2006-12-08 18:32 <DIR> dr-h----- C:\Documents and Settings\Kinhu\Dados de aplicativos\.

    2006-12-08 18:32 <DIR> dr-h----- C:\Documents and Settings\Kinhu\Dados de aplicativos

    2006-12-08 18:32 <DIR> dr------- C:\Documents and Settings\Kinhu\Meus documentos

    2006-12-08 18:32 <DIR> dr------- C:\Documents and Settings\Kinhu\Menu Iniciar

    2006-12-08 18:32 <DIR> dr------- C:\Documents and Settings\Kinhu\Favoritos

    2006-12-08 18:32 <DIR> d--hs---- C:\WINDOWS\Installer

    2006-12-08 18:32 <DIR> d--h----- C:\Documents and Settings\Kinhu\Modelos

    2006-12-08 18:32 <DIR> d--h----- C:\Documents and Settings\Kinhu\Ambiente de rede

    2006-12-08 18:32 <DIR> d--h----- C:\Arquivos de programas\Uninstall Information

    2006-12-08 18:32 <DIR> d---s---- C:\Documents and Settings\Kinhu\Dados de aplicativos\Microsoft

    2006-12-08 18:32 <DIR> d---s---- C:\Documents and Settings\Kinhu\Cookies

    2006-12-08 18:32 <DIR> d-------- C:\Documents and Settings\Kinhu\Desktop

    2006-12-08 18:32 <DIR> d-------- C:\Documents and Settings\Kinhu\Dados de aplicativos\Identities

    2006-12-08 18:32 <DIR> d-------- C:\Documents and Settings\Kinhu\Dados de aplicativos\..

    2006-12-08 18:32 <DIR> d-------- C:\Documents and Settings\Kinhu\..

    2006-12-08 18:32 <DIR> d-------- C:\Documents and Settings\Kinhu\.

    2006-12-08 18:32 <DIR> C:\Documents and Settings\Kinhu\Configura‡oes locais

    2006-12-08 18:32 <DIR> C:\Documents and Settings\Kinhu\Ambiente de impressao

    2006-12-08 18:31 <DIR> d--hs---- C:\System Volume Information

    2006-12-08 18:31 <DIR> d-------- C:\WINDOWS\Prefetch

    2006-12-08 18:27 0 -rahs---- C:\MSDOS.SYS

    2006-12-08 18:27 0 -rahs---- C:\IO.SYS

    2006-12-08 18:27 0 --a------ C:\CONFIG.SYS

    2006-12-08 18:27 0 --a------ C:\AUTOEXEC.BAT

    2006-12-08 18:27 <DIR> d-------- C:\WINDOWS\system32\xircom

    2006-12-08 18:27 <DIR> d-------- C:\Arquivos de programas\xerox

    2006-12-08 18:27 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

    2006-12-08 18:26 112,128 --a------ C:\WINDOWS\system32\mapi32.dll

    2006-12-08 18:26 <DIR> dr------- C:\WINDOWS\Offline Web Pages

    2006-12-08 18:26 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM

    2006-12-08 18:26 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

    2006-12-08 18:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll

    2006-12-08 18:25 69,632 --a------ C:\WINDOWS\system32\icwdial.dll

    2006-12-08 18:25 68,096 --a------ C:\WINDOWS\system32\acctres.dll

    2006-12-08 18:25 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll

    2006-12-08 18:25 49,152 --a------ C:\WINDOWS\system32\inetres.dll

    2006-12-08 18:25 40,960 --a------ C:\WINDOWS\system32\safrslv.dll

    2006-12-08 18:25 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll

    2006-12-08 18:25 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll

    2006-12-08 18:25 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe

    2006-12-08 18:25 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll

    2006-12-08 18:25 270,336 --a------ C:\WINDOWS\system32\inetcfg.dll

    2006-12-08 18:25 26,624 --a------ C:\WINDOWS\system32\safrdm.dll

    2006-12-08 18:25 222,720 --a------ C:\WINDOWS\system32\qmgr.dll

    2006-12-08 18:25 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll

    2006-12-08 18:25 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll

    2006-12-08 18:25 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll

    2006-12-08 18:25 11,264 --a------ C:\WINDOWS\system32\atrace.dll

    2006-12-08 18:25 <DIR> d---s---- C:\WINDOWS\Tasks

    2006-12-08 18:25 <DIR> d-------- C:\WINDOWS\system32\Macromed

    2006-12-08 18:25 <DIR> d-------- C:\WINDOWS\system32\DirectX

    2006-12-08 18:25 <DIR> d-------- C:\WINDOWS\srchasst

    2006-12-08 18:25 <DIR> d-------- C:\Arquivos de programas\Movie Maker

    2006-12-08 18:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Servi‡os

    2006-12-08 18:25 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

    2006-12-08 18:24 9,728 --a------ C:\WINDOWS\system32\mstinit.exe

    2006-12-08 18:24 81,408 --a------ C:\WINDOWS\system32\msoert2.dll

    2006-12-08 18:24 73,728 --a------ C:\WINDOWS\system32\ils.dll

    2006-12-08 18:24 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys

    2006-12-08 18:24 65,536 --a------ C:\WINDOWS\system32\msconf.dll

    2006-12-08 18:24 63,488 --a------ C:\WINDOWS\system32\srclient.dll

    2006-12-08 18:24 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll

    2006-12-08 18:24 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll

    2006-12-08 18:24 253,952 --a------ C:\WINDOWS\system32\mstask.dll

    2006-12-08 18:24 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll

    2006-12-08 18:24 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll

    2006-12-08 18:24 227,840 --a------ C:\WINDOWS\system32\srrstr.dll

    2006-12-08 18:24 160,256 --a------ C:\WINDOWS\system32\schedsvc.dll

    2006-12-08 18:24 159,232 --a------ C:\WINDOWS\system32\srsvc.dll

    2006-12-08 18:24 <DIR> d-------- C:\WINDOWS\system32\Restore

    2006-12-08 18:24 <DIR> d-------- C:\WINDOWS\Registration

    2006-12-08 18:24 <DIR> d-------- C:\WINDOWS\PCHealth

    2006-12-08 18:24 <DIR> d-------- C:\Arquivos de programas\Outlook Express

    2006-12-08 18:24 <DIR> d-------- C:\Arquivos de programas\NetMeeting

    2006-12-08 18:24 <DIR> d-------- C:\Arquivos de programas\Internet Explorer

    2006-12-08 18:24 <DIR> d-------- C:\Arquivos de programas\ComPlus Applications

    2006-12-08 18:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\System

    2006-12-08 18:23 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll

    2006-12-08 18:23 9,728 --a------ C:\WINDOWS\system32\reset.exe

    2006-12-08 18:23 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll

    2006-12-08 18:23 9,216 --a------ C:\WINDOWS\system32\icaapi.dll

    2006-12-08 18:23 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll

    2006-12-08 18:23 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll

    2006-12-08 18:23 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll

    2006-12-08 18:23 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll

    2006-12-08 18:23 82,432 --a------ C:\WINDOWS\system32\comrepl.dll

    2006-12-08 18:23 80,896 --a------ C:\WINDOWS\system32\charmap.exe

    2006-12-08 18:23 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll

    2006-12-08 18:23 73,216 --a------ C:\WINDOWS\system32\avwav.dll

    2006-12-08 18:23 640,512 --a------ C:\WINDOWS\system32\getuname.dll

    2006-12-08 18:23 61,952 --a------ C:\WINDOWS\system32\rdshost.exe

    2006-12-08 18:23 6,144 --a------ C:\WINDOWS\system32\msdtc.exe

    2006-12-08 18:23 598,016 --a------ C:\WINDOWS\system32\mstscax.dll

    2006-12-08 18:23 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll

    2006-12-08 18:23 57,856 --a------ C:\WINDOWS\system32\licwmi.dll

    2006-12-08 18:23 57,344 --a------ C:\WINDOWS\system32\sol.exe

    2006-12-08 18:23 57,344 --a------ C:\WINDOWS\system32\remotepg.dll

    2006-12-08 18:23 56,832 --a------ C:\WINDOWS\system32\colbact.dll

    2006-12-08 18:23 55,808 --a------ C:\WINDOWS\system32\freecell.exe

    2006-12-08 18:23 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll

    2006-12-08 18:23 54,272 --a------ C:\WINDOWS\system32\stclient.dll

    2006-12-08 18:23 534,528 --a------ C:\WINDOWS\system32\spider.exe

    2006-12-08 18:23 53,248 --a------ C:\WINDOWS\system32\servdeps.dll

    2006-12-08 18:23 5,632 --a------ C:\WINDOWS\system32\write.exe

    2006-12-08 18:23 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe

    2006-12-08 18:23 495,616 --a------ C:\WINDOWS\system32\hypertrm.dll

    2006-12-08 18:23 495,616 --a------ C:\WINDOWS\system32\comuid.dll

    2006-12-08 18:23 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll

    2006-12-08 18:23 44,544 --a------ C:\WINDOWS\system32\hticons.dll

    2006-12-08 18:23 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe

    2006-12-08 18:23 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe

    2006-12-08 18:23 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll

    2006-12-08 18:23 4,096 --a------ C:\WINDOWS\system32\mtxex.dll

    2006-12-08 18:23 390,656 --a------ C:\WINDOWS\system32\mstsc.exe

    2006-12-08 18:23 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys

    2006-12-08 18:23 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll

    2006-12-08 18:23 35,328 --a------ C:\WINDOWS\system32\winchat.exe

    2006-12-08 18:23 342,528 --a------ C:\WINDOWS\system32\mspaint.exe

    2006-12-08 18:23 33,792 --a------ C:\WINDOWS\system32\regini.exe

    2006-12-08 18:23 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll

    2006-12-08 18:23 25,600 --a------ C:\WINDOWS\system32\comaddin.dll

    2006-12-08 18:23 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll

    2006-12-08 18:23 231,424 --a------ C:\WINDOWS\system32\avtapi.dll

    2006-12-08 18:23 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe

    2006-12-08 18:23 22,016 --a------ C:\WINDOWS\system32\msg.exe

    2006-12-08 18:23 215,040 --a------ C:\WINDOWS\system32\catsrv.dll

    2006-12-08 18:23 201,728 --a------ C:\WINDOWS\system32\termsrv.dll

    2006-12-08 18:23 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll

    2006-12-08 18:23 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys

    2006-12-08 18:23 190,464 --a------ C:\WINDOWS\system32\wuaueng.dll

    2006-12-08 18:23 183,296 --a------ C:\WINDOWS\system32\accwiz.exe

    2006-12-08 18:23 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

    2006-12-08 18:23 18,944 --a------ C:\WINDOWS\system32\qprocess.exe

    2006-12-08 18:23 178,176 --a------ C:\WINDOWS\system32\cmprops.dll

    2006-12-08 18:23 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe

    2006-12-08 18:23 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe

    2006-12-08 18:23 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll

    2006-12-08 18:23 16,384 --a------ C:\WINDOWS\system32\tskill.exe

    2006-12-08 18:23 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe

    2006-12-08 18:23 16,384 --a------ C:\WINDOWS\system32\avmeter.dll

    2006-12-08 18:23 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll

    2006-12-08 18:23 15,872 --a------ C:\WINDOWS\system32\logoff.exe

    2006-12-08 18:23 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll

    2006-12-08 18:23 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe

    2006-12-08 18:23 15,360 --a------ C:\WINDOWS\system32\tscon.exe

    2006-12-08 18:23 15,360 --a------ C:\WINDOWS\system32\shadow.exe

    2006-12-08 18:23 147,456 --a------ C:\WINDOWS\system32\comsnap.dll

    2006-12-08 18:23 141,824 --a------ C:\WINDOWS\system32\wuauclt.exe

    2006-12-08 18:23 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll

    2006-12-08 18:23 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe

    2006-12-08 18:23 135,680 --a------ C:\WINDOWS\system32\rdchost.dll

    2006-12-08 18:23 130,560 --a------ C:\WINDOWS\system32\sessmgr.exe

    2006-12-08 18:23 128,000 --a------ C:\WINDOWS\system32\mshearts.exe

    2006-12-08 18:23 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe

    2006-12-08 18:23 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe

    2006-12-08 18:23 119,808 --a------ C:\WINDOWS\system32\winmine.exe

    2006-12-08 18:23 117,760 --a------ C:\WINDOWS\system32\mplay32.exe

    2006-12-08 18:23 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys

    2006-12-08 18:23 115,200 --a------ C:\WINDOWS\system32\calc.exe

    2006-12-08 18:23 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys

    2006-12-08 18:23 100,864 --a------ C:\WINDOWS\system32\clipbrd.exe

    2006-12-08 18:23 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll

    2006-12-08 18:23 1,221 --a------ C:\WINDOWS\system32\usrlogon.cmd

    2006-12-08 18:23 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll

    2006-12-08 18:23 <DIR> d--h----- C:\Arquivos de programas\WindowsUpdate

    2006-12-08 18:23 <DIR> d-------- C:\WINDOWS\system32\MsDtc

    2006-12-08 18:23 <DIR> d-------- C:\WINDOWS\system32\Com

    2006-12-08 18:23 <DIR> d-------- C:\Arquivos de programas\Windows NT

    2006-12-08 18:23 <DIR> d-------- C:\Arquivos de programas\Windows Media Player

    2006-12-08 18:23 <DIR> d-------- C:\Arquivos de programas\Servi‡os on-line

    2006-12-08 18:23 <DIR> d-------- C:\Arquivos de programas\MSN Gaming Zone

    2006-12-08 18:23 <DIR> d-------- C:\Arquivos de programas\MSN

    2006-12-08 18:23 <DIR> d-------- C:\Arquivos de programas\Messenger

    2006-12-08 16:13 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache

    2006-12-08 16:13 <DIR> dr--s---- C:\WINDOWS\Fonts

    2006-12-08 16:13 <DIR> dr------- C:\WINDOWS\Web

    2006-12-08 16:13 <DIR> d-ahs---- C:\WINDOWS\..

    2006-12-08 16:13 <DIR> d--h----- C:\WINDOWS\inf

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\WinSxS

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\twain_32

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Temp

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\wins

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\wbem

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\usmt

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\spool

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\ShellExt

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\Setup

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\ras

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\oobe

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\npp

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\mui

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\inetsrv

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\IME

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\icsxml

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\ias

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\export

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\etc

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\..

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\.

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\dhcp

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\config

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\3com_dmi

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\3076

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\2052

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1054

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1046

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1042

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1041

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1037

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1033

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1031

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1028

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\1025

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\..

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32\.

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system32

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system\..

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system\.

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\system

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\security

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Resources

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\repair

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\mui

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\msapps

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\msagent

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Media

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\java

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\ime

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Help

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Driver Cache

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Debug

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Cursors

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Connection Wizard

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\Config

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\AppPatch

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\addins

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS\.

    2006-12-08 16:13 <DIR> d-------- C:\WINDOWS

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"

    "popbanner"="C:\\Arquivos de programas\\Discador WebLine\\WebLineDiscador.exe --banner"

    "MsnMsgr"="\"C:\\Arquivos de programas\\MSN Messenger\\MsnMsgr.Exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

    "nwiz"="nwiz.exe /install"

    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

    "AGRSMMSG"="AGRSMMSG.exe"

    "NWEReboot"=""

    "NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"

    "AVP"="\"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\e-mail]

    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

    "Installed"="1"

    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

    "DeskHtmlVersion"=dword:00000110

    "DeskHtmlMinorVersion"=dword:00000005

    "Settings"=dword:00000001

    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

    "Source"="About:Home"

    "SubscribedURL"="About:Home"

    "FriendlyName"="Minha página inicial atual"

    "Flags"=dword:00000002

    "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\

    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

    "CurrentState"=hex:04,00,00,40

    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

    ff,ff,04,00,00,00

    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    "ActiveScan Antivirus"="ActiveScan.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]

    "ActiveScan Antivirus"="ActiveScan.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    "ActiveScan Antivirus"="ActiveScan.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]

    "ActiveScan Antivirus"="ActiveScan.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"

    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "dontdisplaylastusername"=dword:00000000

    "legalnoticecaption"=""

    "legalnoticetext"=""

    "shutdownwithoutlogon"=dword:00000001

    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Contents of the 'Scheduled Tasks' folder

    C:\WINDOWS\tasks\Programa de desligamento de sistema no-break.job

    Completion time: 06-12-17 10:51:50.59

    C:\ComboFix.txt ... 06-12-17 10:51

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Process list saved on 10:45:48, on 17/12/2006

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    [pid] [full path to filename] [file version] [company name]

    424 C:\WINDOWS\System32\smss.exe 5.1.2600.1106 Microsoft Corporation

    688 C:\WINDOWS\system32\winlogon.exe 5.1.2600.1106 Microsoft Corporation

    732 C:\WINDOWS\system32\services.exe 5.1.2600.0 Microsoft Corporation

    744 C:\WINDOWS\system32\lsass.exe 5.1.2600.1106 Microsoft Corporation

    916 C:\WINDOWS\system32\svchost.exe 5.1.2600.0 Microsoft Corporation

    960 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation

    1248 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.0 Microsoft Corporation

    1380 C:\WINDOWS\System32\nvsvc32.exe 6.14.10.7777 NVIDIA Corporation

    248 C:\WINDOWS\Explorer.EXE 6.0.2800.1106 Microsoft Corporation

    712 C:\WINDOWS\System32\RUNDLL32.EXE 5.1.2600.0 Microsoft Corporation

    1648 C:\WINDOWS\AGRSMMSG.exe 2.1.33.0 Agere Systems

    340 C:\WINDOWS\System32\ctfmon.exe 5.1.2600.1106 Microsoft Corporation

    412 C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe 1.3.0.28 Powered by GVT

    112 C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe 8.0.812.0 Microsoft Corporation

    1280 C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE 6.0.2800.1106 Microsoft Corporation

    644 C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.

    472 C:\WINDOWS\System32\lemsrv.exe

    2280 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe 6.0.1.411 Kaspersky Lab

    2300 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe 6.0.1.411 Kaspersky Lab

    DLLs loaded by process C:\WINDOWS\Explorer.EXE:

    [full path to filename] [file version] [company name]

    C:\WINDOWS\System32\ntdll.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\GDI32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\USER32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\SHLWAPI.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\system32\SHELL32.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\system32\ole32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft Corporation

    C:\WINDOWS\System32\BROWSEUI.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\System32\SHDOCVW.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\System32\UxTheme.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\system32\comctl32.dll 5.82.2800.1106 Microsoft Corporation

    C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42 Microsoft Corporation

    C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42 Microsoft Corporation

    C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\themeui.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\actxprxy.dll 6.0.2600.0 Microsoft Corporation

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll 1.0.6.411 Kaspersky Lab

    C:\WINDOWS\System32\MSVCP60.dll 6.0.8972.0 Microsoft Corporation

    C:\WINDOWS\System32\msutb.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\netapi32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\ATL.DLL 3.0.9435.0 Microsoft Corporation

    C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\credui.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 Microsoft Corporation

    C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\urlmon.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\system32\WININET.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\MLANG.dll 6.0.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\webcheck.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\BatMeter.dll 6.0.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\POWRPROF.dll 6.0.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\midimap.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\printui.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\system32\MPR.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\drprov.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 Microsoft Corporation

    C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 Microsoft Corporation

    C:\WINDOWS\System32\netcfgx.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\CLUSAPI.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 Microsoft Corporation

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll 2.0.0.7 Nero AG

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\MFC71.DLL 7.10.3077.0 Microsoft Corporation

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\MSVCR71.dll 7.10.3052.4 Microsoft Corporation

    C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\MSVCP71.dll 7.10.3077.0 Microsoft Corporation

    C:\WINDOWS\System32\browselc.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\ODBC32.dll 3.520.9030.0 Microsoft Corporation

    C:\WINDOWS\system32\comdlg32.dll 6.0.2800.1106 Microsoft Corporation

    C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Corporation

    C:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\shdoclc.dll 6.0.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\zipfldr.dll 6.0.2800.1106 Microsoft Corporation

    C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll 2.0.0.0 Nero AG

    C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 7.10.3077.0 Microsoft Corporation

    C:\Arquivos de programas\WinRAR\rarext.dll

    C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 Microsoft Corporation

    C:\WINDOWS\System32\asfsipc.dll 1.1.0.3917 Microsoft Corporation

    C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 Microsoft Corporation

    C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft Corporation

    C:\WINDOWS\System32\wshPTB.DLL 5.6.0.6626 Microsoft Corporation

    C:\ARQUIV~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510.0 Microsoft Corporation

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Santista78, já melhorou bastante. A sua opção foi correta, pois, caso você por algum motivo, não instalasse o SP2, eu ia lhe indicar um firewall. Mas..., ainda se faz necessário a instalação do SP2 para corrigir todas as falhas de segurança. Você poderá baixá-lo, aos poucos, com o auxílio de um gerenciador de download ou, ainda mais fácil, pedir emprestado para algum amigo(a) o CD de instalação.

    - Por enquanto, aplique este PATCH de segurança.

    - Baixe o SDFix; (reserve-o em seu desktop)

    - Execute a Ferramenta KillBox. Marque a opção Delete on Reboot. Copie toda a lista abaixo em vermelho, selecionando-a e clicando com o botão direito do mouse -> copiar...

    C:\WINDOWS\system32\msnlive.exe

    C:\WINDOWS\system32\updaters.exe

    C:\WINDOWS\system32\.exe

    C:\WINDOWS\System32\lemsrv.exe

    ...No KillBox, com os arquivos já copiados para área de transferência, clique em File -> Paste from clipboard... Clique no botão All Files, agora, no X... e responda Não à pergunta.

    @- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

    - Faça a descompactação do SDFix e execute-o. Localize, abra a pasta do programa (SDFix) e execute o RunThis.bat. Clique em Y(Yes). Aguarde a análise da ferramenta até que seja solicitado o reinício do computador. Aperte qualquer tecla... Aguarde novamente com paciência o scan... Finished, para terminar.

    @- Copie outro log do Hijack (atualizado), do SDFix (Report.txt) e cole-os na sequência.

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Mr. Coruj@

    fiz o download do sp2 e instalei-o.

    baixei o programa solicitado,SDFix.

    SDFix: Version 1.49

    ****************

    seg 18/12/2006 - 15:26:36,09

    Microsoft Windows XP [versÆo 5.1.2600]

    Running From: C:\SDFix

    Stage One - Safe Mode

    Checking Services...

    Service Name:

    Microsoft Windows System32

    MSDisk

    Network Confg System

    File Path:

    "C:\WINDOWS\winsysdir.exe"

    "C:\WINDOWS\System32\irdvxc.exe" /service

    "C:\WINDOWS\system32\lviss.exe"

    Microsoft Windows System32 Deleted...

    MSDisk Deleted...

    Network Confg System Deleted...

    Starting Registry Repairs...

    Restoring Default Hosts File...

    Stage One Complete

    Rebooting...

    Stage Two - Normal Mode

    Checking For Malware:

    --------------------

    Backing Up and Removing any Files Found...

    Alternate Stream Check:

    C:\WINDOWS\system32

    No streams found.

    Final Check:

    Services:

    ---------

    Authorized Applications Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

    "C:\\Arquivos de programas\\MSN Messenger\\msncall.exe"="C:\\Arquivos de programas\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"

    "C:\\Arquivos de programas\\MSN Messenger\\msncall.exe"="C:\\Arquivos de programas\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

    Files:

    ------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Checking for files with Hidden Attributes:

    C:\WINDOWS\system32\cdplayer.exe.manifest

    C:\WINDOWS\system32\logonui.exe.manifest

    C:\IO.SYS

    C:\MSDOS.SYS

    C:\pagefile.sys

    FINISHED!

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Logfile of HijackThis v1.99.1

    Scan saved at 16:26:04, on 18/12/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    C:\WINDOWS\System32\nvsvc32.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\AGRSMMSG.exe

    C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    C:\Arquivos de programas\DAP\DAP.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe

    C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\Kinhu\Desktop\Nova pasta\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gvt.com.br/

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"

    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [popbanner] C:\Arquivos de programas\Discador WebLine\WebLineDiscador.exe --banner

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

    O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

    O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

    O8 - Extra context menu item: Add to Anti-Banner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm

    O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll

    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

    O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Santista78, muito bom!!! :) Já parece bem estável agora.

    Diz aí, ainda está apresentando problemas? Quais?

    Um forte abraço,

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ola, olha o pc esta quase perfeito.

    unicos problemas que restam é alguma tentativa de invasão. ( mas sem sucesso)

    e geralmente reinicia-se quando esta jogando algo online.

    flows t++

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ola, olha o pc esta quase perfeito.

    unicos problemas que restam é alguma tentativa de invasão. ( mas sem sucesso)

    e geralmente reinicia-se quando esta jogando algo online.

    flows t++

    Mr.Coruj@

    Acho que deu para resolver o problema do jogo, dei uma impada nos coolers e tirei a reinicializacao automatica do computador.

    E quanto as tentativasde invasão se ocorrem, são detidas pelo kaspersky.

    Acredito que não tenha mais nada de errado.

    Obrigado pela ajuda,

    :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    <div align="center">Santista78, desculpe-me pela demora...

    Essas possíveis tentativas, pode-se dizer que, são "normais" durante o período de conexão. Porém, com um firewall instalado, elas, quase sempre, não passam mesmo de tentativas.

    No começo da remoção, o seu PC estava infectado por Bankers e, como é possível que este computador estivesse sendo utilizado para capturar as suas senhas, se houver alguma desconfiança neste sentido, recomendo trocá-las.

    Fico feliz pela solução do seu problema... :D O seu log está LIMPO! :-BEER

    Amigo, lhe peço que, caso ainda esteja precisando de ajuda, abra um novo tópico nesta mesma área para que outro colaborador possa lhe ajudar.

    Se até amanhã o seu sistema não apresentar nenhum problema, desabilite e reabilite a Restauração do Sistema.

    Poderá clicar no botão ALERTAR, informar ao moderador da área que o problema foi resolvido e que o tópico já pode ser fechado.

    Conte sempre com a ajuda do pessoal do fórum do Clube do Hardware.

    Obrigado pelo retorno e um forte abraço!

    </div>

    <div align="center">buho8xs.gif</div>

    <div align="center">Mr. Coruj@</div>

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    CASO RESOLVIDO!

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso o mesmo deverá procurar um Moderador da área e solicitar o desbloqueio!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×