Ir ao conteúdo
  • Cadastre-se
Corellom

LOG : dor de cabeça

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 18:15:14, on 7/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe

C:\WINDOWS\vVX1000.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Vitor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [NodLogin] C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226025810890

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Aguardo resposta.

MUITO OBRIGADO!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

Desculpe-nos pela demora mas, se ainda precisa de ajuda, por favor siga as instruções deste tópico:

Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-20 18:05:29

Windows 5.1.2600 Service Pack 3

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ctfmon.exe[320] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ 68, 3B, 12 ]

.text C:\WINDOWS\system32\ctfmon.exe[320] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 10, C3 ]

.text C:\WINDOWS\system32\ctfmon.exe[320] ntdll.dll!NtQuerySystemInformation 7C90D910 3 Bytes [ 68, 0E, 11 ]

.text C:\WINDOWS\system32\ctfmon.exe[320] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 2 Bytes [ 10, C3 ]

.text C:\WINDOWS\Explorer.EXE[348] ntdll.dll!NtEnumerateValueKey 7C90D2D0 6 Bytes PUSH 01CA123B; RET C:\WINDOWS\system32\28463\WCUK.007

.text C:\WINDOWS\Explorer.EXE[348] ntdll.dll!NtQuerySystemInformation 7C90D910 6 Bytes PUSH 01CA110E; RET C:\WINDOWS\system32\28463\WCUK.007

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe[596] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]

.text C:\WINDOWS\system32\SearchIndexer.exe[1224] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe[1496] ntdll.dll!NtEnumerateValueKey 7C90D2D0 4 Bytes [ 68, 3B, 12, 94 ]

.text C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe[1496] ntdll.dll!NtEnumerateValueKey + 5 7C90D2D5 1 Byte [ C3 ]

.text C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe[1496] ntdll.dll!NtQuerySystemInformation 7C90D910 4 Bytes [ 68, 0E, 11, 94 ]

.text C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe[1496] ntdll.dll!NtQuerySystemInformation + 5 7C90D915 1 Byte [ C3 ]

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe[1764] ntdll.dll!NtEnumerateValueKey 7C90D2D0 4 Bytes [ 68, 3B, 12, C3 ]

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe[1764] ntdll.dll!NtEnumerateValueKey + 5 7C90D2D5 1 Byte [ C3 ]

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe[1764] ntdll.dll!NtQuerySystemInformation 7C90D910 4 Bytes [ 68, 0E, 11, C3 ]

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe[1764] ntdll.dll!NtQuerySystemInformation + 5 7C90D915 1 Byte [ C3 ]

.text C:\WINDOWS\vVX1000.exe[1792] ntdll.dll!NtEnumerateValueKey 7C90D2D0 4 Bytes [ 68, 3B, 12, B7 ]

.text C:\WINDOWS\vVX1000.exe[1792] ntdll.dll!NtEnumerateValueKey + 5 7C90D2D5 1 Byte [ C3 ]

.text C:\WINDOWS\vVX1000.exe[1792] ntdll.dll!NtQuerySystemInformation 7C90D910 4 Bytes [ 68, 0E, 11, B7 ]

.text C:\WINDOWS\vVX1000.exe[1792] ntdll.dll!NtQuerySystemInformation + 5 7C90D915 1 Byte [ C3 ]

.text C:\WINDOWS\SOUNDMAN.EXE[1800] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ 68, 3B, 12 ]

.text C:\WINDOWS\SOUNDMAN.EXE[1800] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 10, C3 ]

.text C:\WINDOWS\SOUNDMAN.EXE[1800] ntdll.dll!NtQuerySystemInformation 7C90D910 3 Bytes [ 68, 0E, 11 ]

.text C:\WINDOWS\SOUNDMAN.EXE[1800] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 2 Bytes [ 10, C3 ]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ 68, 3B, 12 ]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 10, C3 ]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ntdll.dll!NtQuerySystemInformation 7C90D910 3 Bytes [ 68, 0E, 11 ]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 2 Bytes [ 10, C3 ]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001CC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001A80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001B90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001DF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001C20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] kernel32.dll!OutputDebugStringW 7C85B335 5 Bytes JMP 28001E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ADVAPI32.dll!CryptDeriveKey 77F69FDD 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ADVAPI32.dll!CryptDecrypt 77F6A109 7 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004440 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 28005C10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 28005E90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280064E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 28003B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 28005D50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 280066D0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006080 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004D20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!closesocket 71A73E2B 5 Bytes JMP 2800AF90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!send 71A74C27 5 Bytes JMP 2800AB70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!WSARecv 71A74CB5 5 Bytes JMP 2800A950 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!recv 71A7676F 5 Bytes JMP 2800A7B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WS2_32.dll!WSASend 71A768FA 5 Bytes JMP 2800AD50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 5 Bytes JMP 280032C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ole32.dll!CoInitializeEx 774DEF7B 5 Bytes JMP 28002100 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 280024A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] ole32.dll!CoRegisterClassObject 774F7E90 5 Bytes JMP 28002200 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!InternetCloseHandle 771BE85D 5 Bytes JMP 280099B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!HttpOpenRequestA 771C160A 5 Bytes JMP 28009670 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 28009800 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2012] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 280098E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[2292] ntdll.dll!NtEnumerateValueKey 7C90D2D0 6 Bytes PUSH 0462123B; RET C:\WINDOWS\system32\28463\WCUK.007

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[2292] ntdll.dll!NtQuerySystemInformation 7C90D910 6 Bytes PUSH 0462110E; RET C:\WINDOWS\system32\28463\WCUK.007

.text C:\Documents and Settings\Vitor\Desktop\gmer.exe[2556] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ 68, 3B, 12 ]

.text C:\Documents and Settings\Vitor\Desktop\gmer.exe[2556] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 10, C3 ]

.text C:\Documents and Settings\Vitor\Desktop\gmer.exe[2556] ntdll.dll!NtQuerySystemInformation 7C90D910 3 Bytes [ 68, 0E, 11 ]

.text C:\Documents and Settings\Vitor\Desktop\gmer.exe[2556] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 2 Bytes [ 10, C3 ]

.text C:\Arquivos de programas\Mozilla Firefox\firefox.exe[2608] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ 68, 3B, 12 ]

.text C:\Arquivos de programas\Mozilla Firefox\firefox.exe[2608] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 10, C3 ]

.text C:\Arquivos de programas\Mozilla Firefox\firefox.exe[2608] ntdll.dll!NtQuerySystemInformation 7C90D910 3 Bytes [ 68, 0E, 11 ]

.text C:\Arquivos de programas\Mozilla Firefox\firefox.exe[2608] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 2 Bytes [ 10, C3 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- Processes - GMER 1.0.14 ----

Process C:\WINDOWS\system32\28463\WCUK.exe (*** hidden *** ) 1888

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0xB1 0x0A 0x94 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xE9 0x96 0xE6 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0xE1 0x3B 0x8B ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0xA7 0xE7 0x11 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0x99 0x0E 0xA8 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2C 0x85 0x17 0x41 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD4 0x8F 0x18 0x13 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0xB1 0x0A 0x94 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2F 0x99 0x6D 0x88 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x06 0x9E 0xAB ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x89 0xA5 0x7B ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0x0A 0x42 0x80 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2C 0x85 0x17 0x41 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD4 0x8F 0x18 0x13 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026@001cd6fa63d0 0xB1 0xD1 0xC4 0xBD ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0xB1 0x0A 0x94 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xE9 0x96 0xE6 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0xE1 0x3B 0x8B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0xA7 0xE7 0x11 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0x99 0x0E 0xA8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2C 0x85 0x17 0x41 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD4 0x8F 0x18 0x13 ...

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\000272b00026

Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\000272b00026@001cd6fa63d0 0xB1 0xD1 0xC4 0xBD ...

Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0xB1 0x0A 0x94 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x02 0xE9 0x96 0xE6 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0xE1 0x3B 0x8B ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB8 0xA7 0xE7 0x11 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xFA 0x99 0x0E 0xA8 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2C 0x85 0x17 0x41 ...

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xD4 0x8F 0x18 0x13 ...

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@WCUK Agent C:\WINDOWS\system32\28463\WCUK.exe

Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\4293822691\Groups@mumui\xb4s 1

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x950a600 size 0x1ae

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Vitor\Cookies\vitor@ads.pointroll[2].txt 761 bytes

File C:\Documents and Settings\Vitor\Cookies\vitor@c.msn[2].txt 64 bytes

File C:\Documents and Settings\Vitor\Dados de aplicativos\Microsoft\MSN Messenger\3838759958\sqmnoopt00.sqm 2084 bytes

File C:\Documents and Settings\Vitor\Dados de aplicativos\Microsoft\MSN Messenger\3838759958\sqmnoopt01.sqm 0 bytes

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by Vitor at 2008-11-20 18:05:37

Microsoft Windows XP Professional Service Pack 3

System drive C: has 25 GB (33%) free of 76 GB

Total RAM: 991 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:06:26, on 20/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\vVX1000.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Vitor\Desktop\RSIT.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\trend micro\Vitor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NodLogin] C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226025810890

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 5393 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"egui"=C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe [2008-04-23 1443072]

"VX1000"=C:\WINDOWS\vVX1000.exe [2007-04-10 709992]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

"NodLogin"=C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe [2008-08-26 359203]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2007-03-26 180269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-10-18 3513344]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\applesyncnotifier]

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bittorrent dna]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bttray]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colex IP Changer]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Arquivos de programas\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EncGrim]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\free download manager]

C:\Arquivos de programas\Free Download Manager\fdm.exe [2006-08-21 2068527]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

C:\Arquivos de programas\Google\Google Talk\googletalk.exe [2007-01-01 3735552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Arquivos de programas\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lifecam]

c:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [2008-10-18 3513344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nodlogin]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe [2007-10-07 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pc suite tray]

C:\Arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Arquivos de programas\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Arquivos de programas\Skype\Phone\Skype.exe [2007-06-08 23233576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman]

C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2007-03-26 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

C:\WINDOWS\system32\VTTimer.exe [2008-05-16 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vttrayp]

C:\WINDOWS\system32\VTTrayp.exe [2008-05-20 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vx1000]

C:\WINDOWS\vVX1000.exe [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]

C:\Arquivos de programas\Warcraft III\w3dr.exe [2008-08-03 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard ]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse ]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[system]]

\system32\drivers\services.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

C:\ARQUIV~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Photosmart Premier.lnk]

C:\ARQUIV~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

C:\ARQUIV~1\ORBITD~1\orbitdm.exe [2008-10-14 1707208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

C:\ARQUIV~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

C:\ARQUIV~1\Hamachi\hamachi.exe [2008-04-15 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

C:\ARQUIV~1\MSNPIC~1\MSNPIC~1.EXE [2007-11-06 4571136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^Reboot.exe]

[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE"="C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"="C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"

"C:\Arquivos de programas\Winamp Remote\bin\Orb.exe"="C:\Arquivos de programas\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"

"C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe"="C:\Arquivos de programas\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"

"C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Arquivos de programas\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe"="C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe"="C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe"="C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

"C:\Arquivos de programas\SmartFTP Client\SmartFTP.exe"="C:\Arquivos de programas\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz"

"C:\Arquivos de programas\Java\jre1.6.0_02\bin\javaw.exe"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"

"C:\Arquivos de programas\Hamachi\hamachi.exe"="C:\Arquivos de programas\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"

"C:\Arquivos de programas\BitTorrent\bittorrent.exe"="C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe"="C:\Arquivos de programas\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"

"C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"

"C:\Arquivos de programas\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Arquivos de programas\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"

"C:\Arquivos de programas\Internet Explorer\iexplore.exe"="C:\Arquivos de programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe"="C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Arquivos de programas\Warcraft III\Warcraft III.exe"="C:\Arquivos de programas\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Arquivos de programas\Warcraft III\war3.exe"="C:\Arquivos de programas\Warcraft III\war3.exe:*:Enabled:Warcraft III"

"C:\Arquivos de programas\Arquivos comuns\Nero\Nero Web\SetupX.exe"="C:\Arquivos de programas\Arquivos comuns\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"

"C:\Arquivos de programas\Garena\Garena.exe"="C:\Arquivos de programas\Garena\Garena.exe:*:Enabled:Garena"

"C:\Arquivos de programas\iTunes\iTunes.exe"="C:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"

"C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2008-11-20 18:05:39 ----D---- C:\Arquivos de programas\trend micro

2008-11-20 18:05:37 ----D---- C:\rsit

2008-11-20 00:55:41 ----A---- C:\WINDOWS\gmer.ini

2008-11-20 00:55:36 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-20 00:55:36 ----A---- C:\WINDOWS\gmer.dll

2008-11-20 00:55:35 ----A---- C:\WINDOWS\gmer.exe

2008-11-19 20:48:52 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-11-19 20:48:52 ----D---- C:\Arquivos de programas\Adobe

2008-11-10 19:04:49 ----D---- C:\Arquivos de programas\TibiaBot NG1

2008-11-10 18:59:33 ----D---- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-11-10 18:46:47 ----SHD---- C:\WINDOWS\system32\28463

2008-11-10 14:16:06 ----A---- C:\WINDOWS\PowerHEX Uninstaller.exe

2008-11-10 14:08:21 ----D---- C:\Arquivos de programas\TibiaBot NG

2008-11-09 20:52:18 ----D---- C:\Arquivos de programas\PowerHEX

2008-11-09 19:19:16 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-11-09 19:19:06 ----SHD---- C:\WINDOWS\system32\Sys

2008-11-09 14:47:47 ----D---- C:\Arquivos de programas\Realtek AC97

2008-11-08 15:24:34 ----A---- C:\WINDOWS\system32\s3iset32_2_00_83.dll

2008-11-08 15:23:47 ----A---- C:\WINDOWS\system32\s3minset.exe

2008-11-08 15:23:47 ----A---- C:\WINDOWS\system32\s3iset32.dll

2008-11-08 14:24:17 ----D---- C:\Driver Download

2008-11-08 14:19:03 ----D---- C:\Driver Backup 11-8-2008-141843

2008-11-07 19:10:13 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-11-07 18:56:43 ----D---- C:\Arquivos de programas\Panda Security

2008-11-07 15:18:25 ----D---- C:\ebee30a61d867be9e0021f3a

2008-11-07 15:16:27 ----D---- C:\WINDOWS\system32\ivtMobCache

2008-11-07 13:22:34 ----SHD---- C:\WINDOWS\CSC

2008-11-07 08:40:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-11-06 20:51:18 ----A---- C:\WINDOWS\system32\XceedZip.dll

2008-11-05 10:40:38 ----D---- C:\Arquivos de programas\ESET

2008-11-05 09:23:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2008-11-05 09:16:52 ----A---- C:\WINDOWS\ModemLog_Nokia 6555 Bluetooth Modem #2.txt

2008-11-05 09:14:24 ----A---- C:\WINDOWS\system32\irclass.dll

2008-11-05 09:14:23 ----A---- C:\WINDOWS\system32\spxcoins.dll

2008-11-05 09:14:05 ----RA---- C:\WINDOWS\SETDA.tmp

2008-11-05 09:14:01 ----RA---- C:\WINDOWS\SETCE.tmp

2008-11-05 09:13:59 ----RA---- C:\WINDOWS\SETCB.tmp

2008-11-05 07:04:51 ----D---- C:\WINDOWS\NLDRV

2008-11-04 00:05:54 ----A---- C:\WINDOWS\BsMobileModel.ini

2008-11-03 23:57:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

2008-11-03 22:14:09 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Nokia

2008-11-03 22:14:07 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\PC Suite

2008-11-03 22:14:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-11-03 22:12:44 ----D---- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-11-03 22:12:43 ----D---- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-11-03 22:12:04 ----D---- C:\Arquivos de programas\DIFX

2008-11-03 22:11:47 ----D---- C:\Arquivos de programas\PC Connectivity Solution

2008-11-03 22:11:09 ----A---- C:\WINDOWS\system32\nmwcdcls.dll

2008-11-03 22:11:08 ----D---- C:\Arquivos de programas\Nokia

2008-11-03 22:10:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-11-03 21:50:56 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Tibia

2008-11-03 21:33:53 ----D---- C:\Arquivos de programas\Tibia

2008-10-29 16:44:04 ----D---- C:\Arquivos de programas\CONEXANT

2008-10-25 12:22:19 ----D---- C:\Arquivos de programas\iPod

2008-10-25 12:22:16 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-25 12:22:16 ----D---- C:\Arquivos de programas\iTunes

Compartilhar este post


Link para o post
Compartilhar em outros sites

cont do log anterior

======List of files/folders created in the last 1 months======

2008-11-20 18:05:39 ----D---- C:\Arquivos de programas\trend micro

2008-11-20 18:05:37 ----D---- C:\rsit

2008-11-20 00:55:41 ----A---- C:\WINDOWS\gmer.ini

2008-11-20 00:55:36 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-20 00:55:36 ----A---- C:\WINDOWS\gmer.dll

2008-11-20 00:55:35 ----A---- C:\WINDOWS\gmer.exe

2008-11-19 20:48:52 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-11-19 20:48:52 ----D---- C:\Arquivos de programas\Adobe

2008-11-10 19:04:49 ----D---- C:\Arquivos de programas\TibiaBot NG1

2008-11-10 18:59:33 ----D---- C:\Arquivos de programas\Arquivos comuns\Thraex Software

2008-11-10 18:46:47 ----SHD---- C:\WINDOWS\system32\28463

2008-11-10 14:16:06 ----A---- C:\WINDOWS\PowerHEX Uninstaller.exe

2008-11-10 14:08:21 ----D---- C:\Arquivos de programas\TibiaBot NG

2008-11-09 20:52:18 ----D---- C:\Arquivos de programas\PowerHEX

2008-11-09 19:19:16 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-11-09 19:19:06 ----SHD---- C:\WINDOWS\system32\Sys

2008-11-09 14:47:47 ----D---- C:\Arquivos de programas\Realtek AC97

2008-11-08 15:24:34 ----A---- C:\WINDOWS\system32\s3iset32_2_00_83.dll

2008-11-08 15:23:47 ----A---- C:\WINDOWS\system32\s3minset.exe

2008-11-08 15:23:47 ----A---- C:\WINDOWS\system32\s3iset32.dll

2008-11-08 14:24:17 ----D---- C:\Driver Download

2008-11-08 14:19:03 ----D---- C:\Driver Backup 11-8-2008-141843

2008-11-07 19:10:13 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-11-07 18:56:43 ----D---- C:\Arquivos de programas\Panda Security

2008-11-07 15:18:25 ----D---- C:\ebee30a61d867be9e0021f3a

2008-11-07 15:16:27 ----D---- C:\WINDOWS\system32\ivtMobCache

2008-11-07 13:22:34 ----SHD---- C:\WINDOWS\CSC

2008-11-07 08:40:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-11-06 20:51:18 ----A---- C:\WINDOWS\system32\XceedZip.dll

2008-11-05 10:40:38 ----D---- C:\Arquivos de programas\ESET

2008-11-05 09:23:06 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2008-11-05 09:16:52 ----A---- C:\WINDOWS\ModemLog_Nokia 6555 Bluetooth Modem #2.txt

2008-11-05 09:14:24 ----A---- C:\WINDOWS\system32\irclass.dll

2008-11-05 09:14:23 ----A---- C:\WINDOWS\system32\spxcoins.dll

2008-11-05 09:14:05 ----RA---- C:\WINDOWS\SETDA.tmp

2008-11-05 09:14:01 ----RA---- C:\WINDOWS\SETCE.tmp

2008-11-05 09:13:59 ----RA---- C:\WINDOWS\SETCB.tmp

2008-11-05 07:04:51 ----D---- C:\WINDOWS\NLDRV

2008-11-04 00:05:54 ----A---- C:\WINDOWS\BsMobileModel.ini

2008-11-03 23:57:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia

2008-11-03 22:14:09 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Nokia

2008-11-03 22:14:07 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\PC Suite

2008-11-03 22:14:05 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

2008-11-03 22:12:44 ----D---- C:\Arquivos de programas\Arquivos comuns\PCSuite

2008-11-03 22:12:43 ----D---- C:\Arquivos de programas\Arquivos comuns\Nokia

2008-11-03 22:12:04 ----D---- C:\Arquivos de programas\DIFX

2008-11-03 22:11:47 ----D---- C:\Arquivos de programas\PC Connectivity Solution

2008-11-03 22:11:09 ----A---- C:\WINDOWS\system32\nmwcdcls.dll

2008-11-03 22:11:08 ----D---- C:\Arquivos de programas\Nokia

2008-11-03 22:10:11 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Installations

2008-11-03 21:50:56 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Tibia

2008-11-03 21:33:53 ----D---- C:\Arquivos de programas\Tibia

2008-10-29 16:44:04 ----D---- C:\Arquivos de programas\CONEXANT

2008-10-25 12:22:19 ----D---- C:\Arquivos de programas\iPod

2008-10-25 12:22:16 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-25 12:22:16 ----D---- C:\Arquivos de programas\iTunes

======List of files/folders modified in the last 1 months======

2008-11-20 18:06:24 ----D---- C:\WINDOWS\Temp

2008-11-20 18:05:39 ----RD---- C:\Arquivos de programas

2008-11-20 14:08:56 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-11-20 09:47:05 ----D---- C:\WINDOWS

2008-11-20 09:46:08 ----HD---- C:\Config.Msi

2008-11-20 00:55:36 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 00:02:14 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-19 20:49:42 ----SHD---- C:\WINDOWS\Installer

2008-11-19 20:49:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2008-11-19 20:48:52 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-11-19 20:47:37 ----D---- C:\WINDOWS\system32

2008-11-18 19:36:14 ----D---- C:\WINDOWS\network diagnostic

2008-11-18 17:00:06 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-17 17:40:58 ----D---- C:\Arquivos de programas\Warcraft III

2008-11-14 23:02:13 ----D---- C:\Arquivos de programas\Garena

2008-11-14 17:12:55 ----D---- C:\Arquivos de programas\Asprate

2008-11-13 18:19:07 ----SH---- C:\boot.ini

2008-11-13 18:19:07 ----A---- C:\WINDOWS\win.ini

2008-11-13 18:19:07 ----A---- C:\WINDOWS\system.ini

2008-11-10 18:52:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-10 18:31:13 ----SHD---- C:\System Volume Information

2008-11-10 14:36:14 ----HD---- C:\WINDOWS\inf

2008-11-10 14:36:14 ----D---- C:\Arquivos de programas\Windows Live Safety Center

2008-11-10 10:24:58 ----D---- C:\Arquivos de programas\Orbitdownloader

2008-11-09 21:50:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-09 16:51:25 ----D---- C:\WINDOWS\security

2008-11-09 16:51:25 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\DNA

2008-11-09 16:51:25 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\BitTorrent

2008-11-09 16:51:25 ----D---- C:\Arquivos de programas\BraZip

2008-11-09 16:48:49 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-09 16:48:47 ----D---- C:\WINDOWS\Debug

2008-11-09 15:15:25 ----D---- C:\WINDOWS\Help

2008-11-09 15:15:00 ----D---- C:\WINDOWS\system32\ReinstallBackups

2008-11-09 15:14:52 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-11-09 14:52:52 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-09 14:52:10 ----D---- C:\WINDOWS\system32\CatRoot

2008-11-08 16:48:19 ----D---- C:\WINDOWS\Registration

2008-11-08 14:34:11 ----SD---- C:\WINDOWS\system32\Microsoft

2008-11-08 14:25:32 ----D---- C:\Arquivos de programas\URUSoft

2008-11-08 13:23:09 ----D---- C:\WINDOWS\pss

2008-11-08 13:23:09 ----D---- C:\LinhaDefensiva

2008-11-08 12:58:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-08 12:57:40 ----D---- C:\WINDOWS\system32\Com

2008-11-08 12:56:01 ----D---- C:\WINDOWS\system32\inetsrv

2008-11-08 12:42:24 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 12:40:01 ----D---- C:\Program Files

2008-11-08 12:35:04 ----D---- C:\Arquivos de programas\Bonjour

2008-11-08 12:33:20 ----D---- C:\Arquivos de programas\Microsoft LifeCam

2008-11-08 12:33:19 ----D---- C:\Arquivos de programas\Winamp

2008-11-08 12:33:18 ----D---- C:\Arquivos de programas\LimeWire

2008-11-08 12:33:18 ----D---- C:\Arquivos de programas\dvdSanta

2008-11-08 12:32:28 ----D---- C:\Arquivos de programas\Messenger

2008-11-08 12:32:28 ----D---- C:\Arquivos de programas\Free Download Manager

2008-11-08 12:32:12 ----D---- C:\Arquivos de programas\QuickTime

2008-11-08 12:31:58 ----D---- C:\Arquivos de programas\DivX

2008-11-08 12:31:57 ----D---- C:\Arquivos de programas\MSN Pictures Displayer

2008-11-08 12:31:52 ----D---- C:\Arquivos de programas\GameSpy Arcade

2008-11-08 12:31:51 ----D---- C:\Arquivos de programas\Windows Media Connect 2

2008-11-08 12:31:51 ----D---- C:\Arquivos de programas\Winamp Remote

2008-11-07 19:38:08 ----D---- C:\WINDOWS\system32\pt-br

2008-11-07 19:38:07 ----D---- C:\Arquivos de programas\Internet Explorer

2008-11-07 19:08:46 ----HDC---- C:\WINDOWS\ie7

2008-11-07 15:57:32 ----D---- C:\Arquivos de programas\WinPcap

2008-11-07 15:57:32 ----D---- C:\Arquivos de programas\DNA

2008-11-07 15:57:31 ----D---- C:\WINDOWS\system32\Tools

2008-11-07 15:23:32 ----D---- C:\WINDOWS\system32\wbem

2008-11-07 15:23:32 ----D---- C:\WINDOWS\AppPatch

2008-11-07 15:23:30 ----RSD---- C:\WINDOWS\Fonts

2008-11-07 15:23:11 ----D---- C:\WINDOWS\system32\Setup

2008-11-07 15:21:15 ----D---- C:\WINDOWS\system32\npp

2008-11-07 15:20:17 ----D---- C:\WINDOWS\ehome

2008-11-07 15:18:13 ----D---- C:\WINDOWS\PeerNet

2008-11-07 15:18:13 ----D---- C:\Arquivos de programas\Windows Media Player

2008-11-07 15:16:47 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2008-11-07 15:16:44 ----D---- C:\Arquivos de programas\TuneUp Utilities 2008

2008-11-07 15:16:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

2008-11-07 15:16:02 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Orbit

2008-11-07 15:11:23 ----D---- C:\WINDOWS\system32\usmt

2008-11-07 15:11:23 ----D---- C:\WINDOWS\system

2008-11-07 15:11:22 ----D---- C:\WINDOWS\system32\oobe

2008-11-07 15:11:11 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2008-11-07 15:11:10 ----D---- C:\Arquivos de programas\Outlook Express

2008-11-07 15:11:09 ----D---- C:\Arquivos de programas\Windows NT

2008-11-07 15:11:08 ----D---- C:\Arquivos de programas\NetMeeting

2008-11-07 15:11:07 ----D---- C:\WINDOWS\ime

2008-11-07 15:11:06 ----D---- C:\WINDOWS\srchasst

2008-11-07 15:11:06 ----D---- C:\WINDOWS\msagent

2008-11-07 15:11:04 ----D---- C:\WINDOWS\system32\Restore

2008-11-07 15:11:03 ----D---- C:\Arquivos de programas\Movie Maker

2008-11-07 13:23:20 ----SD---- C:\WINDOWS\Tasks

2008-11-07 13:07:56 ----D---- C:\WINDOWS\system32\config

2008-11-05 09:45:02 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Free Download Manager

2008-11-05 09:23:40 ----D---- C:\WINDOWS\system32\ias

2008-11-05 09:23:11 ----A---- C:\WINDOWS\ODBCINST.INI

2008-11-05 09:23:09 ----RD---- C:\WINDOWS\Web

2008-11-05 09:22:59 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2008-11-05 09:14:12 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

2008-11-05 07:08:54 ----D---- C:\WINDOWS\Media

2008-11-05 07:07:28 ----D---- C:\WINDOWS\system32\1046

2008-11-05 07:06:39 ----D---- C:\WINDOWS\twain_32

2008-11-05 07:06:23 ----D---- C:\WINDOWS\system32\icsxml

2008-11-05 07:05:46 ----D---- C:\WINDOWS\system32\1033

2008-11-05 07:04:51 ----D---- C:\WINDOWS\Driver Cache

2008-11-05 07:04:50 ----D---- C:\WINDOWS\WinSxS

2008-11-03 23:44:07 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2008-11-03 23:43:45 ----D---- C:\WINDOWS\system32\LogFiles

2008-11-03 23:07:35 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2008-11-03 23:05:19 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\LimeWire

2008-11-03 21:23:03 ----D---- C:\Documents and Settings\Vitor\Dados de aplicativos\Apple Computer

2008-11-03 20:31:08 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2008-10-31 21:41:05 ----A---- C:\totnp233.dll

2008-10-31 21:41:02 ----D---- C:\tunit345

2008-10-29 15:28:12 ----D---- C:\Downloads

2008-10-24 12:00:27 ----HD---- C:\WINDOWS\$hf_mig$

2008-10-21 16:40:17 ----D---- C:\Arquivos de programas\Microsoft Silverlight

2008-10-21 14:06:49 ----RSD---- C:\WINDOWS\assembly

2008-10-21 14:04:53 ----D---- C:\WINDOWS\Microsoft.NET

2008-10-21 14:00:24 ----D---- C:\WINDOWS\system32\en-us

2008-10-21 14:00:21 ----D---- C:\WINDOWS\system32\XPSViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-04-23 29704]

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-04-23 33800]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-04-23 40456]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 43520]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-20 85969]

R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-15 25280]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2008-06-20 303232]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []

S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []

S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []

S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []

S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []

S3 BthEnum;Driver de Bloqueio de Solicitação Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]

S3 BTHMODEM;Driver Serial de Comunicações Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Driver de Porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273280]

S3 BTHUSB;Driver USB de Rádio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []

S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Vitor\CONFIG~1\Temp\GPE18BC.tmp []

S3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]

S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2007-04-26 267520]

S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]

S3 MODEMCSA;Dispositivo de filtro de fluxo unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Driver de monitor de rede; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2007-09-10 4096]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 npkcrypt;npkcrypt; C:\WINDOWS\system32\drivers\npkcrypt.sys []

S3 npkycryp;npkycryp; C:\WINDOWS\system32\drivers\npkycryp.sys []

S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-05-27 16032]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 RFCOMM;Dispositivo Bluetooth (TDI do Protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-28 5888]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2007-12-02 22768]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []

S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []

S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 XDva172;XDva172; C:\WINDOWS\system32\drivers\XDva172.sys []

S3 XDva177;XDva177; C:\WINDOWS\system32\drivers\XDva177.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-06-10 611664]

R2 Apple Mobile Device;Dispositivo Celular da Apple; C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 ekrn;Eset Service; C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-04-23 472320]

R2 MSCamSvc;MSCamSvc; c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 ehttpsrv;Eset HTTP Server; C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-04-23 19200]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;iPod Service; C:\Arquivos de programas\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-04 355584]

S3 umwdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S4 Bonjour Service;Bonjour Service; C:\Arquivos de programas\Bonjour\mDNSResponder.exe [2008-08-29 238888]

S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

S4 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]

S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S4 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-21.03 - Vitor 2008-11-21 21:44:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.529 [GMT -2:00]

Executando de: c:\documents and settings\Vitor\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\Readme.txt

c:\windows\system32\28463

c:\windows\system32\28463\AKV.exe

c:\windows\system32\28463\WCUK.001

c:\windows\system32\28463\WCUK.006

c:\windows\system32\28463\WCUK.007

c:\windows\system32\28463\WCUK.exe

----- BITS: Sites possivelmente infetados -----

hxxp://zinbob.110mb.com

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-21 to 2008-11-21 ))))))))))))))))))))))))))))

.

2008-11-20 18:05 . 2008-11-20 18:06 <DIR> d-------- C:\rsit

2008-11-20 18:05 . 2008-11-20 18:06 <DIR> d-------- c:\arquivos de programas\trend micro

2008-11-20 00:55 . 2008-11-20 13:57 250 --a------ c:\windows\gmer.ini

2008-11-19 20:48 . 2008-11-19 20:49 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-17 18:04 . 2008-11-17 18:04 3,891,867 --a------ c:\arquivos de programas\TibiaBot NG.zip

2008-11-10 19:04 . 2008-11-10 19:04 <DIR> d-------- c:\arquivos de programas\TibiaBot NG1

2008-11-10 18:59 . 2008-11-10 18:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-10 14:16 . 2008-11-10 18:59 162,154 --a------ c:\windows\PowerHEX Uninstaller.exe

2008-11-10 14:08 . 2008-11-13 19:57 <DIR> d-------- c:\arquivos de programas\TibiaBot NG

2008-11-09 20:52 . 2008-11-10 19:04 <DIR> d-------- c:\arquivos de programas\PowerHEX

2008-11-09 19:19 . 2008-11-10 21:48 <DIR> d--hs---- c:\windows\system32\Sys

2008-11-09 19:19 . 2008-11-21 19:02 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 14:47 . 2008-11-09 14:47 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2008-11-08 15:24 . 2008-06-19 09:25 393,216 --a------ c:\windows\system32\s3iset32_2_00_83.dll

2008-11-08 15:23 . 2008-06-19 09:25 393,216 --a------ c:\windows\system32\s3iset32.dll

2008-11-08 15:23 . 2008-06-19 09:25 299,008 --a------ c:\windows\system32\s3minset.exe

2008-11-08 14:24 . 2008-11-08 17:44 <DIR> d-------- C:\Driver Download

2008-11-08 14:19 . 2008-11-08 14:23 <DIR> d-------- C:\Driver Backup 11-8-2008-141843

2008-11-07 19:10 . 2008-11-07 19:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2008-11-07 19:06 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\arquivos de programas\Panda Security

2008-11-07 15:18 . 2008-11-07 15:18 <DIR> d-------- C:\ebee30a61d867be9e0021f3a

2008-11-07 15:16 . 2008-11-07 15:16 <DIR> d-------- c:\windows\system32\ivtMobCache

2008-11-07 13:45 . 2008-04-13 19:21 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe

2008-11-07 13:44 . 2008-04-13 19:20 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe

2008-11-06 20:51 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2008-11-06 20:51 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2008-11-05 10:40 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\ESET

2008-11-05 09:28 . 2001-10-28 12:07 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls

2008-11-05 09:26 . 2001-10-28 12:06 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex

2008-11-05 09:25 . 2008-04-13 19:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2008-11-05 09:24 . 2003-04-14 20:54 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll

2008-11-05 09:23 . 2008-11-05 09:23 488 -rah----- c:\windows\system32\logonui.exe.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\WindowsShell.Manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2008-11-05 09:14 . 2004-08-04 01:31 1,086,058 -ra------ c:\windows\SETCE.tmp

2008-11-05 09:14 . 2001-10-28 12:07 809,104 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT

2008-11-05 09:14 . 2001-10-28 12:06 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT

2008-11-05 09:14 . 2001-10-28 12:07 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT

2008-11-05 09:14 . 2001-10-28 12:07 24,661 --a------ c:\windows\system32\spxcoins.dll

2008-11-05 09:14 . 2001-10-28 12:07 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll

2008-11-05 09:14 . 2004-08-04 01:34 14,043 -ra------ c:\windows\SETDA.tmp

2008-11-05 09:14 . 2001-10-28 12:06 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT

2008-11-05 09:14 . 2001-10-28 12:06 13,312 --a------ c:\windows\system32\irclass.dll

2008-11-05 09:14 . 2001-10-28 12:06 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll

2008-11-05 09:14 . 2001-10-28 12:06 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT

2008-11-05 09:14 . 2001-10-28 12:07 7,407 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT

2008-11-05 09:13 . 2004-08-04 01:40 1,014,492 -ra------ c:\windows\SETCB.tmp

2008-11-05 07:04 . 2008-11-05 07:04 <DIR> d-------- c:\windows\NLDRV

2008-11-04 00:11 . 2008-07-02 14:58 26,248 --a------ c:\windows\system32\drivers\IvtBtBus.sys

2008-11-04 00:10 . 2008-07-31 20:45 20,616 --a------ c:\windows\system32\drivers\BtHidBus.sys

2008-11-04 00:05 . 2008-11-04 00:05 220 --a------ c:\windows\BsMobileModel.ini

2008-11-04 00:01 . 2008-11-04 00:01 2 --a------ C:\2024409115

2008-11-03 23:57 . 2008-11-03 23:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2008-11-03 22:14 . 2008-11-03 23:42 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\PC Suite

2008-11-03 22:14 . 2008-11-07 15:16 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\Nokia

2008-11-03 22:14 . 2008-11-07 15:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2008-11-03 22:12 . 2008-11-03 22:12 <DIR> d-------- c:\arquivos de programas\DIFX

2008-11-03 22:12 . 2008-11-03 22:12 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-11-03 22:12 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2008-11-03 22:12 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-11-03 22:11 . 2008-11-03 22:11 <DIR> d-------- c:\arquivos de programas\PC Connectivity Solution

2008-11-03 22:11 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\Nokia

2008-11-03 22:11 . 2008-02-01 16:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2008-11-03 22:10 . 2008-11-03 23:07 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-11-03 21:50 . 2008-11-03 21:51 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\Tibia

2008-11-03 21:33 . 2008-11-09 22:01 <DIR> d-------- c:\arquivos de programas\Tibia

2008-11-03 20:37 . 2004-10-19 13:40 28,207 --a------ c:\windows\system32\drivers\BTHidMgr.sys

2008-11-03 20:37 . 2004-09-21 18:18 11,604 --a------ c:\windows\system32\drivers\vbtenum.sys

2008-10-29 16:45 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys

2008-10-29 16:44 . 2008-10-29 16:44 <DIR> d-------- c:\arquivos de programas\CONEXANT

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\arquivos de programas\iTunes

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\arquivos de programas\iPod

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-21 00:07 --------- d-----w c:\arquivos de programas\Warcraft III

2008-11-15 01:02 --------- d-----w c:\arquivos de programas\Garena

2008-11-14 19:12 --------- d-----w c:\arquivos de programas\Asprate

2008-11-10 20:52 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-10 16:36 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2008-11-10 12:24 --------- d-----w c:\arquivos de programas\Orbitdownloader

2008-11-09 18:51 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\DNA

2008-11-09 18:51 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

2008-11-09 18:51 --------- d-----w c:\arquivos de programas\BraZip

2008-11-09 18:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-09 17:14 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-08 16:25 --------- d-----w c:\arquivos de programas\URUSoft

2008-11-08 14:42 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 14:35 --------- d-----w c:\arquivos de programas\Bonjour

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\Winamp

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\Microsoft LifeCam

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\LimeWire

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\dvdSanta

2008-11-08 14:32 --------- d-----w c:\arquivos de programas\QuickTime

2008-11-08 14:32 --------- d-----w c:\arquivos de programas\Free Download Manager

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\Winamp Remote

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\MSN Pictures Displayer

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\GameSpy Arcade

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\DivX

2008-11-07 17:57 --------- d-----w c:\arquivos de programas\WinPcap

2008-11-07 17:57 --------- d-----w c:\arquivos de programas\DNA

2008-11-07 17:16 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Orbit

2008-11-07 17:16 --------- d-----w c:\arquivos de programas\TuneUp Utilities 2008

2008-11-07 17:16 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-11-05 11:45 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Free Download Manager

2008-11-04 01:05 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\LimeWire

2008-11-03 23:23 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Apple Computer

2008-11-03 22:31 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-10-31 23:41 4,056 ----a-w C:\totnp233.dll

2008-10-21 18:40 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-10-18 13:09 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-18 13:09 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2008-10-10 23:11 --------- d-----w c:\arquivos de programas\Windows Live Toolbar

2008-10-10 23:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2008-10-10 23:04 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-10 22:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-09-24 12:40 4,122,368 ----a-r c:\windows\system32\drivers\alcxwdm.sys

2008-09-21 19:55 --------- d-----w c:\arquivos de programas\WC3Banlist

2008-09-21 04:28 2,829 ----a-w c:\windows\War3Unin.pif

2008-09-21 04:28 139,264 ----a-w c:\windows\War3Unin.exe

2008-09-05 18:56 287,744 ----a-w c:\windows\WLXPGSS.SCR

2007-12-02 20:21 92,064 ----a-w c:\documents and settings\Vitor\mqdmmdm.sys

2007-12-02 20:21 9,232 ----a-w c:\documents and settings\Vitor\mqdmmdfl.sys

2007-12-02 20:21 79,328 ----a-w c:\documents and settings\Vitor\mqdmserd.sys

2007-12-02 20:21 66,656 ----a-w c:\documents and settings\Vitor\mqdmbus.sys

2007-12-02 20:21 6,208 ----a-w c:\documents and settings\Vitor\mqdmcmnt.sys

2007-12-02 20:21 5,936 ----a-w c:\documents and settings\Vitor\mqdmwhnt.sys

2007-12-02 20:21 4,048 ----a-w c:\documents and settings\Vitor\mqdmcr.sys

2007-12-02 20:21 25,600 ----a-w c:\documents and settings\Vitor\usbsermptxp.sys

2007-12-02 20:21 22,768 ----a-w c:\documents and settings\Vitor\usbsermpt.sys

2007-11-15 19:36 8 ----a-w c:\documents and settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS

2008-08-04 21:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008080420080805\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-10-18 3513344]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"NodLogin"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-08-26 359203]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-03-26 180269]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Photosmart Premier.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^Reboot.exe]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bittorrent dna

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bttray

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Colex IP Changer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EncGrim

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nodlogin

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\applesyncnotifier]

--a------ 2008-10-01 12:57 111936 c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-10-23 14:18 202024 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 19:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 08:48 157592 c:\arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\free download manager]

--a------ 2006-08-21 01:24 2068527 c:\arquivos de programas\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 20:54 3735552 c:\arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]

--a------ 2007-08-24 08:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 18:57 289576 c:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lifecam]

--a------ 2007-05-17 15:45 279912 c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2008-10-18 11:22 3513344 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 08:51 1836328 c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

--a------ 2008-06-17 16:00 1249280 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

--a------ 2007-10-07 22:18 360448 c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pc suite tray]

--a------ 2008-10-02 07:00 1124352 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-06-08 16:18 23233576 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 12:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-07-12 05:00 132496 c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-03-26 19:24 180269 c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vx1000]

--a------ 2007-04-10 15:46 709992 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]

--a------ 2008-08-03 12:38 61440 c:\arquivos de programas\Warcraft III\W3DR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 19:21 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman]

--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

--a------ 2008-05-16 13:58 94208 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vttrayp]

--a------ 2008-05-20 16:00 204800 c:\windows\system32\VTTrayp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\NeverwinterNights\\NWN\\nwmain.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Warcraft III\\war3.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:Tibia

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-11-04 20616]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-07 28544]

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-06-06 16896]

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-03-25 9216]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-06-06 53248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2007-03-25 17920]

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-04-23 33800]

R2 MSCamSvc;MSCamSvc;"c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 271720]

S2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Vitor\CONFIG~1\Temp\GPE18BC.tmp []

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-11-04 26248]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 npkycryp;npkycryp; []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-04 355584]

S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-06-29 1966312]

S3 XDva172;XDva172; []

S3 XDva177;XDva177; []

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-04 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]

2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-11-07 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job

- c:\windows\vVX1000.exe [2007-04-10 15:46]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-WCUK Agent - c:\windows\system32\28463\WCUK.exe

HKU-Default-Run-[system] - \system32\drivers\services.exe

HKU-Default-Run-winlogon - c:\docume~1\LOCALS~1\svchost.exe

MSConfigStartUp-[system] - \system32\drivers\services.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Vitor\Dados de aplicativos\Mozilla\Firefox\Profiles\ehhslbt3.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - blank

FF -: plugin - c:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-21 21:48:10

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\Vitor\CONFIG~1\Temp\GPE18BC.tmp"

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

c:\windows\system32\searchindexer.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-11-21 21:53:32 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-11-21 23:53:27

Pré-execução: 23 pasta(s) 26.042.298.368 bytes disponíveis

Pós execução: 23 pasta(s) 26,593,177,600 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /tutag=3r267o

388 --- E O F --- 2008-10-24 14:00:58

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

>>> Amigo você por acaso chegou a instalar algum keylogger em seu computador?

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

DirLook::
C:\WINDOWS\CSC
C:\WINDOWS\ime
C:\WINDOWS\srchasst
C:\WINDOWS\msagent
c:\windows\system32\Sys
c:\windows\system32\ivtMobCache

Firefox::
FireFox -: Profile - c:\documents and settings\Vitor\Dados de aplicativos\Mozilla\Firefox\Profiles\ehhslbt3.defa ult\
FF -: plugin - c:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\arquivos de programas\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\arquivos de programas\Yahoo!\Common\npyaxmpb.dll

Dirver::
npkycryp
XDva172
XDva177

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

# Etapa nº 2 #

Vá até 4y6d3b8.gif" Jotti's malware scan ":

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o seguinte:
    c:\windows\system32\s3iset32_2_00_83.dll
  • Clique no botão 688godt.jpg
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Repita e submeta a análise, também estes arquivos:
    c:\windows\system32\s3iset32.dll
    c:\windows\system32\s3minset.exe
    C:\2024409115
  • Copie e cole esse resultado.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-21.03 - Vitor 2008-11-24 14:01:57.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.564 [GMT -2:00]

Executando de: c:\documents and settings\Vitor\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Vitor\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))

.

2008-11-22 13:58 . 2007-09-04 14:56 164,352 --a------ c:\windows\system32\unrar.dll

2008-11-22 13:57 . 2008-11-22 13:57 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-11-22 13:57 . 2008-09-19 19:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-11-22 13:57 . 2008-09-24 16:41 839,680 --a------ c:\windows\system32\lameACM.acm

2008-11-22 13:57 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-11-22 13:57 . 2008-10-28 20:35 684,032 --a------ c:\windows\system32\divx.dll

2008-11-22 13:57 . 2004-01-25 14:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-11-22 13:57 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-11-22 13:57 . 2007-09-20 22:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-11-22 13:57 . 2008-09-25 06:03 81,920 --a------ c:\windows\system32\dpl100.dll

2008-11-22 13:57 . 2008-11-02 12:02 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-11-22 13:57 . 2007-07-10 14:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-11-22 13:57 . 2008-10-03 10:30 414 --a------ c:\windows\system32\lame_acm.xml

2008-11-22 13:57 . 2008-07-30 17:09 38 --a------ c:\windows\avisplitter.ini

2008-11-20 18:05 . 2008-11-20 18:06 <DIR> d-------- C:\rsit

2008-11-20 18:05 . 2008-11-20 18:06 <DIR> d-------- c:\arquivos de programas\trend micro

2008-11-20 00:55 . 2008-11-20 13:57 250 --a------ c:\windows\gmer.ini

2008-11-19 20:48 . 2008-11-19 20:49 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-17 18:04 . 2008-11-17 18:04 3,891,867 --a------ c:\arquivos de programas\TibiaBot NG.zip

2008-11-10 19:04 . 2008-11-10 19:04 <DIR> d-------- c:\arquivos de programas\TibiaBot NG1

2008-11-10 18:59 . 2008-11-10 18:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-10 14:16 . 2008-11-10 18:59 162,154 --a------ c:\windows\PowerHEX Uninstaller.exe

2008-11-10 14:08 . 2008-11-13 19:57 <DIR> d-------- c:\arquivos de programas\TibiaBot NG

2008-11-09 20:52 . 2008-11-10 19:04 <DIR> d-------- c:\arquivos de programas\PowerHEX

2008-11-09 19:19 . 2008-11-10 21:48 <DIR> d--hs---- c:\windows\system32\Sys

2008-11-09 19:19 . 2008-11-24 10:47 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 14:47 . 2008-11-09 14:47 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2008-11-08 15:24 . 2008-06-19 09:25 393,216 --a------ c:\windows\system32\s3iset32_2_00_83.dll

2008-11-08 15:23 . 2008-06-19 09:25 393,216 --a------ c:\windows\system32\s3iset32.dll

2008-11-08 15:23 . 2008-06-19 09:25 299,008 --a------ c:\windows\system32\s3minset.exe

2008-11-08 14:24 . 2008-11-08 17:44 <DIR> d-------- C:\Driver Download

2008-11-08 14:19 . 2008-11-08 14:23 <DIR> d-------- C:\Driver Backup 11-8-2008-141843

2008-11-07 19:10 . 2008-11-07 19:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2008-11-07 19:06 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\arquivos de programas\Panda Security

2008-11-07 15:18 . 2008-11-07 15:18 <DIR> d-------- C:\ebee30a61d867be9e0021f3a

2008-11-07 15:16 . 2008-11-07 15:16 <DIR> d-------- c:\windows\system32\ivtMobCache

2008-11-07 13:45 . 2008-04-13 19:21 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe

2008-11-07 13:44 . 2008-04-13 19:20 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe

2008-11-06 20:51 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2008-11-06 20:51 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2008-11-05 10:40 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\ESET

2008-11-05 09:28 . 2001-10-28 12:07 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls

2008-11-05 09:26 . 2001-10-28 12:06 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex

2008-11-05 09:25 . 2008-04-13 19:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2008-11-05 09:24 . 2003-04-14 20:54 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll

2008-11-05 09:23 . 2008-11-05 09:23 488 -rah----- c:\windows\system32\logonui.exe.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\WindowsShell.Manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2008-11-05 09:14 . 2004-08-04 01:31 1,086,058 -ra------ c:\windows\SETCE.tmp

2008-11-05 09:14 . 2001-10-28 12:07 809,104 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT

2008-11-05 09:14 . 2001-10-28 12:06 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT

2008-11-05 09:14 . 2001-10-28 12:07 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT

2008-11-05 09:14 . 2001-10-28 12:07 24,661 --a------ c:\windows\system32\spxcoins.dll

2008-11-05 09:14 . 2001-10-28 12:07 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll

2008-11-05 09:14 . 2004-08-04 01:34 14,043 -ra------ c:\windows\SETDA.tmp

2008-11-05 09:14 . 2001-10-28 12:06 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT

2008-11-05 09:14 . 2001-10-28 12:06 13,312 --a------ c:\windows\system32\irclass.dll

2008-11-05 09:14 . 2001-10-28 12:06 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll

2008-11-05 09:14 . 2001-10-28 12:06 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT

2008-11-05 09:14 . 2001-10-28 12:07 7,407 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT

2008-11-05 09:13 . 2004-08-04 01:40 1,014,492 -ra------ c:\windows\SETCB.tmp

2008-11-05 07:04 . 2008-11-05 07:04 <DIR> d-------- c:\windows\NLDRV

2008-11-04 00:11 . 2008-07-02 14:58 26,248 --a------ c:\windows\system32\drivers\IvtBtBus.sys

2008-11-04 00:10 . 2008-07-31 20:45 20,616 --a------ c:\windows\system32\drivers\BtHidBus.sys

2008-11-04 00:05 . 2008-11-04 00:05 220 --a------ c:\windows\BsMobileModel.ini

2008-11-04 00:01 . 2008-11-04 00:01 2 --a------ C:\2024409115

2008-11-03 23:57 . 2008-11-03 23:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2008-11-03 22:14 . 2008-11-03 23:42 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\PC Suite

2008-11-03 22:14 . 2008-11-07 15:16 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\Nokia

2008-11-03 22:14 . 2008-11-07 15:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2008-11-03 22:12 . 2008-11-03 22:12 <DIR> d-------- c:\arquivos de programas\DIFX

2008-11-03 22:12 . 2008-11-03 22:12 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-11-03 22:12 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2008-11-03 22:12 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-11-03 22:11 . 2008-11-03 22:11 <DIR> d-------- c:\arquivos de programas\PC Connectivity Solution

2008-11-03 22:11 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\Nokia

2008-11-03 22:11 . 2008-02-01 16:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2008-11-03 22:10 . 2008-11-03 23:07 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-11-03 21:50 . 2008-11-03 21:51 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\Tibia

2008-11-03 21:33 . 2008-11-09 22:01 <DIR> d-------- c:\arquivos de programas\Tibia

2008-11-03 20:37 . 2004-10-19 13:40 28,207 --a------ c:\windows\system32\drivers\BTHidMgr.sys

2008-11-03 20:37 . 2004-09-21 18:18 11,604 --a------ c:\windows\system32\drivers\vbtenum.sys

2008-10-29 16:45 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys

2008-10-29 16:44 . 2008-10-29 16:44 <DIR> d-------- c:\arquivos de programas\CONEXANT

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\arquivos de programas\iTunes

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\arquivos de programas\iPod

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-24 11:23 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Orbit

2008-11-23 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-23 19:26 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\LimeWire

2008-11-22 02:24 --------- d-----w c:\arquivos de programas\Warcraft III

2008-11-15 01:02 --------- d-----w c:\arquivos de programas\Garena

2008-11-14 19:12 --------- d-----w c:\arquivos de programas\Asprate

2008-11-10 16:36 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2008-11-10 12:24 --------- d-----w c:\arquivos de programas\Orbitdownloader

2008-11-09 18:51 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\DNA

2008-11-09 18:51 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

2008-11-09 18:51 --------- d-----w c:\arquivos de programas\BraZip

2008-11-09 18:48 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-09 17:14 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-08 16:25 --------- d-----w c:\arquivos de programas\URUSoft

2008-11-08 14:42 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 14:35 --------- d-----w c:\arquivos de programas\Bonjour

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\Winamp

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\Microsoft LifeCam

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\LimeWire

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\dvdSanta

2008-11-08 14:32 --------- d-----w c:\arquivos de programas\QuickTime

2008-11-08 14:32 --------- d-----w c:\arquivos de programas\Free Download Manager

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\Winamp Remote

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\MSN Pictures Displayer

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\GameSpy Arcade

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\DivX

2008-11-07 17:57 --------- d-----w c:\arquivos de programas\WinPcap

2008-11-07 17:57 --------- d-----w c:\arquivos de programas\DNA

2008-11-07 17:16 --------- d-----w c:\arquivos de programas\TuneUp Utilities 2008

2008-11-07 17:16 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-11-05 11:45 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Free Download Manager

2008-11-03 23:23 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Apple Computer

2008-11-03 22:31 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-10-31 23:41 4,056 ----a-w C:\totnp233.dll

2008-10-26 16:44 686,111 ----a-w c:\windows\Fonts\unins000.exe

2008-10-21 18:40 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-10-18 13:09 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-18 13:09 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2008-10-10 23:11 --------- d-----w c:\arquivos de programas\Windows Live Toolbar

2008-10-10 23:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2008-10-10 23:04 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-10 22:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-09-24 12:40 4,122,368 ----a-r c:\windows\system32\drivers\alcxwdm.sys

2008-09-21 04:28 2,829 ----a-w c:\windows\War3Unin.pif

2008-09-21 04:28 139,264 ----a-w c:\windows\War3Unin.exe

2008-09-09 03:03 51,712 ----a-w c:\windows\system32\sirenacm.dll

2008-09-05 18:56 287,744 ----a-w c:\windows\WLXPGSS.SCR

2008-08-29 13:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 12:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2007-12-02 20:21 92,064 ----a-w c:\documents and settings\Vitor\mqdmmdm.sys

2007-12-02 20:21 9,232 ----a-w c:\documents and settings\Vitor\mqdmmdfl.sys

2007-12-02 20:21 79,328 ----a-w c:\documents and settings\Vitor\mqdmserd.sys

2007-12-02 20:21 66,656 ----a-w c:\documents and settings\Vitor\mqdmbus.sys

2007-12-02 20:21 6,208 ----a-w c:\documents and settings\Vitor\mqdmcmnt.sys

2007-12-02 20:21 5,936 ----a-w c:\documents and settings\Vitor\mqdmwhnt.sys

2007-12-02 20:21 4,048 ----a-w c:\documents and settings\Vitor\mqdmcr.sys

2007-12-02 20:21 25,600 ----a-w c:\documents and settings\Vitor\usbsermptxp.sys

2007-12-02 20:21 22,768 ----a-w c:\documents and settings\Vitor\usbsermpt.sys

2007-11-15 19:36 8 ----a-w c:\documents and settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS

2008-08-04 21:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008080420080805\index.dat

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\windows\CSC ----

2008-11-07 18:31 64 --a-s---- c:\windows\CSC\00000001

2008-11-07 13:22 64 --a-s---- c:\windows\CSC\00000002

---- Directory of c:\windows\ime ----

2008-04-13 19:20 271872 --a------ c:\windows\ime\sptip.dll

2008-04-13 19:20 220160 --a------ c:\windows\ime\mscandui.dll

2008-04-13 19:20 130048 --a------ c:\windows\ime\softkbd.dll

2008-04-13 09:43 62976 --a------ c:\windows\ime\spgrmr.dll

---- Directory of c:\windows\msagent ----

2008-04-13 19:20 57344 --a------ c:\windows\msagent\agentdpv.dll

2008-04-13 19:20 49152 --a------ c:\windows\msagent\agentmpx.dll

2008-04-13 19:20 44032 --a------ c:\windows\msagent\agentsr.dll

2008-04-13 19:20 42496 --a------ c:\windows\msagent\agentdp2.dll

2008-04-13 19:20 39936 --a------ c:\windows\msagent\mslwvtts.dll

2008-04-13 19:20 256512 --a------ c:\windows\msagent\agentsvr.exe

2008-04-13 19:20 24064 --a------ c:\windows\msagent\agtintl.dll

2008-04-13 19:20 24064 --a------ c:\windows\msagent\agentpsh.dll

2008-04-13 19:20 24064 --a------ c:\windows\msagent\agentanm.dll

2008-04-13 19:20 214016 --a------ c:\windows\msagent\agentctl.dll

2008-04-13 10:32 19968 --a------ c:\windows\msagent\intl\agt0409.dll

2008-04-13 10:32 18432 --a------ c:\windows\msagent\agtctl15.tlb

2007-04-02 11:26 22016 --a------ c:\windows\msagent\intl\agt0408.dll

2007-04-02 11:26 21504 --a------ c:\windows\msagent\intl\agt040c.dll

2007-04-02 11:26 21504 --a------ c:\windows\msagent\intl\agt0407.dll

2007-04-02 11:26 20992 --a------ c:\windows\msagent\intl\agt0816.dll

2007-04-02 11:26 20992 --a------ c:\windows\msagent\intl\agt0413.dll

2007-04-02 11:26 20992 --a------ c:\windows\msagent\intl\agt0410.dll

2007-04-02 11:26 20480 --a------ c:\windows\msagent\intl\agt0c0a.dll

2007-04-02 11:26 20480 --a------ c:\windows\msagent\intl\agt0416.dll

2007-04-02 11:26 19968 --a------ c:\windows\msagent\intl\agt040e.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt041f.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt041d.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt0419.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt0415.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt0414.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt040b.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt0406.dll

2007-04-02 11:26 19456 --a------ c:\windows\msagent\intl\agt0405.dll

2001-10-28 12:06 2180663 --a------ c:\windows\msagent\chars\merlin.acs

---- Directory of c:\windows\srchasst ----

2008-04-13 19:20 727102 --a------ c:\windows\srchasst\srchui.dll

2008-04-13 19:20 58434 --a------ c:\windows\srchasst\srchctls.dll

2008-04-13 19:20 3166208 --a------ c:\windows\srchasst\msgr3en.dll

2007-09-19 02:09 2370 --a------ c:\windows\srchasst\mui\0416\lclmm.xml

2004-07-17 11:42 816535 --a------ c:\windows\srchasst\chars\courtney.acs

2004-07-17 11:42 1472718 --a------ c:\windows\srchasst\chars\earl.acs

2004-07-17 11:40 5614 --a------ c:\windows\srchasst\mui\0416\lcladvd.xml

2004-07-17 11:40 2862 --a------ c:\windows\srchasst\mui\0416\inetpref.xml

2004-07-17 11:40 2540 --a------ c:\windows\srchasst\mui\0416\lcldocs.xml

2001-10-28 16:07 4399505 --a------ c:\windows\srchasst\nls302en.lex

2001-10-28 16:07 1861820 --a------ c:\windows\srchasst\chars\rover.acs

2001-10-28 16:06 811 --a------ c:\windows\srchasst\mui\0416\inetfind.xml

2001-10-28 16:06 792 --a------ c:\windows\srchasst\mui\0416\lclcomp.xml

2001-10-28 16:06 701 --a------ c:\windows\srchasst\mui\0416\lclother.xml

2001-10-28 16:06 6812 --a------ c:\windows\srchasst\mui\0416\lcladvmm.xml

2001-10-28 16:06 643 --a------ c:\windows\srchasst\mui\0416\lcltechy.xml

2001-10-28 16:06 6229 --a------ c:\windows\srchasst\mui\0416\lclrfine.xml

2001-10-28 16:06 619 --a------ c:\windows\srchasst\mui\0416\intents.xml

2001-10-28 16:06 6017 --a------ c:\windows\srchasst\mui\0416\lcladvdf.xml

2001-10-28 16:06 570 --a------ c:\windows\srchasst\mui\0416\intro.xml

2001-10-28 16:06 5694 --a------ c:\windows\srchasst\mui\0416\lcladv.xml

2001-10-28 16:06 562 --a------ c:\windows\srchasst\mui\0416\lclmode.xml

2001-10-28 16:06 507 --a------ c:\windows\srchasst\mui\0416\charctxt.xml

2001-10-28 16:06 461 --a------ c:\windows\srchasst\mui\0416\lclkwrds.xml

2001-10-28 16:06 353 --a------ c:\windows\srchasst\mui\0416\lcllook.xml

2001-10-28 16:06 34671 --a------ c:\windows\srchasst\mui\0416\balloon.xsl

2001-10-28 16:06 34643 --a------ c:\windows\srchasst\mui\0416\bar.xsl

2001-10-28 16:06 231 --a------ c:\windows\srchasst\mui\0416\charchsr.xml

2001-10-28 16:06 2027 --a------ c:\windows\srchasst\mui\0416\lcldate.xml

2001-10-28 16:06 2008 --a------ c:\windows\srchasst\mui\0416\lclprog.xml

2001-10-28 16:06 1572 --a------ c:\windows\srchasst\mui\0416\lclsize.xml

2001-10-28 16:06 1524 --a------ c:\windows\srchasst\mui\0416\inetopts.xml

2001-10-28 16:06 1507 --a------ c:\windows\srchasst\mui\0416\indxsvc.xml

2001-10-28 16:06 1299 --a------ c:\windows\srchasst\mui\0416\lclsrch.xml

2001-10-28 16:06 1183 --a------ c:\windows\srchasst\mui\0416\inetsrch.xml

2001-10-28 16:06 1097 --a------ c:\windows\srchasst\mui\0416\finish.xml

2001-10-28 16:06 100 --a------ c:\windows\srchasst\mui\0416\error.xml

---- Directory of c:\windows\system32\ivtMobCache ----

---- Directory of c:\windows\system32\Sys ----

2008-11-10 18:46 156838 --a------ c:\windows\system32\Sys\WVVG.002

2008-11-10 12:19 538 --a------ c:\windows\system32\Sys\WVVG.001

2008-11-10 12:17 7680 --a------ c:\windows\system32\Sys\WVVG.006

2008-11-10 12:17 5632 --a------ c:\windows\system32\Sys\WVVG.007

2008-11-10 12:17 129906 --a------ c:\windows\system32\Sys\VFLI.002

2008-11-09 19:22 514 --a------ c:\windows\system32\Sys\VFLI.001

2008-11-09 19:19 7680 --a------ c:\windows\system32\Sys\VFLI.006

2008-11-09 19:19 5632 --a------ c:\windows\system32\Sys\VFLI.007

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-10-18 3513344]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"NodLogin"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-08-26 359203]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-03-26 180269]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-02-09 1707208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Photosmart Premier.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\applesyncnotifier]

--a------ 2008-10-01 12:57 111936 c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-10-23 14:18 202024 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 19:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 08:48 157592 c:\arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\free download manager]

--a------ 2006-08-21 01:24 2068527 c:\arquivos de programas\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 20:54 3735552 c:\arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]

--a------ 2007-08-24 08:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 18:57 289576 c:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lifecam]

--a------ 2007-05-17 15:45 279912 c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2008-10-18 11:22 3513344 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 08:51 1836328 c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

--a------ 2008-06-17 16:00 1249280 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

--a------ 2007-10-07 22:18 360448 c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pc suite tray]

--a------ 2008-10-02 07:00 1124352 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-06-08 16:18 23233576 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 12:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-07-12 05:00 132496 c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-03-26 19:24 180269 c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vx1000]

--a------ 2007-04-10 15:46 709992 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]

--a------ 2008-08-03 12:38 61440 c:\arquivos de programas\Warcraft III\W3DR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 19:21 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman]

--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

--a------ 2008-05-16 13:58 94208 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vttrayp]

--a------ 2008-05-20 16:00 204800 c:\windows\system32\VTTrayp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\NeverwinterNights\\NWN\\nwmain.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Warcraft III\\war3.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:Tibia

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-11-04 20616]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-07 28544]

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-06-06 16896]

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-03-25 9216]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-06-06 53248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2007-03-25 17920]

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-04-23 33800]

R2 MSCamSvc;MSCamSvc;"c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 271720]

S2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]

S3 GarenaPEngine;GarenaPEngine; []

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-11-04 26248]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 npkycryp;npkycryp; []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-04 355584]

S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-06-29 1966312]

S3 XDva172;XDva172; []

S3 XDva177;XDva177; []

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-04 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]

2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-11-07 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job

- c:\windows\vVX1000.exe [2007-04-10 15:46]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 14:05:35

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-24 14:06:55

ComboFix-quarantined-files.txt 2008-11-24 16:06:20

ComboFix2.txt 2008-11-21 23:53:33

Pré-execução: 23 pasta(s) 26.351.431.680 bytes disponíveis

Pós execução: 23 pasta(s) 26,355,314,688 bytes disponíveis

437 --- E O F --- 2008-10-24 14:00:58

Compartilhar este post


Link para o post
Compartilhar em outros sites

c:\windows\system32\s3iset32_2_00_83.dll

OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

---------

c:\windows\system32\s3iset32.dll

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

c:\windows\system32\s3minset.exe

Status: OK

C:\2024409115

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

ps- Nao instalei nenhum keylogger

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "CODE":

http://forum.clubedohardware.com.br/log-dor-cabeca/598893

Collect::[1]
c:\windows\system32\Sys\WVVG.002
c:\windows\system32\Sys\WVVG.001
c:\windows\system32\Sys\WVVG.006
c:\windows\system32\Sys\WVVG.007
c:\windows\system32\Sys\VFLI.002
c:\windows\system32\Sys\VFLI.001
c:\windows\system32\Sys\VFLI.006
c:\windows\system32\Sys\VFLI.007

Folder::
c:\windows\system32\Sys

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um arquivo zipado chamado de: Submit [Date Time].zip e também será criado um arquivo: CF-Submit-Previous.htm
  • Certifique-se que tem conexão à internet, pois terá de enviar uns arquivos para análise mais detalhada.
  • No seu computador, localize a pasta C:\Qoobox. Dentro dessa pasta verá um arquivo como nome "CF-Submit-Previous.htm", terá um icone semelhante a este:
  • icon_html.png
  • Dê duplo clique nesse arquivo e uma página será aberta no seu Internet Explorer
  • Na caixa por baixo de "Submeter o malware para análise em Bleeping Computer", copie e cole o caminho para o arquivo que está a frente de "File path ---> (exemplo: C:\Qoobox\Quarantine\Submit [Date Time].zip)
  • Clique agora em "Send" para o arquivo ser enviado.
  • Cole o arquivo C:\ComboFix.txt na sua resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-21.03 - Vitor 2008-11-24 20:03:08.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.613 [GMT -2:00]

Executando de: c:\documents and settings\Vitor\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Vitor\Desktop\CFScript.txt

* Criado um novo ponto de restauro

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Sys

c:\windows\system32\Sys\VFLI.001

c:\windows\system32\Sys\VFLI.002

c:\windows\system32\Sys\VFLI.006

c:\windows\system32\Sys\VFLI.007

c:\windows\system32\Sys\WVVG.001

c:\windows\system32\Sys\WVVG.002

c:\windows\system32\Sys\WVVG.006

c:\windows\system32\Sys\WVVG.007

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))

.

2008-11-22 13:58 . 2007-09-04 14:56 164,352 --a------ c:\windows\system32\unrar.dll

2008-11-22 13:57 . 2008-11-22 13:57 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-11-22 13:57 . 2008-09-19 19:57 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2008-11-22 13:57 . 2008-09-24 16:41 839,680 --a------ c:\windows\system32\lameACM.acm

2008-11-22 13:57 . 2008-01-10 10:15 755,027 --a------ c:\windows\system32\xvidcore.dll

2008-11-22 13:57 . 2008-10-28 20:35 684,032 --a------ c:\windows\system32\divx.dll

2008-11-22 13:57 . 2004-01-25 14:18 217,088 --a------ c:\windows\system32\yv12vfw.dll

2008-11-22 13:57 . 2008-01-10 10:16 159,839 --a------ c:\windows\system32\xvidvfw.dll

2008-11-22 13:57 . 2007-09-20 22:52 118,784 --a------ c:\windows\system32\ac3acm.acm

2008-11-22 13:57 . 2008-09-25 06:03 81,920 --a------ c:\windows\system32\dpl100.dll

2008-11-22 13:57 . 2008-11-02 12:02 7,680 --a------ c:\windows\system32\ff_vfw.dll

2008-11-22 13:57 . 2007-07-10 14:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest

2008-11-22 13:57 . 2008-10-03 10:30 414 --a------ c:\windows\system32\lame_acm.xml

2008-11-22 13:57 . 2008-07-30 17:09 38 --a------ c:\windows\avisplitter.ini

2008-11-20 18:05 . 2008-11-20 18:06 <DIR> d-------- C:\rsit

2008-11-20 18:05 . 2008-11-20 18:06 <DIR> d-------- c:\arquivos de programas\trend micro

2008-11-20 00:55 . 2008-11-20 13:57 250 --a------ c:\windows\gmer.ini

2008-11-19 20:48 . 2008-11-19 20:49 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Adobe

2008-11-17 18:04 . 2008-11-17 18:04 3,891,867 --a------ c:\arquivos de programas\TibiaBot NG.zip

2008-11-10 19:04 . 2008-11-10 19:04 <DIR> d-------- c:\arquivos de programas\TibiaBot NG1

2008-11-10 18:59 . 2008-11-10 18:59 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Thraex Software

2008-11-10 14:16 . 2008-11-10 18:59 162,154 --a------ c:\windows\PowerHEX Uninstaller.exe

2008-11-10 14:08 . 2008-11-13 19:57 <DIR> d-------- c:\arquivos de programas\TibiaBot NG

2008-11-09 20:52 . 2008-11-10 19:04 <DIR> d-------- c:\arquivos de programas\PowerHEX

2008-11-09 19:19 . 2008-11-24 19:59 <DIR> d-a------ c:\documents and settings\All Users\Dados de aplicativos\TEMP

2008-11-09 14:47 . 2008-11-09 14:47 <DIR> d-------- c:\arquivos de programas\Realtek AC97

2008-11-08 15:24 . 2008-06-19 09:25 393,216 --a------ c:\windows\system32\s3iset32_2_00_83.dll

2008-11-08 15:23 . 2008-06-19 09:25 393,216 --a------ c:\windows\system32\s3iset32.dll

2008-11-08 15:23 . 2008-06-19 09:25 299,008 --a------ c:\windows\system32\s3minset.exe

2008-11-08 14:24 . 2008-11-08 17:44 <DIR> d-------- C:\Driver Download

2008-11-08 14:19 . 2008-11-08 14:23 <DIR> d-------- C:\Driver Backup 11-8-2008-141843

2008-11-07 19:10 . 2008-11-07 19:10 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Grisoft

2008-11-07 19:06 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2008-11-07 18:56 . 2008-11-07 18:56 <DIR> d-------- c:\arquivos de programas\Panda Security

2008-11-07 15:18 . 2008-11-07 15:18 <DIR> d-------- C:\ebee30a61d867be9e0021f3a

2008-11-07 15:16 . 2008-11-07 15:16 <DIR> d-------- c:\windows\system32\ivtMobCache

2008-11-07 13:45 . 2008-04-13 19:21 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe

2008-11-07 13:44 . 2008-04-13 19:20 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe

2008-11-06 20:51 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2008-11-06 20:51 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2008-11-05 10:40 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\ESET

2008-11-05 09:28 . 2001-10-28 12:07 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls

2008-11-05 09:26 . 2001-10-28 12:06 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex

2008-11-05 09:25 . 2008-04-13 19:18 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll

2008-11-05 09:24 . 2003-04-14 20:54 217,088 --a--c--- c:\windows\system32\dllcache\fpmmcsat.dll

2008-11-05 09:23 . 2008-11-05 09:23 488 -rah----- c:\windows\system32\logonui.exe.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\WindowsShell.Manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2008-11-05 09:22 . 2008-11-05 09:22 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2008-11-05 09:14 . 2004-08-04 01:31 1,086,058 -ra------ c:\windows\SETCE.tmp

2008-11-05 09:14 . 2001-10-28 12:07 809,104 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT

2008-11-05 09:14 . 2001-10-28 12:06 399,670 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT

2008-11-05 09:14 . 2001-10-28 12:07 37,509 --a--c--- c:\windows\system32\dllcache\MW770.CAT

2008-11-05 09:14 . 2001-10-28 12:07 24,661 --a------ c:\windows\system32\spxcoins.dll

2008-11-05 09:14 . 2001-10-28 12:07 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll

2008-11-05 09:14 . 2004-08-04 01:34 14,043 -ra------ c:\windows\SETDA.tmp

2008-11-05 09:14 . 2001-10-28 12:06 13,497 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT

2008-11-05 09:14 . 2001-10-28 12:06 13,312 --a------ c:\windows\system32\irclass.dll

2008-11-05 09:14 . 2001-10-28 12:06 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll

2008-11-05 09:14 . 2001-10-28 12:06 8,599 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT

2008-11-05 09:14 . 2001-10-28 12:07 7,407 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT

2008-11-05 09:13 . 2004-08-04 01:40 1,014,492 -ra------ c:\windows\SETCB.tmp

2008-11-05 07:04 . 2008-11-05 07:04 <DIR> d-------- c:\windows\NLDRV

2008-11-04 00:11 . 2008-07-02 14:58 26,248 --a------ c:\windows\system32\drivers\IvtBtBus.sys

2008-11-04 00:10 . 2008-07-31 20:45 20,616 --a------ c:\windows\system32\drivers\BtHidBus.sys

2008-11-04 00:05 . 2008-11-04 00:05 220 --a------ c:\windows\BsMobileModel.ini

2008-11-04 00:01 . 2008-11-04 00:01 2 --a------ C:\2024409115

2008-11-03 23:57 . 2008-11-03 23:57 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Nokia

2008-11-03 22:14 . 2008-11-03 23:42 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\PC Suite

2008-11-03 22:14 . 2008-11-07 15:16 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\Nokia

2008-11-03 22:14 . 2008-11-07 15:16 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\PC Suite

2008-11-03 22:12 . 2008-11-03 22:12 <DIR> d-------- c:\arquivos de programas\DIFX

2008-11-03 22:12 . 2008-11-03 22:12 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\PCSuite

2008-11-03 22:12 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Nokia

2008-11-03 22:12 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-11-03 22:11 . 2008-11-03 22:11 <DIR> d-------- c:\arquivos de programas\PC Connectivity Solution

2008-11-03 22:11 . 2008-11-07 15:16 <DIR> d-------- c:\arquivos de programas\Nokia

2008-11-03 22:11 . 2008-02-01 16:17 90,624 --a------ c:\windows\system32\nmwcdcls.dll

2008-11-03 22:10 . 2008-11-03 23:07 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Installations

2008-11-03 21:50 . 2008-11-03 21:51 <DIR> d-------- c:\documents and settings\Vitor\Dados de aplicativos\Tibia

2008-11-03 21:33 . 2008-11-09 22:01 <DIR> d-------- c:\arquivos de programas\Tibia

2008-11-03 20:37 . 2004-10-19 13:40 28,207 --a------ c:\windows\system32\drivers\BTHidMgr.sys

2008-11-03 20:37 . 2004-09-21 18:18 11,604 --a------ c:\windows\system32\drivers\vbtenum.sys

2008-10-29 16:45 . 2001-08-17 21:57 16,128 --a------ c:\windows\system32\drivers\MODEMCSA.sys

2008-10-29 16:44 . 2008-10-29 16:44 <DIR> d-------- c:\arquivos de programas\CONEXANT

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\arquivos de programas\iTunes

2008-10-25 12:22 . 2008-10-25 12:22 <DIR> d-------- c:\arquivos de programas\iPod

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-24 17:24 --------- d-----w c:\arquivos de programas\Warcraft III

2008-11-24 16:07 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-24 11:23 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Orbit

2008-11-23 21:54 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-11-23 19:26 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\LimeWire

2008-11-15 01:02 --------- d-----w c:\arquivos de programas\Garena

2008-11-14 19:12 --------- d-----w c:\arquivos de programas\Asprate

2008-11-10 16:36 --------- d-----w c:\arquivos de programas\Windows Live Safety Center

2008-11-10 12:24 --------- d-----w c:\arquivos de programas\Orbitdownloader

2008-11-09 18:51 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\DNA

2008-11-09 18:51 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\BitTorrent

2008-11-09 18:51 --------- d-----w c:\arquivos de programas\BraZip

2008-11-09 17:14 --------- d--h--w c:\arquivos de programas\InstallShield Installation Information

2008-11-08 16:25 --------- d-----w c:\arquivos de programas\URUSoft

2008-11-08 14:42 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\BVRP Software

2008-11-08 14:35 --------- d-----w c:\arquivos de programas\Bonjour

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\Winamp

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\Microsoft LifeCam

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\LimeWire

2008-11-08 14:33 --------- d-----w c:\arquivos de programas\dvdSanta

2008-11-08 14:32 --------- d-----w c:\arquivos de programas\QuickTime

2008-11-08 14:32 --------- d-----w c:\arquivos de programas\Free Download Manager

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\Windows Media Connect 2

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\Winamp Remote

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\MSN Pictures Displayer

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\GameSpy Arcade

2008-11-08 14:31 --------- d-----w c:\arquivos de programas\DivX

2008-11-07 17:57 --------- d-----w c:\arquivos de programas\WinPcap

2008-11-07 17:57 --------- d-----w c:\arquivos de programas\DNA

2008-11-07 17:16 --------- d-----w c:\arquivos de programas\TuneUp Utilities 2008

2008-11-07 17:16 --------- d-----w c:\arquivos de programas\Spybot - Search & Destroy

2008-11-05 11:45 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Free Download Manager

2008-11-03 23:23 --------- d-----w c:\documents and settings\Vitor\Dados de aplicativos\Apple Computer

2008-11-03 22:31 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-10-31 23:41 4,056 ----a-w C:\totnp233.dll

2008-10-26 16:44 686,111 ----a-w c:\windows\Fonts\unins000.exe

2008-10-21 18:40 --------- d-----w c:\arquivos de programas\Microsoft Silverlight

2008-10-18 13:09 --------- d-----w c:\arquivos de programas\Windows Live

2008-10-18 13:09 --------- d-----w c:\arquivos de programas\Microsoft SQL Server Compact Edition

2008-10-10 23:11 --------- d-----w c:\arquivos de programas\Windows Live Toolbar

2008-10-10 23:04 --------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2008-10-10 23:04 --------- d-----w c:\arquivos de programas\Microsoft

2008-10-10 22:29 --------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2008-09-24 12:40 4,122,368 ----a-r c:\windows\system32\drivers\alcxwdm.sys

2008-09-21 04:28 2,829 ----a-w c:\windows\War3Unin.pif

2008-09-21 04:28 139,264 ----a-w c:\windows\War3Unin.exe

2008-09-09 03:03 51,712 ----a-w c:\windows\system32\sirenacm.dll

2008-09-05 18:56 287,744 ----a-w c:\windows\WLXPGSS.SCR

2008-08-29 13:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 12:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2007-12-02 20:21 92,064 ----a-w c:\documents and settings\Vitor\mqdmmdm.sys

2007-12-02 20:21 9,232 ----a-w c:\documents and settings\Vitor\mqdmmdfl.sys

2007-12-02 20:21 79,328 ----a-w c:\documents and settings\Vitor\mqdmserd.sys

2007-12-02 20:21 66,656 ----a-w c:\documents and settings\Vitor\mqdmbus.sys

2007-12-02 20:21 6,208 ----a-w c:\documents and settings\Vitor\mqdmcmnt.sys

2007-12-02 20:21 5,936 ----a-w c:\documents and settings\Vitor\mqdmwhnt.sys

2007-12-02 20:21 4,048 ----a-w c:\documents and settings\Vitor\mqdmcr.sys

2007-12-02 20:21 25,600 ----a-w c:\documents and settings\Vitor\usbsermptxp.sys

2007-12-02 20:21 22,768 ----a-w c:\documents and settings\Vitor\usbsermpt.sys

2007-11-15 19:36 8 ----a-w c:\documents and settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS

2008-08-04 21:36 32,768 --sha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008080420080805\index.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-10-18 3513344]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1443072]

"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]

"NodLogin"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-08-26 359203]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-03-26 180269]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 171520]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-02-09 1707208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BlueSoleil.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Photosmart Premier.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Windows Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^MSN Pictures Displayer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Vitor^Menu Iniciar^Programas^Inicializar^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\applesyncnotifier]

--a------ 2008-10-01 12:57 111936 c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-10-23 14:18 202024 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 19:20 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 08:48 157592 c:\arquivos de programas\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\free download manager]

--a------ 2006-08-21 01:24 2068527 c:\arquivos de programas\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

--a------ 2007-01-01 20:54 3735552 c:\arquivos de programas\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\groovemonitor]

--a------ 2007-08-24 08:00 33648 c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 03:41 49152 c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 18:57 289576 c:\arquivos de programas\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lifecam]

--a------ 2007-05-17 15:45 279912 c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2008-10-18 11:22 3513344 c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 08:51 1836328 c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

--a------ 2008-06-17 16:00 1249280 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

--a------ 2007-10-07 22:18 360448 c:\arquivos de programas\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pc suite tray]

--a------ 2008-10-02 07:00 1124352 c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 c:\arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-06-08 16:18 23233576 c:\arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-09-16 12:16 1833296 c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-07-12 05:00 132496 c:\arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-03-26 19:24 180269 c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vx1000]

--a------ 2007-04-10 15:46 709992 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]

--a------ 2008-08-03 12:38 61440 c:\arquivos de programas\Warcraft III\W3DR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 19:21 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman]

--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

--a------ 2008-05-16 13:58 94208 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vttrayp]

--a------ 2008-05-20 16:00 204800 c:\windows\system32\VTTrayp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\arquivos de programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"c:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\Orb.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbTray.exe"=

"c:\\Arquivos de programas\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\NeverwinterNights\\NWN\\nwmain.exe"=

"c:\\Arquivos de programas\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=

"c:\\Arquivos de programas\\Warcraft III\\war3.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Garena\\Garena.exe"=

"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:Tibia

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\Drivers\BtHidBus.sys [2008-11-04 20616]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-07 28544]

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2008-06-06 16896]

R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-03-25 9216]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2008-06-06 53248]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2007-03-25 17920]

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-04-23 33800]

R2 MSCamSvc;MSCamSvc;"c:\arquivos de programas\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 271720]

S2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]

S3 GarenaPEngine;GarenaPEngine; []

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-11-04 26248]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

S3 npkycryp;npkycryp; []

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-04 355584]

S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2006-06-29 1966312]

S3 XDva172;XDva172; []

S3 XDva177;XDva177; []

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-04 c:\windows\Tasks\1-Click Maintenance.job

- c:\arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 10:09]

2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-11-07 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job

- c:\windows\vVX1000.exe [2007-04-10 15:46]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKLM-Run-SpySweeper - c:\arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe

Notify-WgaLogon - (no file)

Notify-WRNotifier - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-24 20:04:33

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-24 20:05:58

ComboFix-quarantined-files.txt 2008-11-24 22:05:25

ComboFix2.txt 2008-11-24 16:06:56

ComboFix3.txt 2008-11-21 23:53:33

Pré-execução: 23 pasta(s) 26.345.230.336 bytes disponíveis

Pós execução: 23 pasta(s) 26,337,988,608 bytes disponíveis

368 --- E O F --- 2008-10-24 14:00:58

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

Temporariamente desative o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives Scan Mail Bases
Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, November 25, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Tuesday, November 25, 2008 14:16:15

Records in database: 1415062

Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes

Scan area My Computer A:\

C:\

D:\

Scan statistics Files scanned 88004 Threat name 7 Infected objects 10 Suspicious objects 0 Duration of the scan 01:44:01

File name Threat name Threats count C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exeInfected: Trojan.Win32.Autoit.fu1

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exeInfected: Trojan.Win32.Autoit.fl1

C:\Qoobox\Quarantine\C\WINDOWS\system32\28463\AKV.exe.virInfected: not-a-virus:Monitor.Win32.Ardamax.o1

C:\Qoobox\Quarantine\C\WINDOWS\system32\28463\WCUK.006.virInfected: not-a-virus:Monitor.Win32.Ardamax.2711

C:\Qoobox\Quarantine\C\WINDOWS\system32\28463\WCUK.007.virInfected: not-a-virus:Monitor.Win32.Ardamax.2711

C:\Qoobox\Quarantine\C\WINDOWS\system32\28463\WCUK.exe.virInfected: Trojan-Spy.Win32.Ardamax.e1

C:\Qoobox\Quarantine\[1]-Submit_2008-11-24@20.02.zipInfected: not-a-virus:Monitor.Win32.Ardamax.e2

C:\Qoobox\Quarantine\[1]-Submit_2008-11-24@20.02.zipInfected: Trojan-Spy.Win32.Ardamax.d2

The selected area was scanned.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 17:29:13, on 25/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

c:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\vVX1000.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Vitor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NodLogin] C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\nodlogin.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [spySweeper] "C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Corellom

O seu programa HijackThis está sendo executado a partir duma localização não recomendável e assim os backups que fizermos não estarão seguros.

Antes de iniciarmos a resolução dos problemas do seu PC, necessitamos de corrigir a localização do HijackThis; por favor, faça o seguinte:

  • Clique com o botão direito do mouse numa área vazia do seu desktop (área de trabalho).
  • Escolha Nova -> Pasta -> escreva HJT e dê o Enter.
  • Agora clique direito do mouse em HijackThis.exe, escolha -> cortar
  • Clique direito do mouse numa área vazia e escolha colar.
  • Agora, clique direito do mouse pasta HJT e escolha -> cortar.
  • Clique em -> Iniciar -> O Meu Computador -> clique direito do mouse em -> Disco Local (normalmente C:\) -> Explorar.
  • Clique direito do mouse numa área vazia e escolha colar.

O resultado do scan com o Kaspersky só nos mostra arquivos em quarentena :)
Quanto ao log do Hijackthis, proceda como explicado abaixo, de resto ele tá limpo :joia:
Etapa nº 1 #
Rode o HijackThis , clique em Do a system scan only e marque as que encontrar da lista abaixo:
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png
Etapa nº 2 #
Vamos desinstalar o ComboFix:
Vá em,
iniciar > executar e digite Combofix /u e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido!
Etapa nº 3 #
O seu Java está desatualizado.
Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.
  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

Etapa nº 4 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×