Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
issame

Log Virtumonde.dll Bicho ruim!

Recommended Posts

Oi pessoal, estou eu aqui estressado já de tanto tentar acabar com este maldito virtumonde! Ja tive outros tipos de virtumonde outras vezes, mas desta vez o negócio piorou, ele fecha o explorer.exe

Como todos sabem o spybot SD detecta mas não resolve o problema a fundo, pois sempre volta, então virei a internet para achar algumas coisas que resolvam. Primeiro passei spybot SD, depois Superantispyware, meu atual antivirus que é o Sophos, mas antes disto instalei o Panda, o Kaspersky e o Nod32, mas nenhum resolveu o problema também, baixei o Symantec Adware.Virtumonde Removal e aconteceu a mesma coisa que o spybot SD, baixei o VundoFix e não detectou nada, o único que até agora que durou mais tempo foi o Combofix, mas também acabou voltando... Todos que eu falei aqui eu passei em modo de segurança, sem rede e com a restauração desativada! Notei que quando estou desconectado ele fica pedindo para conectar do nada... Vou colocar aqui os logs do hijackthis, combofix e autoruns para análise!

Agradeço desde já!

HijackThis:

Logfile of HijackThis v1.99.1

Scan saved at 20:01:34, on 23/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Arquivos de programas\Sophos\AutoUpdate\ALsvc.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\Arquivos de programas\UPHClean\uphclean.exe

C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Sophos\AutoUpdate\ALMon.exe

C:\Arquivos de programas\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0CCB7673-04D5-4DE7-916B-384A3642BAF4} - C:\WINDOWS\SYSTEM32\nnnkLbca.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [intelliPoint] "c:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Arquivos de programas\Sophos\AutoUpdate\ALMon.exe

O4 - Global Startup: DSLMON.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182483745359

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182483988390

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fabyanneeu.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} -

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{E5958A7D-7D6A-4E29-B9E2-69C641E989A7}: NameServer = 201.10.120.3 201.10.1.2

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\ARQUIV~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

O20 - Winlogon Notify: nnnkLbca - C:\WINDOWS\SYSTEM32\nnnkLbca.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file)

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Arquivos de programas\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Arquivos de programas\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Arquivos de programas\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

ComboFix:

ComboFix 08-05-21.3 - Abruptum 2008-05-23 12:28:10.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.726 [GMT -3:00]

Executando de: C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Arquivos de programas\Google\googletoolbar1.dll

C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\addon.dat

C:\Documents and Settings\Cristina\Dados de aplicativos\addon.dat

C:\WINDOWS\2.exe

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\Cache

C:\WINDOWS\system32\comsa32.sys

C:\WINDOWS\system32\drmgs.sys

C:\WINDOWS\system32\jjkkj.bak1

C:\WINDOWS\system32\jjkkj.ini2

C:\WINDOWS\system32\mhegksxu.ini

C:\WINDOWS\system32\NmnWaccf.ini

C:\WINDOWS\system32\NmnWaccf.ini2

C:\WINDOWS\system32\RqAHOqss.ini

C:\WINDOWS\system32\RqAHOqss.ini2

C:\WINDOWS\system32\VCbHPXyb.ini

C:\WINDOWS\system32\VCbHPXyb.ini2

C:\WINDOWS\system32\w32apiw.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-04-23 to 2008-05-23 ))))))))))))))))))))))))))))))))

.

2008-05-23 02:25 . 2008-05-23 02:25 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2008-05-23 01:52 . 2008-05-23 02:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Lavasoft

2008-05-22 22:34 . 2008-05-22 22:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-22 14:50 . 2008-05-22 16:22 345 --ahs---- C:\WINDOWS\system32\dNmSCJlm.ini

2008-05-22 12:40 . 2008-05-22 12:40 58,880 --a------ C:\WINDOWS\system32\mlJDTNfe.dll

2008-05-22 12:14 . 2008-05-22 12:14 58,880 --a------ C:\WINDOWS\system32\tuvTkjIC.dll

2008-05-22 12:12 . 2008-05-22 12:12 58,880 --a------ C:\WINDOWS\system32\cbXQghIC.dll

2008-05-22 12:12 . 2008-05-22 12:12 58,880 --a------ C:\WINDOWS\system32\awtrOeFu.dll

2008-05-22 12:08 . 2008-05-22 12:08 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2008-05-22 12:08 . 2008-05-22 12:10 <DIR> d-------- C:\Arquivos de programas\Sony

2008-05-22 12:08 . 2008-05-22 12:08 58,880 --a------ C:\WINDOWS\system32\fccdbxvT.dll

2008-05-22 12:07 . 2008-05-22 12:07 <DIR> d-------- C:\Arquivos de programas\Sony Setup

2008-05-22 12:07 . 2008-05-22 12:07 58,880 --a------ C:\WINDOWS\system32\geBRLBtQ.dll

2008-05-22 12:06 . 2008-05-23 00:03 58,880 --a------ C:\WINDOWS\system32\nnnkLbca.dll

2008-05-21 01:12 . 2008-05-22 12:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-21 01:12 . 2008-05-21 01:12 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-30 19:12 . 2003-12-12 16:06 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll

2008-04-30 19:12 . 2003-11-04 15:11 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll

2008-04-30 19:12 . 2003-11-04 15:10 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 15:06 --------- d-----w C:\Arquivos de programas\Google

2008-05-23 06:03 --------- d-----w C:\Arquivos de programas\SUPERAntiSpyware

2008-05-23 05:55 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-05-23 04:59 --------- d-----w C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\uTorrent

2008-05-22 19:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2008-05-22 16:09 7,101,627 ----a-w C:\Arquivos de programas\soundforgeMF.rar

2008-05-22 04:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-22 04:42 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-05-22 01:39 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\LimeWire

2008-05-20 15:05 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight

2008-05-14 05:08 --------- d-----w C:\Arquivos de programas\Java

2008-05-14 03:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\GbPlugin

2008-04-30 09:46 --------- d-----w C:\Documents and Settings\Cristina\Dados de aplicativos\Image Zone Express

2008-04-20 08:11 --------- d-----w C:\Arquivos de programas\Wolfenstein - Enemy Territory

2008-04-02 12:35 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-04-02 12:35 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-04-01 16:50 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-04-01 16:25 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-04-01 16:06 --------- d-----w C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\Image Zone Express

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-25 05:42 674,600 ----a-w C:\WINDOWS\system32\pbsvc.exe

2008-02-25 05:42 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-25 05:42 22,328 ----a-w C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\PnkBstrK.sys

2007-06-26 17:29 81,920 ----a-w C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\ezpinst.exe

2007-06-26 17:29 47,360 ----a-w C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\pcouffin.sys

2007-06-13 15:22 952 ----a-w C:\Arquivos de programas\fclog.txt

2007-06-13 15:22 4,965 ----a-w C:\Arquivos de programas\game.dat

2006-12-27 08:28 784 ----a-w C:\Documents and Settings\Abruptum.HOME-2DC3C1880C\Dados de aplicativos\mpauth.dat

2006-07-25 09:35 139 --sh--w C:\Arquivos de programas\Desktop.ini

2004-10-01 10:30 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CCB7673-04D5-4DE7-916B-384A3642BAF4}]

2008-05-23 00:03 58880 --a------ C:\WINDOWS\SYSTEM32\nnnkLbca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\

AutoUpdate Monitor.lnk - C:\Arquivos de programas\Sophos\AutoUpdate\ALMon.exe [2007-06-21 07:18:00 245760]

DSLMON.lnk - C:\Arquivos de programas\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2007-10-13 04:10:14 929863]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{0CCB7673-04D5-4DE7-916B-384A3642BAF4}"= C:\WINDOWS\SYSTEM32\nnnkLbca.dll [2008-05-23 00:03 58880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkLbca]

nnnkLbca.dll 2008-05-23 00:03 58880 C:\WINDOWS\system32\nnnkLbca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.xvid"= xvid.dll

"vidc.LEAD"= LCODCCMPE.DLL

"vidc.I263"= I263_32.drv

"msacm.dvacm"= C:\ARQUIV~1\ARQUIV~1\ULEADS~1\Vio\Dvacm.acm

"msacm.MPEGacm"= C:\ARQUIV~1\ARQUIV~1\ULEADS~1\MPEG\MPEGacm.acm

"msacm.ulmp3acm"= C:\ARQUIV~1\ARQUIV~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^Abruptum.HOME-2DC3C1880C^Menu Iniciar^Programas^Inicializar^Bitcomet Ultra Accelerator.lnk]

backup=C:\WINDOWS\pss\Bitcomet Ultra Accelerator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Acrobat Distiller 8.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Acrobat Distiller 8.lnk

backup=C:\WINDOWS\pss\Acrobat Distiller 8.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Acrobat 8 Professional.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Acrobat 8 Professional.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat 8 Professional.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Speed Launcher.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Acrobat Synchronizer.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Bridge CS3.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Bridge CS3.lnk

backup=C:\WINDOWS\pss\Adobe Bridge CS3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Device Central CS3.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Device Central CS3.lnk

backup=C:\WINDOWS\pss\Adobe Device Central CS3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe ExtendScript Toolkit 2.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe ExtendScript Toolkit 2.lnk

backup=C:\WINDOWS\pss\Adobe ExtendScript Toolkit 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe LiveCycle Designer 8.0.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe LiveCycle Designer 8.0.lnk

backup=C:\WINDOWS\pss\Adobe LiveCycle Designer 8.0.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Photoshop CS3.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Photoshop CS3.lnk

backup=C:\WINDOWS\pss\Adobe Photoshop CS3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^Adobe Stock Photos CS3.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\Adobe Stock Photos CS3.lnk

backup=C:\WINDOWS\pss\Adobe Stock Photos CS3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^MediaChecker.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\MediaChecker.lnk

backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Iniciar^Programas^Inicializar^YouTube Uploader for CASIO.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar\YouTube Uploader for CASIO.lnk

backup=C:\WINDOWS\pss\YouTube Uploader for CASIO.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2006-10-22 23:24 620152 C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--------- 2006-07-12 06:58 1397760 C:\Arquivos de programas\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

-r------- 2005-06-10 09:44 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark_X79-55]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

--a------ 2007-06-27 15:38 249856 C:\Arquivos de programas\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]

C:\Arquivos de programas\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

C:\Arquivos de programas\McAfee\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]

--------- 2006-02-10 14:10 2048000 C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

--a------ 2001-07-09 04:20 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 04:20 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 20:16 286720 C:\Arquivos de programas\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2004-11-02 12:54 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-13 20:13 83608 C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]

--a------ 2007-07-09 14:13 1741168 C:\Arquivos de programas\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]

--a------ 2007-03-03 14:12 341488 C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Documents and Settings\\Abruptum.HOME-2DC3C1880C\\Darkthrone\\emule\\eMule\\eMule.exe"=

"C:\\Documents and Settings\\Abruptum.HOME-2DC3C1880C\\Darkthrone\\CyberScript32\\CyberScript.exe"=

"C:\\Documents and Settings\\Abruptum.HOME-2DC3C1880C\\Darkthrone\\soulseek\\slsk.exe"=

"C:\\Arquivos de programas\\Java\\jre1.5.0_10\\bin\\javaw.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\FTP Commander\\Ftpcomm.exe"=

"C:\\Arquivos de programas\\NetMeeting\\conf.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Wolfenstein - Enemy Territory\\ET.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\ASUS\\AsusUpdate\\Update.exe"=

"C:\\Arquivos de programas\\TVUPlayer\\TVUPlayer.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

S1 atitray;atitray;C:\Arquivos de programas\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [2006-02-28 18:55]

S1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 08:09]

S1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 08:08]

S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys [2003-09-29 11:46]

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]

S3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-26 16:51]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

DcomLaunch REG_MULTI_SZ DcomLaunch

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\AutoRun.exe TMM80

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-23 15:29:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 12:32:41

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\nnnkLbca.dll

.

Tempo para conclusão: 2008-05-23 12:44:31

ComboFix-quarantined-files.txt 2008-05-23 15:43:26

Pre-Run: 7,043,641,344 bytes disponíveis

Post-Run: 7,028,293,632 bytes disponíveis

262 --- E O F --- 2008-05-22 01:41:16

Autoruns:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

+ rdpclip File not found: rdpclip

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ HP Software Update hpwuSchd Application (Verified) Hewlett-Packard Company c:\arquivos de programas\hp\hp software update\hpwuschd2.exe

C:\Documents and Settings\All Users.WINDOWS\Menu Iniciar\Programas\Inicializar

+ AutoUpdate Monitor.lnk Component to show AutoUpdate's GUI elements. (Not verified) Sophos Plc c:\arquivos de programas\sophos\autoupdate\almon.exe

+ DSLMON.lnk ADIMON MFC Application c:\arquivos de programas\huawei technologies\huawei smartax mt810\dslmon.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CompIBBrd File not found: CLSID\{A3717295-941D-416F-9384-ED1736729F1C}\InprocServer32

+ WPDShServiceObj File not found: CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ nnnklbca.dll c:\windows\system32\nnnklbca.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\acrobat 8.0\acrobat elements\contextmenu.dll

+ EzCddax extension c:\arquivos de programas\easy cd-da extractor 10\ezcddax10.dll

+ Sophos Anti-Virus Shell Extension Components for extending windows shell with SAV scan (Not verified) Sophos Plc c:\arquivos de programas\sophos\sophos anti-virus\savshellext.dll

+ Ulead UDF Driver USIShex Module (Verified) Ulead Systems, Inc. c:\arquivos de programas\arquivos comuns\ulead systems\dvd\usishex.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Adobe PDF Conversion Toolbar Helper Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\acrobat 8.0\acrobat\acroiefavclient.dll

+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelper.dll

+ SSVHelper Class Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre1.6.0_01\bin\ssv.dll

+ {0CCB7673-04D5-4DE7-916B-384A3642BAF4} c:\windows\system32\nnnklbca.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ acroiefavclient.dll Adobe PDF Toolbar for Internet Explorer (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\acrobat 8.0\acrobat\acroiefavclient.dll

HKLM\System\CurrentControlSet\Services

+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe

+ Bonjour Service ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762## (Not verified) Apple Computer, Inc. c:\arquivos de programas\bonjour\mdnsresponder.exe

+ Capture Device Service Manages device arrival and removal event. This service is provided by InterVideo. (Verified) Intervideo, Inc. c:\arquivos de programas\arquivos comuns\intervideo\deviceservice\devsvc.exe

+ InCDsrv Helper service for the InCD filesystem driver (Not verified) Nero AG c:\arquivos de programas\ahead\incd\incdsrv.exe

+ PnkBstrA PunkBuster Service Component [v1029] http://www.evenbalance.com (Verified) Even Balance, Inc. c:\windows\system32\pnkbstra.exe

+ SAVAdminService Provides information to Windows Security Center on whether Sophos Anti-Virus is up to date and whether on-access scanning is enabled. (Not verified) Sophos Plc c:\arquivos de programas\sophos\sophos anti-virus\savadminservice.exe

+ SAVService Performs threat scanning and cleanup functions. (Not verified) Sophos Plc c:\arquivos de programas\sophos\sophos anti-virus\savservice.exe

+ Sophos AutoUpdate Service Part of the updating system for Sophos components (Not verified) Sophos Plc c:\arquivos de programas\sophos\autoupdate\alsvc.exe

+ SoundMAX Agent Service (default) SoundMAX service agent component (Not verified) Analog Devices, Inc. c:\arquivos de programas\analog devices\soundmax\smagent.exe

+ UleadBurningHelper ULCDRSvr (Verified) Ulead Systems, Inc. c:\arquivos de programas\arquivos comuns\ulead systems\dvd\ulcdrsvr.exe

+ UPHClean Cleans up handles to allow unloading of user profile hive. This can help speed up logging off, reconciliation of roaming profiles and prevent exceeding the registry size limit. (Not verified) Microsoft Corporation c:\arquivos de programas\uphclean\uphclean.exe

HKLM\System\CurrentControlSet\Services

+ adiusbae ADSL USB Driver (Not verified) Analog Devices Inc. c:\windows\system32\drivers\adiusbae.sys

+ ati2mtag ATI Radeon WindowsNT Miniport Driver (Not verified) ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ atitray c:\arquivos de programas\radeon omega drivers\v3.8.252\ati tray tools\atitray.sys

+ catchme File not found: C:\ComboFix\catchme.sys

+ DCamUSBSQTECH Universal Serial Bus Camera Driver (Not verified) Service & Quality Technology. c:\windows\system32\drivers\sqcaptur.sys

+ InCDPass Ahead RW Filter Driver (Not verified) Nero AG c:\windows\system32\drivers\incdpass.sys

+ NTSIM Network Device Monitor Utility (Not verified) VIA Technologies, Inc. c:\windows\system32\ntsim.sys

+ Pcatip Patin-Couffin Autoplay™ support driver (Not verified) VSO Software c:\windows\system32\drivers\pcatip.sys

+ pcouffin low level access layer for CD/DVD/BD devices (Not verified) VSO Software c:\windows\system32\drivers\pcouffin.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RMSPPPOE PPP over Ethernet Protocol NDIS Intermediate Driver (Not verified) Robert Schlabbach c:\windows\system32\drivers\rmspppoe.sys

+ SASDIFSV SASDIFSV c:\arquivos de programas\superantispyware\sasdifsv.sys

+ SASENUM SuperAntiSpyware (Not verified) SuperAdBlocker, Inc. c:\arquivos de programas\superantispyware\sasenum.sys

+ SASKUTIL SASKUTIL.SYS c:\arquivos de programas\superantispyware\saskutil.sys

+ SQTECH905C Universal Serial Bus Camera Driver (Not verified) Service & Quality Technology. c:\windows\system32\drivers\capt905c.sys

+ TVICHW32 TVicHW32 Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\windows\system32\drivers\tvichw32.sys

+ ZSMC301b Video streaming and Capture Device Driver (Not verified) VM c:\windows\system32\drivers\usbvm31b.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ C:\ARQUIV~1\Sophos\SOPHOS~1\SOPHOS~1.DLL Sophos Buffer Overrun Protection (Not verified) Sophos Plc c:\arquivos de programas\sophos\sophos anti-virus\sophos_detoured.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ nnnkLbca c:\windows\system32\nnnklbca.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ Adobe PDF Port Acrobat ® PDF Port (Verified) Adobe Systems, Incorporated c:\windows\system32\adobepdf.dll

Este post foi editado por issame em 23/05/2008, 08:28 PM.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×