Ir ao conteúdo
  • Cadastre-se
gustavo_pch

Festas.exe, serviços do Windows continuam desabilitados mesmo com o Combo

Recommended Posts

Há alguns dias atrás meu computador parou de abrir o Gerenciador de Tarefas, Regedit, Serviços de Ajuda, etc... e o NOD32 não executava mais. Aí procurei sobre isso na net e descobri esse vírus Festas.exe, usei o KillBox para tirar ele e usei o ComboFix também, mas os serviços do Windows e os Anti-vírus continuam sem funcionar, instalei o KasperSky Internet Security 2009 mas não estou conseguindo abrir, é como se eu nem clicasse nele.

Não tenho nem pista mais do vírus Festas.exe, não sei se ele tá no meu PC ainda, mas os efeitos dele ainda estão aqui. Ah, e o Modo de Segurança não funciona também.

Tenho um log do Hijack e do ComboFix.

Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 17:41:47, on 10/11/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\Gustavo\CONFIG~1\Temp\Rar$EX03.156\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [smartRAM] C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe /m

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: ZDWLan Utility.lnk = C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B7598CBD-1F32-4E05-8D51-EDBF85F2C0D5}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8eb64a4799eb0) (gupdate1c8eb64a4799eb0) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

ComboFix:

ComboFix 08-10-10.09 - Gustavo 2008-10-11 15:23:21.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.74 [GMT -3:00]

Executando de: C:\Documents and Settings\Gustavo\Desktop\a\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\kmd.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))))

.

2008-10-11 15:08 . 2008-10-11 15:08 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-10-11 15:08 . 2008-10-11 15:08 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-10-11 15:05 . 2008-10-11 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-10-11 15:05 . 2008-10-11 15:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-11 15:05 . 2008-10-11 15:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-11 15:05 . 2008-10-11 15:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-11 15:05 . 2008-10-11 15:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-10 11:37 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2008-10-09 19:17 . 2008-10-09 19:17 <DIR> d-------- C:\!KillBox

2008-10-09 15:36 . 2008-10-11 13:55 49 --a------ C:\WINDOWS\iltwain.ini

2008-10-09 15:35 . 2008-10-09 15:35 <DIR> d-------- C:\Arquivos de programas\Amazing Photo Editor

2008-10-09 15:19 . 2008-10-09 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-09 15:19 . 2008-10-09 15:20 <DIR> d-------- C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-09 11:55 . 2008-10-09 11:55 <DIR> d-------- C:\Arquivos de programas\PDF Password Remover v3.0

2008-10-08 18:21 . 2008-10-08 18:21 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-10-08 14:48 . 2008-10-08 14:49 <DIR> d-------- C:\Arquivos de programas\TaskSwitchXP

2008-10-08 14:46 . 2008-10-08 14:49 <DIR> d--h----- C:\WINDOWS\NiwradSoft Shell Pack

2008-10-08 14:46 . 2004-08-03 21:45 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-10-08 14:13 . 2008-10-08 14:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-07 12:41 . 2008-10-07 12:41 <DIR> d-------- C:\WINDOWS\WindowsCare Professional v2.72.966(NEW-with 1 year license)

2008-10-05 18:09 . 2008-10-05 18:09 <DIR> d-------- C:\Arquivos de programas\Veetle

2008-10-04 18:22 . 2008-10-04 18:22 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\Corel

2008-10-04 17:11 . 2008-10-04 17:11 <DIR> d-------- C:\Arquivos de programas\Justiça Eleitoral

2008-10-02 11:09 . 2008-10-02 11:32 <DIR> d-------- C:\Arquivos de programas\Free YouTube Downloader Converter

2008-10-02 10:46 . 2008-10-02 10:46 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Desktopicon

2008-10-01 21:41 . 2008-10-01 21:41 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\DVD Flick

2008-10-01 21:38 . 2008-10-01 21:40 <DIR> d-------- C:\Arquivos de programas\DVD Flick

2008-10-01 21:38 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx

2008-10-01 21:38 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx

2008-10-01 21:38 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll

2008-10-01 21:38 . 2007-08-31 18:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx

2008-10-01 21:38 . 2008-08-31 13:27 28,672 --a------ C:\WINDOWS\system32\mousewheel.ocx

2008-10-01 15:34 . 2008-10-01 15:34 <DIR> d-------- C:\Documents and Settings\Carmen\Dados de aplicativos\Bullzip

2008-09-30 22:23 . 2008-09-30 22:23 <DIR> d-------- C:\Arquivos de programas\Wondershare

2008-09-28 17:09 . 2008-09-28 17:09 <DIR> d-------- C:\Arquivos de programas\Together Flash Decompiler

2008-09-28 17:07 . 2008-09-28 17:07 <DIR> d-------- C:\Arquivos de programas\Magic Flash Decompiler

2008-09-26 12:50 . 2008-09-26 13:05 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\FileZilla

2008-09-24 15:00 . 2008-09-24 15:00 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2008-09-24 14:59 . 2008-09-24 15:01 <DIR> d-------- C:\Arquivos de programas\Macromedia

2008-09-24 14:59 . 2008-09-24 15:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-09-24 12:30 . 2008-10-07 17:54 <DIR> d-------- C:\Arquivos de programas\Valve

2008-09-24 11:07 . 2008-09-24 11:07 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Bullzip

2008-09-24 09:59 . 2008-09-24 09:59 53,375 --a------ C:\WINDOWS\FontData.fdb

2008-09-24 09:13 . 2008-09-24 09:13 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-09-24 08:19 . 2008-10-09 12:08 56 -r-hs---- C:\WINDOWS\system32\91D120400C.sys

2008-09-24 08:18 . 2008-09-24 08:18 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Corel

2008-09-24 08:06 . 2008-09-24 08:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-09-24 07:51 . 2008-10-09 12:08 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-09-23 20:56 . 2008-09-24 19:44 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-23 20:48 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-23 20:48 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-23 15:00 . 2004-08-03 21:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-09-22 19:14 . 2002-11-02 09:53 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL

2008-09-22 18:55 . 2008-09-22 18:55 <DIR> d-------- C:\eJay

2008-09-22 08:33 . 2008-09-22 08:33 <DIR> d-------- C:\Arquivos de programas\XPC Tools

2008-09-20 11:12 . 2008-10-02 10:47 <DIR> d-------- C:\Arquivos de programas\VDOWNLOADER

2008-09-20 10:04 . 2008-09-25 19:46 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\FileZilla

2008-09-20 09:59 . 2008-09-26 13:17 <DIR> d-------- C:\Arquivos de programas\FileZilla FTP Client

2008-09-18 15:31 . 2008-09-18 15:31 80 --a------ C:\WINDOWS\P2KTools

2008-09-16 16:39 . 2008-09-16 16:39 26 --a------ C:\WINDOWS\CMCDPLAY.INI

2008-09-16 16:38 . 2001-03-19 06:50 532,480 --a------ C:\WINDOWS\system32\DeleteFiles.exe

2008-09-16 16:38 . 2001-07-09 00:17 387,072 --a------ C:\WINDOWS\system32\LostRun.exe

2008-09-16 16:38 . 2001-04-27 05:23 351,232 --a------ C:\WINDOWS\system32\CheckPath.exe

2008-09-16 16:38 . 1998-10-09 17:58 327,168 --a------ C:\WINDOWS\IsUn0816.exe

2008-09-14 08:50 . 2008-09-14 08:50 <DIR> d-------- C:\Documents and Settings\Carmen\Dados de aplicativos\Mikrotik

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-11 18:29 45 ----a-w C:\WINDOWS\system32\drivers\RemoveAny.log

2008-10-11 17:52 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-10-11 17:15 --------- d-----w C:\Arquivos de programas\DreMule

2008-10-10 14:25 --------- d-----w C:\Arquivos de programas\Google

2008-10-10 11:26 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-10 11:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-10-09 23:45 --------- d-----w C:\Arquivos de programas\ESET

2008-10-08 17:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-10-07 13:54 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-07 13:49 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Megacubo

2008-10-06 20:05 --------- d-----w C:\Arquivos de programas\MessengerDiscovery

2008-10-06 19:59 --------- d-----w C:\Arquivos de programas\DAP

2008-09-24 11:08 --------- d-----w C:\Arquivos de programas\Mail PassView

2008-09-24 11:08 --------- d-----w C:\Arquivos de programas\CD Recovery Toolbox Free

2008-09-24 11:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-23 19:13 --------- d-----w C:\Arquivos de programas\Tosketas Games

2008-09-23 19:12 --------- d-----w C:\Arquivos de programas\Passware

2008-09-23 19:11 --------- d-----w C:\Arquivos de programas\JLC's Software

2008-09-21 12:17 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Hamachi

2008-09-21 12:17 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\DNA

2008-09-21 12:17 --------- d-----w C:\Arquivos de programas\DNA

2008-09-08 12:43 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\BitTorrent

2008-09-07 21:53 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\uTorrent

2008-09-07 21:51 --------- d-----w C:\Arquivos de programas\BitTorrent

2008-09-07 18:37 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SPORE Creature Creator

2008-09-07 12:05 --------- d-----w C:\Documents and Settings\Carmen\Dados de aplicativos\LimeWire

2008-09-04 23:50 --------- d-----w C:\Arquivos de programas\Mediacenter

2008-09-04 23:39 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\JLC's Software

2008-09-04 23:36 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\WebCompiler3

2008-09-04 22:52 --------- d-----w C:\Arquivos de programas\Electronics Arts

2008-09-04 22:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SimCity Societies

2008-09-04 21:24 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-09-03 14:38 --------- d-----w C:\Documents and Settings\Douglas\Dados de aplicativos\DAEMON Tools

2008-09-02 18:56 --------- d-----w C:\Arquivos de programas\InCode Solutions

2008-09-01 23:54 --------- d--h--r C:\Documents and Settings\Gustavo\Dados de aplicativos\SecuROM

2008-08-31 14:20 --------- d-----w C:\Arquivos de programas\Kardelen Ltd

2008-08-31 12:51 --------- d-----w C:\Documents and Settings\Milton\Dados de aplicativos\uTorrent

2008-08-31 12:48 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-08-30 23:38 --------- d-----w C:\Arquivos de programas\uTorrent

2008-08-29 14:06 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SporeCreatureCreator

2008-08-28 20:52 --------- d-----w C:\Arquivos de programas\Chama Digital Media

2008-08-27 20:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-27 19:08 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-08-25 14:15 --------- d-----w C:\Arquivos de programas\Livestation

2008-08-25 14:11 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SopCast

2008-08-25 14:11 --------- d-----w C:\Arquivos de programas\SopCast

2008-08-25 12:47 --------- d-----w C:\Arquivos de programas\Hamachi

2008-08-25 12:45 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-08-24 20:18 --------- d-----w C:\Arquivos de programas\VeryPDF PDF2Word v3.0

2008-08-24 14:32 --------- d-----w C:\Arquivos de programas\Java

2008-08-24 14:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-24 14:08 --------- d-----w C:\Arquivos de programas\LimeWire

2008-08-23 19:42 --------- d-----w C:\Arquivos de programas\speed-bit

2008-08-23 19:41 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-08-23 19:40 --------- d-----w C:\Documents and Settings\Milton\Dados de aplicativos\Eltima Software

2008-08-18 20:42 2,068 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg

2008-08-18 18:16 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Bullzip

2008-08-17 21:56 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Participatory Culture Foundation

2008-08-17 21:54 --------- d-----w C:\Arquivos de programas\Participatory Culture Foundation

2008-08-13 00:46 --------- d-----w C:\Documents and Settings\Milton\Dados de aplicativos\Vso

2008-07-31 13:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll

2008-07-31 13:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll

2008-07-31 13:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll

2008-07-23 00:12 47,360 ----a-w C:\Documents and Settings\Milton\Dados de aplicativos\pcouffin.sys

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-12 11:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll

2008-07-12 11:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll

2008-07-12 11:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll

2008-06-12 20:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008061220080613\index.dat

.

------- Sigcheck -------

2007-12-06 22:42 825344 6edae22e39820d235d43c53d1d7af6fd C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 09:35 827392 b7d78ddc9bdb7ce9e70cb97a142b160c C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-23 01:20 827392 7282f35cba5770795325f4b55e992f8f C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 12:40 827904 8cfd66cc90f966333cfa8d8161e185df C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2004-08-03 21:45 658432 398a619ce60090303042d1f8cc68f712 C:\WINDOWS\ie7\wininet.dll

2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll

2007-12-06 23:09 824832 769ce05cb67b19196e47ce6aa9246243 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

2008-03-01 10:02 826368 85b2cdb953e8d6956fb17b4b5fbeca60 C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

2008-04-23 04:14 826368 dd01bde9ca09b53c50f67e932181cb7e C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll

2008-06-23 13:29 826368 fb820c977c8249358d54fa9324b5e92b C:\WINDOWS\NiwradSoft Shell Pack\Backup\wininet.dll

2008-04-13 23:20 668160 df6d0f37a71883be3505dd517eb8ad83 C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\wininet.dll

2008-06-23 13:29 892928 3aa5bfc9545e89f42aebb8c4211a033d C:\WINDOWS\system32\wininet.dll

2008-06-23 13:29 892928 3aa5bfc9545e89f42aebb8c4211a033d C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-03 21:55 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2061056 d5ed391b213fa2a6ee25de5ab8512360 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe

2008-04-13 23:00 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\ntkrnlpa.exe

2007-02-28 13:02 2221952 d5d7c95ce39baf6c65e1c8a032095601 C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2221952 d5d7c95ce39baf6c65e1c8a032095601 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-03 21:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:09 2183552 0da99d0cbd578ad96effd3a571ce8437 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\NiwradSoft Shell Pack\Backup\ntoskrnl.exe

2008-04-13 23:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\ntoskrnl.exe

2007-02-28 13:02 2344704 e8ac2b6c4100fcccd88e4bdc35857f50 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2344704 e8ac2b6c4100fcccd88e4bdc35857f50 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 10:21 1542144 0d41b379eb2939ef854b502842d7e4be C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-03 21:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe

2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\explorer.exe

2007-06-13 10:21 1542144 0d41b379eb2939ef854b502842d7e4be C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 21:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\NiwradSoft Shell Pack\Backup\ctfmon.exe

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\ctfmon.exe

2004-08-03 21:45 40448 42dd6ad5822afee70335be2e9c4b6a9c C:\WINDOWS\system32\ctfmon.exe

2004-08-03 21:45 40448 42dd6ad5822afee70335be2e9c4b6a9c C:\WINDOWS\system32\dllcache\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-10_11.59.52.90 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-16 17:23:44 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

+ 2008-01-29 21:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys

+ 2008-03-13 22:02:46 26,640 ----a-w C:\WINDOWS\system32\drivers\klfltdev.sys

+ 2008-10-11 18:04:31 187,408 ----a-w C:\WINDOWS\system32\drivers\klif.sys

+ 2008-03-25 23:07:10 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys

+ 2008-04-25 21:21:06 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat

+ 2008-04-25 21:22:24 206,088 ----a-w C:\WINDOWS\system32\klogon.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 40448]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5797912]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartRAM"="C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe" [2007-04-21 585176]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 222608]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 155648]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 113520]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]

"nwiz"="nwiz.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 40448]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2008-06-11 659456]

ZDWLan Utility.lnk - C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-06-11 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[bU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Compaq\\Programas\\vdownloader\\VDownloader.exe"=

"C:\\Arquivos de programas\\DreMule\\Dreamule.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Ahead\\Nero PhotoSnap\\PhotoSnapViewer.exe"=

"C:\\Arquivos de programas\\Ahead\\NeroMediaPlayer\\NeroMediaPlayer.exe"=

"C:\\Arquivos de programas\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=

"C:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=

"C:\\Arquivos de programas\\TaskSwitchXP\\TaskSwitchXP.exe"=

"C:\\WINDOWS\\system32\\wuauclt.exe"=

"C:\\Arquivos de programas\\Java\\jre1.6.0_07\\bin\\jusched.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\InstallShield\\UpdateService\\issch.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= C:\\Arquivos de programas\\Windows Live\\Messenger\\MsnMsgr.Exe

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\ComboFix\\NirCmd.cfexe"=

"C:\\Arquivos de programas\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=

"C:\\Arquivos de programas\\DreMule\\Emule1.exe"=

"C:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]

R3 abp470n5;abp470n5;C:\WINDOWS\system32\drivers\qmuofn.sys [ ]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]

S1 RemoveAny;RemoveAny driver;C:\WINDOWS\system32\Drivers\removeany.sys [2008-07-02 11008]

S2 gupdate1c8eb64a4799eb0;Google Update Service (gupdate1c8eb64a4799eb0);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-08-28 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ead70f1-3897-11dd-8368-000e2ebe0b74}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6979fee2-3c98-11dd-8382-000e2ebe0b74}]

\shelL\AutOplAY\Command - E:\spuah.exe

\shelL\AutoRun\command - E:\spuah.exe

\shelL\explOre\COmMaNd - E:\spuah.exe

\shelL\opEN\cOmMAnd - E:\spuah.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1156284-89a1-11dd-929c-000e2ebe0b74}]

\Shell\AUtOplAy\cOmManD - E:\yfew.cmd

\Shell\AutoRun\command - E:\yfew.cmd

\Shell\eXPlOrE\commanD - E:\yfew.cmd

\Shell\opEN\commaNd - E:\yfew.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-10 C:\WINDOWS\Tasks\Advanced WindowsCare V2 Pro.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2006-09-12 17:49]

2008-10-10 C:\WINDOWS\Tasks\AwcProUpdate.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe [2007-05-07 11:18]

2008-10-10 C:\WINDOWS\Tasks\AwcProUpdate.job

- C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\ [2008-10-07 19:17]

2008-10-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-08-28 17:38]

2008-10-11 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Milton\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A} - (no file)

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\llcjcvql.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

FF -: plugin - C:\Arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - C:\Arquivos de programas\Google\Lively\nplively.dll

FF -: plugin - C:\Arquivos de programas\Google\Update\1.2.131.19\npGoogleOneClick6.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - C:\Arquivos de programas\Veetle\VLCBroadcast\npvbp.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF -: plugin - C:\Documents and Settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\llcjcvql.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll

FF -: plugin - C:\Documents and Settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\llcjcvql.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-11 15:55:54

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-11 16:07:20 - Máquina reiniciou [Gustavo]

ComboFix-quarantined-files.txt 2008-10-11 19:07:13

ComboFix2.txt 2008-10-10 22:44:24

Pré-execução: 15 pasta(s) 20.394.065.920 bytes disponíveis

Pós execução: 17 pasta(s) 21,424,664,576 bytes disponíveis

366 --- E O F --- 2008-10-11 12:17:28

Quando usei o KillBox, ele deixou o seguinte log:

KillBox:

Pocket Killbox version 2.0.0.881

Running on Windows XP as Gustavo(Administrator)

was started @ quinta-feira, outubro 09, 2008, 7:17 PM

# 1 [Files to Delete]

Path = C:\WINDOWS\system\Win24DLL.exe

*This file does not seem to exist

Killbox Closed(Exit) @ 7:17:37 PM

__________________________________________________

Pocket Killbox version 2.0.0.881

Running on Windows XP as Gustavo(Administrator)

was started @ sexta-feira, outubro 10, 2008, 7:15 PM

# 1 [Files to Delete]

Path = C:\WINDOWS\system\Win24DLL.exe

*This file does not seem to exist

Killbox Closed(Exit) @ 7:15:40 PM

__________________________________________________

Pocket Killbox version 2.0.0.881

Running on Windows XP as Gustavo(Administrator)

was started @ sábado, outubro 11, 2008, 4:59 PM

# 1 [Delete on Reboot]

Path = C:\WINDOWS\system\Win24DLL.exe

Killbox Closed(Exit) @ 5:01:04 PM

__________________________________________________

Tô achando que não é nem o Festas.exe, mas alguém me dar uma dica por favor.

Agradeço desde já.

--------------------------------------------------------------------------------

EDIT: Equeci de falar que alguns programas não estão abrindo e os executáveis de alguns sumiram, ex: o Download Accelerator Plus, o Advanced Windows Care.

Editado por gustavo_pch

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log do Hijackthis, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Meu pc não é muito bom, tem 256MB de RAM e um Pentium III só, mas da dando muito lag, qualquer coisa já trava e demora 1 ou 2 minutos pra voltar. Ta aí o log novo, fiz em outro usuário adm do pc:

Logfile of HijackThis v1.99.1

Scan saved at 21:49:32, on 15/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Milton\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Milton\CONFIG~1\Temp\Rar$EX02.062\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [smartRAM] C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe /m

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Milton\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: ZDWLan Utility.lnk = C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{67710445-EF60-44BD-A0C1-09CF11CB7B90}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O20 - Winlogon Notify: klogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8eb64a4799eb0) (gupdate1c8eb64a4799eb0) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Compartilhar este post


Link para o post
Compartilhar em outros sites

segui essas intruções sim, na hora de remover o vírus, não apareceu nenhuma mensagem de confirmação como diz que deveria aparecer nas intruções. to achando que nem é o festas.exe, mas não to conseguindo entrar no "regedit", gerenciador de tarefas, modo de segurança, e meu pc ta uma lerdeza.. você sab o q pod ser?

Compartilhar este post


Link para o post
Compartilhar em outros sites
não apareceu nenhuma mensagem de confirmação como diz que deveria aparecer nas intruções

Mesmo que o script não remova a infecção ele dá por finalizado quando termina, veja se está fazendo os procedimentos da maneira correta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz tudo certinho, mas de qualquer maneira vou formatar o pc, acho que vai melhorar, talvez nem seja vírus..

Obrigado pela ajuda, se voltar a ter problemas eu posto.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Certeza que já quer desistir? Mal comecei a análise.

Compartilhar este post


Link para o post
Compartilhar em outros sites

então podemos tentar arrumar sem formatar, já fiz tudo o que você disse, acho que não é o vírus festas.exe, o que faço agora?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você usou o ComboFix de maneira incorreta, vou pedir para que siga os procedimentos abaixo:

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale o Console de Recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o computador pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize corretamente poderá danificar o seu sistema. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware devidamente treinados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui os logs, fiz tudo certo dessa vez.

Log Combofix:

ComboFix 08-10-23.03 - Gustavo 2008-10-23 21:48:08.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.76 [GMT -2:00]

Executando de: C:\Documents and Settings\Gustavo\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Gustavo\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-23 to 2008-10-23 ))))))))))))))))))))))))))))

.

2008-10-23 13:48 . 2008-10-23 13:49 <DIR> d-------- C:\Arquivos de programas\VirtualDJ

2008-10-21 14:51 . 2008-10-21 21:30 <DIR> d-------- C:\Downloads

2008-10-21 14:20 . 2008-10-23 21:37 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\Free Download Manager

2008-10-21 14:20 . 2008-10-21 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

2008-10-21 14:20 . 2008-10-21 14:20 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2008-10-20 20:38 . 2008-10-20 20:40 <DIR> d-------- C:\Arquivos de programas\RADVideo

2008-10-20 20:13 . 2008-10-20 20:14 <DIR> d-------- C:\ConverterOutput

2008-10-20 20:13 . 2008-10-20 20:13 <DIR> d-------- C:\Arquivos de programas\Cucusoft

2008-10-20 20:13 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL

2008-10-20 20:13 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL

2008-10-20 20:13 . 2003-03-30 20:08 372,736 --a------ C:\WINDOWS\system32\xvid.ax

2008-10-20 19:57 . 2008-10-20 19:58 <DIR> d-------- C:\Arquivos de programas\Free MOV 2 AVI

2008-10-20 19:45 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll

2008-10-20 14:25 . 2008-10-20 14:28 <DIR> d-------- C:\MTV Music Generator

2008-10-19 18:36 . 2008-10-19 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Avg8

2008-10-19 15:01 . 2008-10-19 15:01 <DIR> d-------- C:\Arquivos de programas\Analog Devices

2008-10-19 15:01 . 2001-10-12 15:45 720,896 --a------ C:\WINDOWS\system32\a3d.dll

2008-10-19 15:01 . 2001-12-21 10:31 414,568 --a------ C:\WINDOWS\system32\drivers\smwdm.sys

2008-10-19 15:01 . 2001-10-19 11:04 45,056 --a------ C:\WINDOWS\system32\DSndUp.exe

2008-10-19 15:01 . 2001-09-27 11:09 28,672 --a------ C:\WINDOWS\system32\Aud2Full.exe

2008-10-19 15:01 . 2001-12-21 09:35 2,619 --a------ C:\WINDOWS\system32\drivers\sensupgd.sys

2008-10-18 12:18 . 2008-10-18 12:22 <DIR> d-------- C:\Documents and Settings\Carmen\Dados de aplicativos\DAEMON Tools

2008-10-18 12:14 . 2008-10-18 12:20 <DIR> d-------- C:\Documents and Settings\Carmen\Hutil210

2008-10-17 10:30 . 2008-10-23 12:50 237 --a------ C:\WINDOWS\vdj.eq

2008-10-17 10:18 . 2005-11-30 21:20 2,314,332 --a------ C:\WINDOWS\system32\LIBMMD.DLL

2008-10-17 10:03 . 2008-10-17 10:03 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Simple Star

2008-10-17 10:03 . 2008-10-17 10:03 <DIR> d-------- C:\Arquivos de programas\Simple Star

2008-10-12 23:35 . 2008-10-12 23:35 <DIR> d-------- C:\Arquivos de programas\AVG

2008-10-12 19:53 . 2008-10-12 19:53 <DIR> d-------- C:\Arquivos de programas\directx

2008-10-12 19:53 . 2008-10-12 19:53 0 --a------ C:\WINDOWS\DXT9B.tmp

2008-10-12 19:53 . 2008-10-12 19:53 0 --a------ C:\WINDOWS\DXT9A.tmp

2008-10-12 19:53 . 2008-10-12 19:53 0 --a------ C:\WINDOWS\DXT99.tmp

2008-10-12 19:48 . 2008-10-12 23:40 <DIR> d-------- C:\Arquivos de programas\7-Zip

2008-10-11 18:31 . 2008-10-11 18:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-10-11 17:17 . 2008-10-11 17:17 <DIR> d-------- C:\LinhaDefensiva

2008-10-11 16:05 . 2008-10-11 16:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-11 16:05 . 2008-10-11 16:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-11 16:05 . 2008-10-11 16:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-11 16:05 . 2008-10-11 16:28 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-10 12:37 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

2008-10-09 20:17 . 2008-10-12 13:16 <DIR> d-------- C:\!KillBox

2008-10-09 20:15 . 2008-02-20 23:15 174,592 --a------ C:\KillBox.exe

2008-10-09 16:36 . 2008-10-11 14:55 49 --a------ C:\WINDOWS\iltwain.ini

2008-10-09 16:35 . 2008-10-09 16:35 <DIR> d-------- C:\Arquivos de programas\Amazing Photo Editor

2008-10-09 16:19 . 2008-10-19 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-10-09 12:55 . 2008-10-09 12:55 <DIR> d-------- C:\Arquivos de programas\PDF Password Remover v3.0

2008-10-08 19:21 . 2008-10-08 19:21 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-10-08 15:46 . 2008-10-08 15:49 <DIR> d--h----- C:\WINDOWS\NiwradSoft Shell Pack

2008-10-08 15:46 . 2004-08-03 22:45 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-10-08 15:13 . 2008-10-08 15:13 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-07 13:41 . 2008-10-07 13:41 <DIR> d-------- C:\WINDOWS\WindowsCare Professional v2.72.966(NEW-with 1 year license)

2008-10-05 19:09 . 2008-10-23 13:35 <DIR> d-------- C:\Arquivos de programas\Veetle

2008-10-04 19:22 . 2008-10-04 19:22 <DIR> d-------- C:\Documents and Settings\Gustavo\Dados de aplicativos\Corel

2008-10-02 12:09 . 2008-10-23 13:30 <DIR> d-------- C:\Arquivos de programas\Free YouTube Downloader Converter

2008-10-02 11:46 . 2008-10-02 11:46 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Desktopicon

2008-10-01 22:38 . 2003-01-26 14:41 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll

2008-10-01 22:38 . 2007-08-31 19:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx

2008-10-01 16:34 . 2008-10-01 16:34 <DIR> d-------- C:\Documents and Settings\Carmen\Dados de aplicativos\Bullzip

2008-09-28 18:09 . 2008-09-28 18:09 <DIR> d-------- C:\Arquivos de programas\Together Flash Decompiler

2008-09-26 13:50 . 2008-09-26 14:05 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\FileZilla

2008-09-24 16:00 . 2008-09-24 16:00 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2008-09-24 15:59 . 2008-09-24 16:01 <DIR> d-------- C:\Arquivos de programas\Macromedia

2008-09-24 15:59 . 2008-09-24 16:03 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Macromedia

2008-09-24 13:30 . 2008-10-23 13:14 <DIR> d-------- C:\Arquivos de programas\Valve

2008-09-24 12:07 . 2008-09-24 12:07 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Bullzip

2008-09-24 10:59 . 2008-09-24 10:59 53,375 --a------ C:\WINDOWS\FontData.fdb

2008-09-24 10:13 . 2008-09-24 10:13 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-09-24 09:19 . 2008-10-09 13:08 56 -r-hs---- C:\WINDOWS\system32\91D120400C.sys

2008-09-24 09:18 . 2008-09-24 09:18 <DIR> d-------- C:\Documents and Settings\Douglas\Dados de aplicativos\Corel

2008-09-24 09:06 . 2008-09-24 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-09-24 08:51 . 2008-10-09 13:08 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-09-23 21:56 . 2008-09-24 20:44 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-09-23 21:48 . 2008-06-14 15:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-23 21:48 . 2008-06-14 15:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-23 16:00 . 2004-08-03 22:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 21:11 45 ----a-w C:\WINDOWS\system32\drivers\RemoveAny.log

2008-10-23 15:31 --------- d-----w C:\Arquivos de programas\DreMule

2008-10-23 15:21 --------- d-----w C:\Arquivos de programas\Hamachi

2008-10-19 17:01 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-15 10:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-10-11 17:52 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-10-10 14:25 --------- d-----w C:\Arquivos de programas\Google

2008-10-10 11:26 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-10 11:25 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-10-09 23:45 --------- d-----w C:\Arquivos de programas\ESET

2008-10-07 13:49 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Megacubo

2008-10-06 20:05 --------- d-----w C:\Arquivos de programas\MessengerDiscovery

2008-10-06 19:59 --------- d-----w C:\Arquivos de programas\DAP

2008-10-02 13:47 --------- d-----w C:\Arquivos de programas\VDOWNLOADER

2008-09-26 16:17 --------- d-----w C:\Arquivos de programas\FileZilla FTP Client

2008-09-25 22:46 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\FileZilla

2008-09-24 11:08 --------- d-----w C:\Arquivos de programas\Mail PassView

2008-09-24 11:08 --------- d-----w C:\Arquivos de programas\CD Recovery Toolbox Free

2008-09-24 11:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-09-23 19:13 --------- d-----w C:\Arquivos de programas\Tosketas Games

2008-09-23 19:12 --------- d-----w C:\Arquivos de programas\Passware

2008-09-23 19:11 --------- d-----w C:\Arquivos de programas\JLC's Software

2008-09-22 11:33 --------- d-----w C:\Arquivos de programas\XPC Tools

2008-09-21 12:17 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\Hamachi

2008-09-21 12:17 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\DNA

2008-09-21 12:17 --------- d-----w C:\Arquivos de programas\DNA

2008-09-14 11:50 --------- d-----w C:\Documents and Settings\Carmen\Dados de aplicativos\Mikrotik

2008-09-08 12:43 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\BitTorrent

2008-09-07 21:53 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\uTorrent

2008-09-07 18:37 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SPORE Creature Creator

2008-09-07 12:05 --------- d-----w C:\Documents and Settings\Carmen\Dados de aplicativos\LimeWire

2008-09-04 23:50 --------- d-----w C:\Arquivos de programas\Mediacenter

2008-09-04 23:39 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\JLC's Software

2008-09-04 23:36 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\WebCompiler3

2008-09-04 22:52 --------- d-----w C:\Arquivos de programas\Electronics Arts

2008-09-04 22:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SimCity Societies

2008-09-04 21:24 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-09-03 14:38 --------- d-----w C:\Documents and Settings\Douglas\Dados de aplicativos\DAEMON Tools

2008-09-02 18:56 --------- d-----w C:\Arquivos de programas\InCode Solutions

2008-09-01 23:54 --------- d--h--r C:\Documents and Settings\Gustavo\Dados de aplicativos\SecuROM

2008-08-31 14:20 --------- d-----w C:\Arquivos de programas\Kardelen Ltd

2008-08-31 12:51 --------- d-----w C:\Documents and Settings\Milton\Dados de aplicativos\uTorrent

2008-08-31 12:48 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-08-30 23:38 --------- d-----w C:\Arquivos de programas\uTorrent

2008-08-29 14:06 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SporeCreatureCreator

2008-08-28 20:52 --------- d-----w C:\Arquivos de programas\Chama Digital Media

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-27 20:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS

2008-08-25 14:15 --------- d-----w C:\Arquivos de programas\Livestation

2008-08-25 14:11 --------- d-----w C:\Documents and Settings\Gustavo\Dados de aplicativos\SopCast

2008-08-25 14:11 --------- d-----w C:\Arquivos de programas\SopCast

2008-08-25 12:45 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-08-24 20:18 --------- d-----w C:\Arquivos de programas\VeryPDF PDF2Word v3.0

2008-08-24 14:32 --------- d-----w C:\Arquivos de programas\Java

2008-08-24 14:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-24 14:08 --------- d-----w C:\Arquivos de programas\LimeWire

2008-08-23 19:42 --------- d-----w C:\Arquivos de programas\speed-bit

2008-08-23 19:41 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-08-23 19:40 --------- d-----w C:\Documents and Settings\Milton\Dados de aplicativos\Eltima Software

2008-07-23 00:12 47,360 ----a-w C:\Documents and Settings\Milton\Dados de aplicativos\pcouffin.sys

2008-06-12 20:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008061220080613\index.dat

.

------- Sigcheck -------

2007-06-13 11:21 1542144 0d41b379eb2939ef854b502842d7e4be C:\WINDOWS\explorer.exe

2007-06-13 11:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-03 22:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 11:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe

2008-04-14 00:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\explorer.exe

2007-06-13 11:21 1542144 0d41b379eb2939ef854b502842d7e4be C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-03 22:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\NiwradSoft Shell Pack\Backup\ctfmon.exe

2008-04-14 00:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\ctfmon.exe

2004-08-03 22:45 40448 42dd6ad5822afee70335be2e9c4b6a9c C:\WINDOWS\system32\ctfmon.exe

2004-08-03 22:45 40448 42dd6ad5822afee70335be2e9c4b6a9c C:\WINDOWS\system32\dllcache\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-10_11.59.52.90 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-04 22:16:46 1,964,904 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.3\FP_AX_CAB_INSTALLER.exe

- 2007-02-28 16:02:20 2,140,160 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:45:20 2,140,160 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

- 2007-02-28 16:02:34 2,061,824 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:45:24 2,061,952 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

- 2007-02-28 16:02:18 2,019,840 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:45:20 2,019,840 ----a-w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

- 2007-02-28 16:02:28 2,184,576 ----a-w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2008-08-14 13:45:25 2,184,576 ----a-w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

- 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 22:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-06-23 16:29:40 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll

+ 2008-06-23 16:29:40 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll

+ 2008-06-23 16:29:40 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll

+ 2008-06-23 16:29:40 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll

+ 2008-06-23 16:29:40 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll

+ 2008-06-23 09:24:09 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe

+ 2008-06-23 16:29:41 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll

+ 2008-06-23 16:29:41 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll

+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll

+ 2008-06-23 16:29:41 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll

+ 2008-06-23 16:29:41 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll

+ 2008-06-23 16:29:42 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll

+ 2008-06-23 16:29:42 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll

+ 2008-06-23 16:29:43 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll

+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe

+ 2008-06-23 09:24:22 488,448 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe

+ 2008-06-23 16:29:43 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll

+ 2008-06-23 16:29:43 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll

+ 2008-06-23 16:29:43 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll

+ 2008-06-24 13:29:46 3,752,448 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll

+ 2008-06-23 16:29:44 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll

+ 2008-06-23 16:29:44 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll

+ 2008-06-23 16:29:45 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll

+ 2008-06-23 16:29:45 145,920 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll

+ 2008-06-23 16:29:45 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll

+ 2008-06-23 16:29:45 69,632 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll

+ 2008-06-23 16:29:46 1,206,272 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll

+ 2008-06-23 16:29:46 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll

+ 2008-06-23 16:29:46 892,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll

+ 2000-05-24 08:45:58 118,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSSTDFMT.DLL

+ 2004-11-17 17:34:04 12,227,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040480900063D11C8EF10054038389C\11.0.6412\MSO.DLL

+ 2004-11-17 17:13:54 5,112,000 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040480900063D11C8EF10054038389C\11.0.6412\XLVIEW.EXE

- 2008-10-06 20:23:03 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-10-19 01:04:57 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-10-06 20:23:03 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-19 01:04:57 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-10-06 20:23:04 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-19 01:04:57 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-10-06 20:23:02 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-19 01:04:56 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-10-06 20:23:04 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-19 01:04:57 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-10-06 20:23:04 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-19 01:04:57 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-10-06 20:23:04 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-10-19 01:04:57 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-10-06 20:23:05 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-19 01:04:57 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-10-06 20:23:03 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-19 01:04:57 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-10-06 20:23:02 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-19 01:04:56 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-10-06 20:23:05 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-19 01:04:58 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-10-06 20:23:02 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-10-19 01:04:56 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-10-06 20:23:01 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-19 01:04:56 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-19 00:58:20 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-19 00:58:20 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe

+ 2007-12-12 17:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-A90000000001}\SC_Reader.exe

- 2000-08-31 11:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe

+ 2000-08-31 10:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe

- 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

+ 2000-08-31 10:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

- 2008-06-23 16:29:40 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-08-26 08:11:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2005-05-17 19:24:00 311,296 ----a-w C:\WINDOWS\system32\AegisI5.exe

+ 2005-05-17 18:24:00 311,296 ----a-w C:\WINDOWS\system32\AegisI5.exe

- 2008-06-23 16:29:40 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-08-26 08:11:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

- 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

+ 2004-08-04 01:08:00 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys

- 2008-06-23 16:29:40 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-08-26 08:11:45 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-06-23 16:29:40 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-08-26 08:11:45 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-06-23 16:29:40 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-08-26 08:11:45 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-06-23 16:29:40 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-08-26 08:11:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-06-23 09:24:09 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-08-25 08:42:17 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-06-23 16:29:41 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-08-26 08:11:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-06-23 16:29:41 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-08-26 08:11:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-06-23 16:29:41 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-08-26 08:11:46 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-06-23 16:29:41 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-08-26 08:11:46 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-06-23 16:29:42 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-10-03 17:26:01 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-06-23 16:29:42 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-08-26 08:11:48 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-06-23 16:29:43 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-08-26 08:11:48 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-06-23 09:24:22 488,448 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-08-23 05:56:15 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-06-23 16:29:43 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-08-26 08:11:49 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2002-12-12 03:14:32 130,304 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys

+ 2002-12-12 03:14:32 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll

- 2008-06-23 16:29:43 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-08-26 08:11:49 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-06-23 16:29:43 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-08-26 08:11:49 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-06-24 13:29:46 3,752,448 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-08-27 09:11:54 3,593,216 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-06-23 16:29:44 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-08-26 08:11:52 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-06-23 16:29:44 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-08-26 08:11:52 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-06-23 16:29:45 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-08-26 08:11:53 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-02-28 16:02:20 2,140,160 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

+ 2008-08-14 13:45:20 2,140,160 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

- 2007-02-28 16:02:34 2,221,952 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

+ 2008-08-14 13:45:24 2,061,952 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

- 2007-02-28 16:02:18 2,019,840 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

+ 2008-08-14 13:45:20 2,019,840 -c--a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

- 2007-02-28 16:02:28 2,344,704 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

+ 2008-08-14 13:45:25 2,184,576 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

- 2008-06-23 16:29:45 145,920 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-08-26 08:11:53 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-06-23 16:29:45 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-08-26 08:11:53 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2004-08-04 01:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys

- 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\dllcache\srv.sys

+ 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys

+ 2004-07-09 07:27:28 48,512 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys

- 2008-06-23 16:29:45 69,632 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-08-26 08:11:53 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2008-06-23 16:29:46 1,206,272 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-26 08:11:53 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-06-23 16:29:46 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-08-26 08:11:54 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-09-15 15:40:06 1,846,144 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

- 2008-06-23 16:29:46 892,928 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-26 08:11:54 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

- 2004-08-04 00:55:42 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

+ 2004-08-04 01:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

- 2004-08-04 00:55:42 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys

+ 2002-12-12 03:14:32 130,304 ----a-w C:\WINDOWS\system32\drivers\ks.sys

- 2004-08-04 00:55:42 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

+ 2004-08-04 01:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

- 2004-08-04 00:55:42 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys

+ 2004-07-09 07:27:28 48,512 ----a-w C:\WINDOWS\system32\drivers\stream.sys

- 2008-06-23 16:29:40 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-08-26 08:11:45 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll

- 2008-06-23 16:29:40 214,528 ------w C:\WINDOWS\system32\dxtrans.dll

+ 2008-08-26 08:11:45 214,528 ------w C:\WINDOWS\system32\dxtrans.dll

- 2008-06-23 16:29:40 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-08-26 08:11:45 133,120 ------w C:\WINDOWS\system32\extmgr.dll

- 2008-10-09 16:44:58 1,540,728 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-19 10:30:11 1,540,840 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-06-23 16:29:40 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-08-26 08:11:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-06-23 09:24:09 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-08-25 08:42:17 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

- 2008-06-23 16:29:41 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

+ 2008-08-26 08:11:45 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

- 2008-06-23 16:29:41 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

+ 2008-08-26 08:11:45 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll

+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll

- 2008-06-23 16:29:41 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-08-26 08:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-06-23 16:29:41 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-08-26 08:11:46 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

- 2008-06-23 16:29:42 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-10-03 17:26:01 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-06-23 16:29:42 44,544 ------w C:\WINDOWS\system32\iernonce.dll

+ 2008-08-26 08:11:48 44,544 ------w C:\WINDOWS\system32\iernonce.dll

- 2008-06-23 16:29:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-08-26 08:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-06-23 16:29:43 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-08-26 08:11:49 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2004-08-04 00:45:24 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll

+ 2002-12-12 03:14:32 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll

+ 2008-10-05 03:16:26 235,936 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe

- 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 288,128 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2008-06-13 12:20:46 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-10-20 20:00:01 89,102 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2007-08-16 11:55:18 1,576,960 ----a-w C:\WINDOWS\system32\MediaInfo.dll

- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-06-23 16:29:43 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-08-26 08:11:49 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-06-23 16:29:43 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-08-26 08:11:49 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-06-24 13:29:46 3,752,448 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-27 09:11:54 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-06-23 16:29:44 477,696 ------w C:\WINDOWS\system32\mshtmled.dll

+ 2008-08-26 08:11:52 477,696 ------w C:\WINDOWS\system32\mshtmled.dll

- 2008-06-23 16:29:44 193,024 ------w C:\WINDOWS\system32\msrating.dll

+ 2008-08-26 08:11:52 193,024 ------w C:\WINDOWS\system32\msrating.dll

- 2008-06-23 16:29:45 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2008-08-26 08:11:53 671,232 ------w C:\WINDOWS\system32\mstime.dll

- 2007-02-28 16:02:34 2,221,952 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

+ 2008-08-14 13:45:24 2,061,952 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

- 2007-02-28 16:02:28 2,344,704 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

+ 2008-08-14 13:45:25 2,184,576 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

- 2008-06-23 16:29:45 145,920 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-08-26 08:11:53 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-10-08 23:29:54 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-10-12 12:34:20 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-10-08 23:29:54 71,198 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-10-12 12:34:21 71,198 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-10-08 23:29:54 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-10-12 12:34:21 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-10-08 23:29:54 434,194 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-10-12 12:34:21 434,194 ----a-w C:\WINDOWS\system32\perfh016.dat

- 2008-06-23 16:29:45 44,544 ------w C:\WINDOWS\system32\pngfilt.dll

+ 2008-08-26 08:11:53 44,544 ------w C:\WINDOWS\system32\pngfilt.dll

+ 2001-08-17 20:20:04 96,256 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\ac97intc.sys

+ 2004-08-04 00:55:42 60,288 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\drmk.sys

+ 2004-08-04 00:55:42 140,928 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\ks.sys

+ 2004-08-04 00:45:24 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\ksuser.dll

+ 2004-08-04 00:55:42 145,792 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\portcls.sys

+ 2004-08-04 00:55:42 48,640 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\stream.sys

+ 2004-08-04 00:55:42 23,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\wdmaud.drv

+ 2005-10-27 18:06:00 356,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\rt61.sys

- 2008-06-23 16:29:45 69,632 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-08-26 08:11:53 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-06-23 16:29:46 1,206,272 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-26 08:11:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-06-23 16:29:46 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-08-26 08:11:54 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

+ 2008-09-15 15:40:06 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys

- 2008-06-23 16:29:46 892,928 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-08-26 08:11:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-10-23 23:48:20 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_b3c.dat

+ 2008-10-23 23:53:10 7,680 ----a-w C:\WINDOWS\temp\wintmwrtf.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 40448]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5797912]

"Free Download Manager"="C:\Arquivos de programas\Free Download Manager\fdm.exe" [2008-05-20 2543663]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 112496]

"nwiz"="nwiz.exe" [bU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 40448]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Ralink Wireless Utility.lnk - C:\Arquivos de programas\RALINK\Common\RaUI.exe [2008-10-13 667648]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoStartMenuRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[bU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\MessengerDiscovery\\MessengerDiscovery Live.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Valve\\hl.exe"=

"C:\\Compaq\\Programas\\vdownloader\\VDownloader.exe"=

"C:\\Arquivos de programas\\DreMule\\Dreamule.exe"=

"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"C:\\Arquivos de programas\\Ahead\\NeroMediaPlayer\\NeroMediaPlayer.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=

"C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe"=

"C:\\WINDOWS\\system32\\wuauclt.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= C:\\Arquivos de programas\\Windows Live\\Messenger\\MsnMsgr.Exe

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\ComboFix\\NirCmd.cfexe"=

"C:\\Arquivos de programas\\DreMule\\Emule1.exe"=

"C:\\Arquivos de programas\\RALINK\\Common\\RaUI.exe"=

"C:\\WINDOWS\\system32\\Live.scr"=

"C:\\ARQUIV~1\\INCODE~1\\REMOVE~1\\UNWISE.EXE"=

"C:\\Arquivos de programas\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=

"C:\\Arquivos de programas\\DAEMON Tools Lite\\daemon.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\usnsvc.exe"=

"C:\\Documents and Settings\\Milton\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=

"C:\\WINDOWS\\system32\\ctfmon.exe"=

"C:\\WINDOWS\\NiwradSoft Shell Pack\\Software\\ViOrb\\ViOrbv2.exe"=

"C:\\Arquivos de programas\\Free Download Manager\\fdm.exe"=

"C:\\WINDOWS\\TEMP\\wintmwrtf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R3 abp470n5;abp470n5;C:\WINDOWS\system32\drivers\qmuofn.sys [ ]

S1 RemoveAny;RemoveAny driver;C:\WINDOWS\system32\Drivers\removeany.sys [2008-07-02 11008]

S2 gupdate1c8eb64a4799eb0;Google Update Service (gupdate1c8eb64a4799eb0);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-08-28 133104]

S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ead70f1-3897-11dd-8368-000e2ebe0b74}]

\Shell\Auto\Command - program.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL program.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6979fee2-3c98-11dd-8382-000e2ebe0b74}]

\sHelL\AutoplaY\cOmmaND - E:\vbgro.pif

\sHelL\AutoRun\command - E:\vbgro.pif

\sHelL\explore\COmmANd - E:\vbgro.pif

\sHelL\open\command - E:\vbgro.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1156284-89a1-11dd-929c-000e2ebe0b74}]

\Shell\AUtOplAy\cOmManD - E:\yfew.cmd

\Shell\AutoRun\command - E:\yfew.cmd

\Shell\eXPlOrE\commanD - E:\yfew.cmd

\Shell\opEN\commaNd - E:\yfew.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-08-28 18:38]

2008-10-23 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job

- C:\Documents and Settings\Milton\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-SpybotSD TeaTimer - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

HKLM-Run-SmartRAM - C:\Arquivos de programas\IObit\Advanced WindowsCare V2 Pro\MemCleaner.exe

HKLM-Run-SunJavaUpdateSched - C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

HKLM-Run-ISUSScheduler - C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

Notify-klogon - (no file)

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\llcjcvql.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

FF -: plugin - C:\Arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - C:\Arquivos de programas\Google\Lively\nplively.dll

FF -: plugin - C:\Arquivos de programas\Google\Update\1.2.131.25\npGoogleOneClick6.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF -: plugin - C:\Documents and Settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\llcjcvql.default\extensions\justintvpublisher@justin.tv\platform\WINNT_x86-msvc\plugins\npjustintvpublish.dll

FF -: plugin - C:\Documents and Settings\Gustavo\Dados de aplicativos\Mozilla\Firefox\Profiles\llcjcvql.default\extensions\seetooaddon@seetoo.com\plugins\npSeeTooAddon.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-23 21:51:15

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-10-23 22:00:31

ComboFix-quarantined-files.txt 2008-10-24 00:00:23

ComboFix2.txt 2008-10-11 19:07:23

ComboFix3.txt 2008-10-10 22:44:24

Pré-execução: 23 pasta(s) 17.937.428.480 bytes disponíveis

Pós execução: 23 pasta(s) 17,958,313,984 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

565 --- E O F --- 2008-10-23 18:08:10

Log Hijackthis:

Testei o regedit e o gerenciador de tarefas e tão funcionando, depois tento o modo de segurança, mas a calc não ta funcionando, dá um erro assim:

"A DLL user32.dll do sistema foi realocada na memória. O aplicativo não será executado da forma apropriada. A realocação ocorreu porque a DLL C:\WINDOWS\system32\SHELL32.dll ocupava um intervalo de endereços reservados para DLLs do sistema Windows. Entre em contato com o fornecedor da DLL para obter uma nova DLL"

O PC tá rápido ultimamente, já tem quase todos os serviços básicos de volta, só falta a calc que eu saiba. Obrigado mesmo pela ajuda, não vou precisar formatar.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Testei o regedit e o gerenciador de tarefas e tão funcionando, depois tento o modo de segurança, mas a calc não ta funcionando, dá um erro assim:

http://www.microsoft.com/downloads/details.aspx?displaylang=pt-br&FamilyID=74ad4188-3131-429c-8fcb-f7b3b0fd3d86

--------

Conecte suas mídias removíveis no computador.

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::

E:\vbgro.pif
E:\yfew.cmd

Registry::

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ead70f1-3897-11dd-8368-000e2ebe0b74}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6979fee2-3c98-11dd-8382-000e2ebe0b74}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1156284-89a1-11dd-929c-000e2ebe0b74}]

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ontem a noite eu tava funcionando o Gerenciador de Tarefas e o regedit, agora já não tá funcionando (eu nem mexi no pc de ontem pra hoje), tá aparecendo a mensagem:

Pro Gerenciador de Tarefas: "O 'Gerenciador de tarefas' foi desativado pelo administrador"

Pro Regedit: "A edição do Registro foi desativada pelo administrador"

E o que você disse pra fazer na mensagem acima, não tá funcionando também. Quando eu tento mover o CFScript.txt pro Combofix.exe ele aparece:

"O ComboFix.exe encontrou um problema e precisa ser fechado.

Se você estava no meio de alguma operação, as informações nas quais você estava trabalhando podem ter sido perdidas.

Para obter mais informações sobre este erro, clique aqui.

Depurar Fechar"

O que faço?

Log Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 12:29:02, on 10/24/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\TEMP\winklhk.exe

C:\WINDOWS\TEMP\gowdw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Gustavo\CONFIG~1\Temp\Rar$EX00.016\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: ZDWLan Utility.lnk = C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{67710445-EF60-44BD-A0C1-09CF11CB7B90}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8eb64a4799eb0) (gupdate1c8eb64a4799eb0) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Editado por gustavo_pch

Compartilhar este post


Link para o post
Compartilhar em outros sites

Algum pendrive foi conectado na máquina?

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Tente novamente executar o script acima.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do SafeBootKeyRepair

  • Rode a ferramenta.
  • Demorará breves momentos.
  • Quando a ferramenta terminar, gerará um log C:\SafeBoot_Repair.txt
  • Na sua próxima resposta cole o conteúdo desse log, juntamente com um novo log do HijackThis.
  • Informe também o estado do seu PC e se já consegue entrar em Modo Seguro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quando tento entrar no Modo Seguro e no Modo Seguro com rede, ele reinicia após aparecer uma tela com fundo preto, escrito em branco abaixo da tela "Press Esc to cancel loading SPTD.sys". Sempre reinicia nessa parte, e acaba não entrando no Modo Seguro.

Log SafeBoot Repair:

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

Log Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 12:28:32, on 10/30/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Gustavo\Desktop\Vírus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [RocketAppCenter.exe] "C:\Arquivos de programas\Rocket Software\Rocket Mobile & Security Apps\MobileCenter.exe"

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: ZDWLan Utility.lnk = C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{67710445-EF60-44BD-A0C1-09CF11CB7B90}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8eb64a4799eb0) (gupdate1c8eb64a4799eb0) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feche TODOS os programas abertos, principalmente o Internet Explorer e o Windows Explorer. Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked (Não se preocupe caso alguma não exista).

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Reinicie normalmente.

Faça download do Kaspersky Removal Tool (Certifique-se de sempre usar o último link que aparece na lista para baixar a versão mais atual do software). Salve no seu desktop (área de trabalho).

  • Instale o programa normalmente seguindo todos os seus passos.
  • Na tela principal do programa clique na opção "Meu computador" e depois clique no botão "Scan".
  • Seja paciente, o scan pode demorar
  • Se ele encontrar alguma infecção clique em "skip".
  • Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois em "Save to file".
  • Dê um nome para o arquivo e salve numa pasta de sua preferência
  • Poste o conteúdo desse arquivo em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Qual erro acusa? Acabei de testar o link e funciona normalmente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Endereço não encontrado

O Firefox não conseguiu localizar dnl-us6.kaspersky-labs.com.

Não foi possível localizar o servidor do endereço fornecido.

* Houve um engano na digitação do domínio? (exemplo: "ww.mozilla.org" em vez de "www.mozilla.org")

* Tem certeza que o domínio do endereço existe? A validade do registro pode ter vencido.

* Não consegue abrir outros sites? Verifique a sua conexão de rede e as configurações de DNS.

* O seu computador ou rede é protegido por um firewall ou proxy? Configurações incorretas podem interferir na navegação.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste novo log do Hijackthis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Peço desculpa, porque nos últimos dias estive muito sem tempo e nem olhei o tópico.

Log Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 19:04:18, on 11/12/aaaa

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\winsys3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\winsys3.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\DreMule\emule.exe

C:\DOCUME~1\Gustavo\CONFIG~1\Temp\cpyii.exe

C:\DOCUME~1\Gustavo\CONFIG~1\Temp\wqgw.exe

E:\winsys3.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Enterbrain\RPG Maker XP\RPGXP.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Gustavo\Desktop\Vírus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Arquivos de programas\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinSys3] C:\WINDOWS\winsys3.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Free Download Manager] "C:\Arquivos de programas\Free Download Manager\fdm.exe" -autorun

O4 - HKCU\..\Run: [RocketAppCenter.exe] "C:\Arquivos de programas\Rocket Software\Rocket Mobile & Security Apps\MobileCenter.exe"

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O4 - Global Startup: winsys3.exe

O4 - Global Startup: ZDWLan Utility.lnk = C:\Arquivos de programas\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Baixar com o FDM - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o FDM - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selecionado pelo FDM - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Arquivos de programas\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://cube.northwestcollege.edu/kxhcm10.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{67710445-EF60-44BD-A0C1-09CF11CB7B90}: NameServer = 201.10.128.3,201.10.120.3

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\msgrapp.8.5.1302.1018.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8eb64a4799eb0) (gupdate1c8eb64a4799eb0) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Editado por gustavo_pch

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1395

Windows 5.1.2600 Service Pack 2

11/13/aaaa 12:46:33

mbam-log-2008-11-13 (12-46-33).txt

Tipo de Verificação: Rápida

Objetos verificados: 58869

Tempo decorrido: 12 minute(s), 33 second(s)

Processos da Memória infectados: 2

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 7

Processos da Memória infectados:

C:\Documents and Settings\Douglas\Configurações locais\temp\oxlspy.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\Douglas\Configurações locais\temp\winkijx.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys3 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Documents and Settings\Douglas\Configurações locais\temp\oxlspy.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Douglas\Configurações locais\temp\winkijx.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Milton\Configurações locais\temp\leqmu.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Milton\Configurações locais\temp\winlrfk.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Gustavo\Configurações locais\temp\cpyii.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Gustavo\Configurações locais\temp\wqgw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\winsys3.exe (Spyware.OnlineGames) -> Delete on reboot.

Editado por gustavo_pch

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×