Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Desculpe, mais resolvi abrir um novo topico, pois está com 10 dias que não tive resposta de um que abrir..
vamos lá estou com problemas de lentidão em duas maquinas, aí em baixo estáo os dois log´s para voces olharem...
Maquinas lentas, talvez seja sinal de virus, vou postar dois log´s...
Maquina 1
Logfile of HijackThis v1.99.1
Scan saved at 11:34:58, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jucheck.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.cade.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{B157CC24-7327-4E78-9BA5-A227131F662C}: NameServer = 192.168.0.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
ComboFix 07-09-08.7 - "Administrador" 2007-09-08 11:18:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.193 [GMT -3:00]
* Created a new restore point
.
((((((((((((((((((((((( Ficheiros criados de 2007-08-08 to 2007-09-08 ))))))))))))))))))))))))))))))))
.
2007-09-08 11:16 <DIR> d-------- C:\LinhaDefensiva
2007-09-08 11:10 <DIR> d-------- C:\!KillBox
2007-09-06 12:11 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2
2007-09-06 12:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF2007-08-31 18:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 16:27 <DIR> d-------- C:\Arquivos de programas\Psychic Doom 97D High Exp
2007-08-22 14:55 218,112 --a------ C:\HijackThis.exe
2007-08-21 08:57 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-08-21 08:57 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-08-19 21:37 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-19 21:37 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-19 21:37 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-19 21:35 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0
2007-08-19 21:34 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-19 17:10 2,450,944 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-08-19 16:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-17 08:16 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-08-16 20:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-16 10:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Image Zone Express
2007-08-15 15:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Lavasoft2007-08-15 14:54 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2007-08-15 14:54 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2007-08-15 14:54 368,640 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2007-08-15 14:54 221,184 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-08-15 14:54 212,992 --a------ C:\WINDOWS\system32\aIPH.dll
2007-08-15 14:54 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll
2007-08-15 14:54 1,323,095 --a------ C:\WINDOWS\system32\odSupp_M.dll
2007-08-15 14:53 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2007-08-15 14:53 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2007-08-15 14:53 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2007-08-15 14:53 <DIR> d-------- C:\Arquivos de programas\D-Link
2007-08-15 14:53 <DIR> d-------- C:\Arquivos de programas\ANI
2007-08-14 16:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\HP
2007-08-13 21:09 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\UserData
2007-08-13 21:05 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DADOSD~1\HP
2007-08-13 21:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\HP
2007-08-13 21:02 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP
2007-08-13 21:00 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard
2007-08-13 20:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard2007-08-13 20:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-13 20:57 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-08-13 20:57 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-08-13 20:57 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-08-13 20:57 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-08-13 20:57 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-13 20:57 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-08-13 20:57 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-08-13 20:57 <DIR> d-------- C:\Arquivos de programas\HP
2007-08-13 20:55 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-08-13 20:55 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-08-13 20:55 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-08-13 20:55 282,624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2007-08-13 20:55 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-08-13 20:55 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-08-13 20:55 119,027 --a------ C:\WINDOWS\hpoins11.dat
2007-08-13 20:54 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-13 20:49 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-10 14:14 304,182 --a------ C:\StiImg.dat
2007-08-10 14:12 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-08-10 14:12 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-08-10 14:12 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-08-10 14:12 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-08-10 14:12 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-08-10 14:12 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-08-10 14:12 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-08-10 14:11 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-08-10 14:02 <DIR> d-------- C:\WINDOWS\PAC207
2007-08-10 14:02 <DIR> d-------- C:\Arquivos de programas\PC Camera
2007-08-10 14:02 <DIR> d-------- C:\Arquivos de programas\Common Files
.((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-16 13:19 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Real
2007-08-15 14:54 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information
2007-08-07 08:58 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution
2007-08-02 16:26 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Help
2007-08-02 10:56 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\CyberLink
2007-07-31 20:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\CyberLink
2007-07-30 21:44 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Media Player Classic
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 18:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy
2007-07-30 18:48 --------- d-------- C:\Arquivos de programas\Lavasoft
2007-07-30 18:48 --------- d-------- C:\Arquivos de programas\CCleaner
2007-07-30 17:43 --------- d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield
2007-07-30 13:32 --------- d-------- C:\DOCUME~1\ADMINI~1\DADOSD~1\Corel
2007-07-30 13:29 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Corel
2007-07-30 13:27 --------- d-------- C:\Arquivos de programas\Corel
2007-07-29 22:27 --------- d-------- C:\Arquivos de programas\Innovative Solutions
2007-07-29 22:25 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Nero
2007-07-29 22:22 --------- d-------- C:\Arquivos de programas\Ahead
2007-07-29 22:21 --------- d-------- C:\Arquivos de programas\Arquivos comuns\Ahead
2007-07-29 22:18 --------- d-------- C:\Arquivos de programas\Microsoft.NET
2007-07-29 22:09 --------- d-------- C:\DOCUME~1\DEFAUL~1\DADOSD~1\Real
2007-07-29 22:09 --------- d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real
2007-07-29 22:09 --------- d-------- C:\Arquivos de programas\K-Lite Codec Pack
2007-07-29 22:08 --------- d-------- C:\Arquivos de programas\MSN Messenger
2007-07-29 22:05 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap
2007-07-29 22:01 4128 --a------ C:\WINDOWS\system32\drivers\INFCACHE.1
2007-07-29 18:56 --------- d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2007-07-29 18:56 --------- d-------- C:\Arquivos de programas\Arquivos comuns\ODBC
2007-06-26 11:09 660992 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 10:57 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 03:10 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 10:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 15:09 96768 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 15:09 616448 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 15:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 15:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 15:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 15:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 15:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 15:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 15:09 3079680 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 15:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 15:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 15:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 15:09 151552 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 15:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 15:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 15:09 1055744 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 15:09 1024000 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 11:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe
2007-06-13 10:21 1035264 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2004-10-01 15:00 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe
--------- C:\Arquivos de programas\Serviços on-line
--------- C:\Arquivos de programas\Arquivos comuns\Serviços
.
((((((((((((((((((((((((((((( snapshot_2007-08-31_181112.95 )))))))))))))))))))))))))))))))))))))))))
.
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
-c----w 414,208 2006-10-19 00:47:16 C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w 213,216 2005-06-28 13:23:26 C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 13:23:54 C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w 10,834,432 2006-10-19 00:47:20 C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w 215,264 2005-06-28 13:23:32 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 13:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w 316,928 2006-11-03 02:29:46 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 215,264 2005-06-28 13:23:32 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 13:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
-c----w 221,488 2006-09-25 20:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
-c----w 379,184 2006-09-25 20:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
-c----w 485,888 2005-01-28 19:12:16 C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
-c----w 294,912 2005-09-19 20:12:29 C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
-c----w 164,864 2005-09-19 20:12:29 C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
-c----w 502,272 2005-09-19 20:12:30 C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
-c----w 6,656 2005-09-19 20:12:30 C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
-c----w 96,768 2005-09-19 20:12:30 C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
-c----w 310,272 2004-08-04 03:45:24 C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
-c----w 384,512 2004-08-04 03:45:24 C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
-c----w 240,640 2004-08-04 03:45:24 C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
-c----w 142,336 2005-09-19 20:12:31 C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
-c----w 25,088 2005-09-19 20:12:31 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
-c----w 173,568 2005-09-19 20:12:31 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
-c----w 364,784 2005-09-19 20:12:32 C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
-c----w 316,416 2005-09-19 20:12:32 C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
-c----w 221,184 2005-09-19 20:12:32 C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
-c----w 47,104 2005-01-28 04:36:04 C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
-c----w 15,872 2005-01-28 04:35:58 C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
-c----w 38,912 2005-01-28 04:36:00 C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
-c----w 396,528 2005-09-19 20:12:33 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
-c----w 716,288 2005-09-19 20:12:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
-c----w 224,768 2005-09-19 20:12:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
-c----w 28,160 2005-09-19 20:12:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
-c----w 33,792 2005-09-19 20:12:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
-c----w 335,872 2005-01-28 11:53:50 C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
-c----w 290,816 2005-01-28 11:53:54 C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
-c----w 150,016 2005-09-19 20:12:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
-c----w 1,027,072 2005-09-19 20:12:35 C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
-c----w 774,904 2005-09-19 20:12:47 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
-c----w 1,119,744 2005-09-19 20:12:48 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
-c----w 413,944 2005-09-19 20:12:48 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
-c----w 940,544 2005-09-19 20:12:48 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
-c----w 1,218,808 2005-01-28 16:32:56 C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
-c----w 1,512,448 2005-01-28 11:53:20 C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
-c----w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
-c----w 895,736 2005-09-19 20:12:51 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
-c----w 1,003,008 2005-09-19 20:12:52 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
-c----w 61,952 2005-01-28 04:36:20 C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
-c----w 114,176 2005-01-28 04:36:24 C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
-c----w 66,560 2005-01-28 04:36:22 C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
-c----w 331,264 2005-01-28 04:36:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
-c----w 18,944 2005-01-28 04:36:24 C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
-c----w 38,912 2005-01-28 04:36:28 C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
-c----w 213,216 2006-05-16 21:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 21:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
-c----w 13,312 2006-11-02 14:46:52 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
-c----w 221,488 2006-09-16 04:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
-c----w 379,184 2006-09-16 04:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
-c----w 58,368 2006-09-28 22:01:52 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
------w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 13,536 2005-06-28 13:20:24 C:\WINDOWS\SoftwareDistribution\Download\7c77150a75996f50a419574071146123\spmsg.dll
----a-w 215,264 2005-06-28 13:23:32 C:\WINDOWS\SoftwareDistribution\Download\7c77150a75996f50a419574071146123\spuninst.exe
----a-w 22,752 2005-06-28 13:21:34 C:\WINDOWS\SoftwareDistribution\Download\7c77150a75996f50a419574071146123\spupdsvc.exe
----a-w 10,834,944 2007-06-12 02:51:12 C:\WINDOWS\SoftwareDistribution\Download\7c77150a75996f50a419574071146123\wmp.dll
----a-w 721,120 2005-06-28 13:25:00 C:\WINDOWS\SoftwareDistribution\Download\7c77150a75996f50a419574071146123\update\update.exe
----a-w 371,424 2005-06-28 13:23:54 C:\WINDOWS\SoftwareDistribution\Download\7c77150a75996f50a419574071146123\update\updspapi.dll----a-w 13,536 2005-06-28 13:20:24 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\spmsg.dll
----a-w 215,264 2005-06-28 13:23:32 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\spuninst.exe
----a-w 318,464 2007-06-27 19:02:52 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\unregmp2.exe
----a-w 721,120 2005-06-28 13:25:00 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\update\update.exe
----a-w 371,424 2005-06-28 13:23:54 C:\WINDOWS\SoftwareDistribution\Download\80e382e1de0d6353c98ea49c3b9cd56e\update\updspapi.dll----a-w 414,720 2006-12-04 19:21:50 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
----a-w 13,536 2005-06-28 13:20:24 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
----a-w 213,216 2005-06-28 13:23:26 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
----a-w 22,752 2005-06-28 13:21:34 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
----a-w 716,000 2005-06-28 13:24:52 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
----a-w 371,424 2005-06-28 13:23:54 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll----a-w 276,992 2006-10-19 00:47:08 C:\WINDOWS\system32\audiodev.dll
----a-w 542,720 2006-10-19 00:47:10 C:\WINDOWS\system32\blackbox.dll
----a-w 229,376 2006-10-19 00:47:10 C:\WINDOWS\system32\cewmdm.dll
------w 249,856 2006-10-18 23:00:46 C:\WINDOWS\system32\drmupgds.exe
----a-w 991,744 2006-10-19 00:47:10 C:\WINDOWS\system32\drmv2clt.dll
----a-w 11,264 2006-10-19 00:47:14 C:\WINDOWS\system32\LAPRXY.dll
----a-w 100,864 2006-10-18 23:03:58 C:\WINDOWS\system32\logagent.exe
------w 212,992 2006-10-19 00:47:14 C:\WINDOWS\system32\MFPLAT.dll
------w 259,072 2006-10-19 00:47:14 C:\WINDOWS\system32\MP43DECD.dll
----a-w 4,096 2006-10-19 00:47:14 C:\WINDOWS\system32\MP43DMOD.dll
------w 317,440 2006-10-19 00:47:14 C:\WINDOWS\system32\MP4SDECD.dll
----a-w 4,096 2006-10-19 00:47:14 C:\WINDOWS\system32\MP4SDMOD.dll
------w 259,072 2006-10-19 00:47:14 C:\WINDOWS\system32\MPG4DECD.dll
----a-w 4,096 2006-10-19 00:47:14 C:\WINDOWS\system32\MPG4DMOD.dll
------w 312,128 2006-10-02 18:28:42 C:\WINDOWS\system32\msdelta.dll
----a-w 179,712 2006-10-19 00:47:16 C:\WINDOWS\system32\msnetobj.dll
----a-w 27,136 2006-10-19 00:47:16 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 175,616 2006-10-19 00:47:16 C:\WINDOWS\system32\mspmsp.dll
----a-w 414,720 2006-12-04 19:21:50 C:\WINDOWS\system32\msscp.dll
----a-w 321,536 2006-10-19 00:47:16 C:\WINDOWS\system32\mswmdm.dll
------w 284,160 2006-10-19 00:47:18 C:\WINDOWS\system32\PortableDeviceApi.dll
------w 101,888 2006-10-19 00:47:18 C:\WINDOWS\system32\PortableDeviceClassExtension.dll
------w 166,912 2006-10-19 00:47:18 C:\WINDOWS\system32\PortableDeviceTypes.dll
------w 132,096 2006-10-19 00:47:18 C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
------w 199,168 2006-10-19 00:47:18 C:\WINDOWS\system32\PortableDeviceWMDRM.dll
----a-w 211,456 2006-10-19 00:47:18 C:\WINDOWS\system32\qasf.dll
------w 14,640 2006-09-25 20:58:48 C:\WINDOWS\system32\spmsg.dll
----a-w 8,704 2006-10-19 00:58:00 C:\WINDOWS\system32\uwdf.exe
----a-w 4,096 2006-10-19 00:47:18 C:\WINDOWS\system32\wdfapi.dll
----a-w 8,704 2006-10-19 00:58:00 C:\WINDOWS\system32\wdfmgr.exe
----a-w 757,248 2006-10-19 00:47:18 C:\WINDOWS\system32\WMADMOD.dll
----a-w 1,117,696 2006-10-19 00:47:18 C:\WINDOWS\system32\WMADMOE.dll
----a-w 222,208 2006-10-19 00:47:18 C:\WINDOWS\system32\WMASF.dll
----a-w 33,792 2006-10-19 00:47:18 C:\WINDOWS\system32\wmdmlog.dll
----a-w 37,376 2006-10-19 00:47:18 C:\WINDOWS\system32\wmdmps.dll
----a-w 429,056 2006-10-19 00:47:18 C:\WINDOWS\system32\wmdrmdev.dll
----a-w 348,672 2006-10-19 00:47:20 C:\WINDOWS\system32\wmdrmnet.dll
------w 535,040 2006-10-19 00:47:20 C:\WINDOWS\system32\wmdrmsdk.dll
----a-w 157,184 2006-10-19 00:47:20 C:\WINDOWS\system32\wmidx.dll
----a-w 937,984 2006-10-19 00:47:20 C:\WINDOWS\system32\WMNetMgr.dll
----a-w 4,096 2006-10-19 00:47:22 C:\WINDOWS\system32\wmsdmod.dll
----a-w 4,096 2006-10-19 00:47:22 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 603,648 2006-10-19 00:47:22 C:\WINDOWS\system32\WMSPDMOD.dll
----a-w 1,329,152 2006-10-19 00:47:22 C:\WINDOWS\system32\WMSPDMOE.dll
----a-w 4,096 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVADVD.dll
----a-w 4,096 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,450,944 2006-10-19 00:47:22 C:\WINDOWS\system32\wmvcore.dll
------w 1,543,680 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVDECOD.dll
----a-w 4,096 2006-10-19 00:47:22 C:\WINDOWS\system32\wmvdmod.dll
----a-w 4,096 2006-10-19 00:47:22 C:\WINDOWS\system32\wmvdmoe2.dll
------w 1,574,912 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVENCOD.dll
------w 1,382,912 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVSDECD.dll
------w 767,488 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVSENCD.dll
------w 656,896 2006-10-19 00:47:22 C:\WINDOWS\system32\WMVXENCD.dll
----a-w 35,840 2006-10-19 00:47:22 C:\WINDOWS\system32\wpdconns.dll
----a-w 154,624 2006-10-19 00:47:22 C:\WINDOWS\system32\wpdmtp.dll
----a-w 63,488 2006-10-19 00:47:22 C:\WINDOWS\system32\wpdmtpus.dll
------w 2,603,008 2006-10-19 00:47:22 C:\WINDOWS\system32\WpdShext.dll
------w 17,408 2006-10-18 23:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
------w 41,984 2006-11-02 14:52:56 C:\WINDOWS\system32\wpdshextres.dll
------w 133,632 2006-10-19 00:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
----a-w 356,352 2006-10-19 00:47:22 C:\WINDOWS\system32\wpdsp.dll
----a-w 629,760 2006-10-19 00:47:22 C:\WINDOWS\system32\wpd_ci.dll
------w 95,344 2006-09-28 23:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 146,432 2006-09-28 21:56:38 C:\WINDOWS\system32\WudfHost.exe
------w 165,376 2006-09-28 21:56:16 C:\WINDOWS\system32\WudfPlatform.dll
------w 55,808 2006-09-28 21:56:14 C:\WINDOWS\system32\WudfSvc.dll
------w 316,416 2006-09-28 21:56:38 C:\WINDOWS\system32\WUDFx.dll
----a-w 821,600 2007-09-04 12:22:55 C:\WINDOWS\system32\drivers\avg7core.sys
----a-w 38,528 2006-10-18 23:00:00 C:\WINDOWS\system32\drivers\wpdusb.sys
------w 77,568 2006-09-28 21:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
------w 82,944 2006-09-28 22:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
------w 671,232 2006-10-19 00:47:22 C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
----a-w 11,776 2005-09-19 19:42:56 C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIKJRES.DLL
----a-w 8,704 2005-09-19 19:43:32 C:\WINDOWS\system32\spool\drivers\w32x86\3\TTY.DLL
----a-w 39,936 2005-09-19 19:43:38 C:\WINDOWS\system32\spool\drivers\w32x86\3\TTYRES.DLL
----a-w 16,384 2005-09-19 19:43:32 C:\WINDOWS\system32\spool\drivers\w32x86\3\TTYUI.DLL
.
----a-w 485,888 2005-01-28 19:12:16 C:\WINDOWS\system32\audiodev.dll
----a-w 294,912 2005-09-19 20:12:29 C:\WINDOWS\system32\blackbox.dll
----a-w 164,864 2005-09-19 20:12:29 C:\WINDOWS\system32\cewmdm.dll
----a-w 502,272 2005-09-19 20:12:30 C:\WINDOWS\system32\drmv2clt.dll
----a-w 6,656 2005-09-19 20:12:30 C:\WINDOWS\system32\laprxy.dll
----a-w 96,768 2005-09-19 20:12:30 C:\WINDOWS\system32\logagent.exe
----a-w 310,272 2004-08-04 03:45:24 C:\WINDOWS\system32\mp43dmod.dll
----a-w 384,512 2004-08-04 03:45:24 C:\WINDOWS\system32\mp4sdmod.dll
----a-w 240,640 2004-08-04 03:45:24 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 142,336 2005-09-19 20:12:31 C:\WINDOWS\system32\msnetobj.dll
----a-w 25,088 2005-09-19 20:12:31 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 173,568 2005-09-19 20:12:31 C:\WINDOWS\system32\mspmsp.dll
----a-w 364,784 2005-09-19 20:12:32 C:\WINDOWS\system32\msscp.dll
----a-w 316,416 2005-09-19 20:12:32 C:\WINDOWS\system32\mswmdm.dll
----a-w 221,184 2005-09-19 20:12:32 C:\WINDOWS\system32\qasf.dll
------w 15,072 2007-03-06 01:00:55 C:\WINDOWS\system32\spmsg.dll
----a-w 47,104 2005-01-28 04:36:04 C:\WINDOWS\system32\uWDF.exe
----a-w 15,872 2005-01-28 04:35:58 C:\WINDOWS\system32\WdfApi.dll
----a-w 38,912 2005-01-28 04:36:00 C:\WINDOWS\system32\WdfMgr.exe
----a-w 396,528 2005-09-19 20:12:33 C:\WINDOWS\system32\wmadmod.dll
----a-w 716,288 2005-09-19 20:12:34 C:\WINDOWS\system32\wmadmoe.dll
----a-w 224,768 2005-09-19 20:12:34 C:\WINDOWS\system32\wmasf.dll
----a-w 28,160 2005-09-19 20:12:34 C:\WINDOWS\system32\wmdmlog.dll
----a-w 33,792 2005-09-19 20:12:34 C:\WINDOWS\system32\wmdmps.dll
----a-w 335,872 2005-01-28 11:53:50 C:\WINDOWS\system32\wmdrmdev.dll
----a-w 290,816 2005-01-28 11:53:54 C:\WINDOWS\system32\wmdrmnet.dll
----a-w 150,016 2005-09-19 20:12:34 C:\WINDOWS\system32\wmidx.dll
----a-w 1,027,072 2005-09-19 20:12:35 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 774,904 2005-09-19 20:12:47 C:\WINDOWS\system32\wmsdmod.dll
----a-w 1,119,744 2005-09-19 20:12:48 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 413,944 2005-09-19 20:12:48 C:\WINDOWS\system32\wmspdmod.dll
----a-w 940,544 2005-09-19 20:12:48 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 1,218,808 2005-01-28 16:32:56 C:\WINDOWS\system32\WMVADVD.DLL
----a-w 1,512,448 2005-01-28 11:53:20 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\system32\wmvcore.dll
----a-w 895,736 2005-09-19 20:12:51 C:\WINDOWS\system32\wmvdmod.dll
----a-w 1,003,008 2005-09-19 20:12:52 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 61,952 2005-01-28 04:36:20 C:\WINDOWS\system32\wpdconns.dll
----a-w 114,176 2005-01-28 04:36:24 C:\WINDOWS\system32\wpdmtp.dll
----a-w 66,560 2005-01-28 04:36:22 C:\WINDOWS\system32\wpdmtpus.dll
----a-w 331,264 2005-01-28 04:36:28 C:\WINDOWS\system32\WPDSp.dll
----a-w 38,912 2005-01-28 04:36:28 C:\WINDOWS\system32\wpd_ci.dll
----a-w 821,536 2007-08-20 21:02:23 C:\WINDOWS\system32\drivers\avg7core.sys
----a-w 18,944 2005-01-28 04:36:24 C:\WINDOWS\system32\drivers\wpdusb.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
Nota entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"D-Link AirPlus G"="C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe" [2005-03-29 11:41]
"ANIWZCS2Service"="C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-08-20 18:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]
"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2005-08-13 22:34]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\
Adobe Gamma Loader.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-30 13:18:34]
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F9E9A340-D1F1-11D0-821E-POISONIVY2007}]
C:\WINDOWS\system32\dllcache\poisonivy.exe s
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-08 11:19:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-08 11:20:51
C:\ComboFix-quarantined-files.txt ... 2007-09-08 11:20
C:\ComboFix2.txt ... 2007-08-31 18:11
.
--- E O F ---
Maquina 2
Logfile of HijackThis v1.99.1
Scan saved at 11:40:55, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\wdfmgr.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS\wdfmgr.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{97F29EDD-7E83-45DC-AE39-EB392CE53F5B}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
Máquina 02 formatada, por outros motivos....
Por favor analise esse log da maquina 3...
Maquina 3
Logfile of HijackThis v1.99.1
Scan saved at 21:17:41, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe
C:\Arquivos de programas\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Java\jre1.6.0_01\bin\jucheck.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Arquivos de programas\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\MSN Apps\MSN Toolbar1.02.5000.1021\pt-br\msntb.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AC77C68-B443-4978-B460-3ECFC34D071D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4AC77C68-B443-4978-B460-3ECFC34D071D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4AC77C68-B443-4978-B460-3ECFC34D071D}: NameServer = 192.168.0.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Analise a Maquina 1 por favor também..
Logfile of HijackThis v1.99.1
Scan saved at 22:28:36, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
C:\Arquivos de programas\Java\jre1.5.0_05\bin\jucheck.exe
C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Arquivos de programas\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [PowerDVD] C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?8f6c5bb4c6714bbab24c8be5a89db07d
O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?8f6c5bb4c6714bbab24c8be5a89db07d
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O17 - HKLM\System\CCS\Services\Tcpip\..\{B157CC24-7327-4E78-9BA5-A227131F662C}: NameServer = 192.168.0.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Arquivos de programas\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
ComboFix 07-10-23.2 - Administrador 2007-10-22 22:12:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.182 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((( Ficheiros criados de 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))))
.
2007-10-21 18:33 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\DirectX
2007-10-21 10:45 <DIR> d-------- C:\Arquivos de programas\Mario Forever Toolbar2007-10-21 10:45 325,346 --a------ C:\WINDOWS\Mario_Forever_Toolbar_Uninstaller_5406.exe
2007-10-21 10:44 <DIR> d-------- C:\Arquivos de programas\Mario Forever
2007-10-21 10:43 27,171,490 --a------ C:\Mario_Forever_Setup_111405.exe
2007-10-16 21:31 <DIR> d-------- C:\SIMS
2007-10-16 21:30 <DIR> d-------- C:\Documents and Settings\Administrador\WINDOWS
2007-10-16 20:47 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype
2007-10-16 20:45 <DIR> d-------- C:\Arquivos de programas\Google
2007-10-16 20:43 <DIR> d-------- C:\Arquivos de programas\Skype
2007-10-16 20:43 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype2007-10-10 06:52 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-09-26 13:46 <DIR> d-------- C:\Arquivos de programas\PC Camera
2007-09-26 13:46 <DIR> d-------- C:\Arquivos de programas\Common Files
.((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 01:15 434,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-23 01:15 23,711,776 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-22 14:03 40,988 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-22 14:03 314,456 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-21 19:04 57,654 ----a-w C:\StiImg.dat
2007-10-19 17:45 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Image Zone Express
2007-09-26 16:47 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2007-09-13 09:37 --------- d-----w C:\Arquivos de programas\MSN Messenger
2007-09-13 01:24 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Lavasoft
2007-09-13 00:16 --------- d-----w C:\Arquivos de programas\Windows Live Toolbar
2007-09-13 00:16 --------- d-----w C:\Arquivos de programas\Windows Live Favorites
2007-09-11 11:36 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\HP
2007-09-09 17:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM
2007-09-08 16:46 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-09-08 16:46 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-09-08 16:33 --------- d-----w C:\Arquivos de programas\Kaspersky Lab
2007-09-08 15:29 --------- d-----w C:\Arquivos de programas\RealVNC
2007-09-08 14:02 --------- d-----w C:\Arquivos de programas\Psychic Doom 97D High Exp
2007-09-06 15:11 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2
2007-08-22 13:13 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 13:13 660,992 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 13:13 616,448 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 13:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 13:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 13:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 13:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 13:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 13:13 3,079,168 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 13:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 13:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 13:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 13:13 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 13:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:13 1,055,744 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:38 2,184,576 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 22:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot_2007-08-31_181112.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
+ 2006-10-19 00:47:16 414,208 -c----w C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
+ 2005-06-28 13:23:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
+ 2005-06-28 13:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
+ 2005-06-28 13:23:32 215,264 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
+ 2005-06-28 13:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
+ 2006-10-19 00:47:20 10,834,432 -c----w C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
+ 2005-06-28 13:23:32 215,264 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
+ 2005-06-28 13:23:54 371,424 -c----w C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
+ 2006-11-03 02:29:46 316,928 -c----w C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
+ 2006-09-25 20:58:48 221,488 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
+ 2006-09-25 20:58:48 379,184 -c----w C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
+ 2005-01-28 19:12:16 485,888 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\audiodev.dll
+ 2005-09-19 20:12:29 294,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
+ 2005-09-19 20:12:29 164,864 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
+ 2005-09-19 20:12:30 502,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
+ 2005-09-19 20:12:30 6,656 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
+ 2005-09-19 20:12:30 96,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
+ 2004-08-04 03:45:24 310,272 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
+ 2004-08-04 03:45:24 384,512 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
+ 2004-08-04 03:45:24 240,640 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
+ 2005-09-19 20:12:31 142,336 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
+ 2005-09-19 20:12:31 25,088 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
+ 2005-09-19 20:12:31 173,568 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
+ 2005-09-19 20:12:32 364,784 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
+ 2005-09-19 20:12:32 316,416 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
+ 2005-09-19 20:12:32 221,184 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
+ 2006-05-16 21:11:54 213,216 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
+ 2006-05-16 21:11:54 371,424 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
+ 2006-11-02 14:46:52 13,312 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
+ 2005-01-28 04:36:04 47,104 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\uwdf.exe
+ 2005-01-28 04:35:58 15,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfapi.dll
+ 2005-01-28 04:36:00 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wdfmgr.exe
+ 2005-09-19 20:12:33 396,528 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
+ 2005-09-19 20:12:34 716,288 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
+ 2005-09-19 20:12:34 224,768 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
+ 2005-09-19 20:12:34 28,160 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
+ 2005-09-19 20:12:34 33,792 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
+ 2005-01-28 11:53:50 335,872 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmdev.dll
+ 2005-01-28 11:53:54 290,816 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmdrmnet.dll
+ 2005-09-19 20:12:34 150,016 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
+ 2005-09-19 20:12:35 1,027,072 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
+ 2005-09-19 20:12:47 774,904 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
+ 2005-09-19 20:12:48 1,119,744 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
+ 2005-09-19 20:12:48 413,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
+ 2005-09-19 20:12:48 940,544 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
+ 2005-01-28 16:32:56 1,218,808 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadvd.dll
+ 2005-01-28 11:53:20 1,512,448 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvadve.dll
+ 2006-12-07 05:29:34 2,374,472 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
+ 2005-09-19 20:12:51 895,736 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
+ 2005-09-19 20:12:52 1,003,008 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
+ 2005-01-28 04:36:28 38,912 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpd_ci.dll
+ 2005-01-28 04:36:20 61,952 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdconns.dll
+ 2005-01-28 04:36:24 114,176 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtp.dll
+ 2005-01-28 04:36:22 66,560 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdmtpus.dll
+ 2005-01-28 04:36:28 331,264 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdsp.dll
+ 2005-01-28 04:36:24 18,944 -c----w C:\WINDOWS\$NtUninstallWMFDist11$\wpdusb.sys
+ 2006-09-16 04:05:22 221,488 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
+ 2006-09-16 04:05:22 379,184 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
+ 2006-09-28 22:01:52 58,368 -c----w C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2007-10-20 09:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2003-07-15 14:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2003-07-15 06:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 14:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-08-13 13:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-08-03 21:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FM20.DLL
+ 2003-07-24 10:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 10:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-26 06:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-26 06:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 10:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-15 01:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 09:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
+ 2003-05-29 02:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-06-19 04:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-19 04:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-19 04:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-19 04:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-19 04:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-05-29 02:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\METCONV.DLL
+ 2003-08-15 11:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-07-15 14:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-15 01:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
+ 2003-07-15 09:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
+ 2002-12-18 06:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
+ 2002-12-18 06:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
+ 2003-07-15 14:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2002-04-10 07:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
+ 2003-08-08 11:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSO.DLL
+ 2003-07-15 06:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-24 01:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 09:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2002-12-18 06:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
+ 2003-06-19 04:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-28 23:24:40 5,677,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-07-15 10:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 09:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 09:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 14:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 14:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 14:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-08-05 00:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
+ 2003-08-02 02:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-30 23:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 14:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-08-01 02:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-15 09:40:26 130,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-15 09:51:12 604,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-15 09:50:26 551,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-08-07 00:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-03 21:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-04 02:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
+ 2003-08-07 00:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2005-05-27 04:06:54 10,095,808 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\EXCEL.EXE
+ 2005-07-22 20:47:14 12,242,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\MSO.DLL
+ 2005-07-05 15:08:18 5,685,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\MSPUB.EXE
+ 2005-06-28 22:15:24 6,146,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\POWERPNT.EXE
+ 2005-03-17 17:01:56 130,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\PRTF9.DLL
+ 2005-03-17 17:02:04 605,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\PTXT9.DLL
+ 2005-03-17 17:41:56 2,812,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\STSLIST.DLL
+ 2005-07-22 20:21:40 12,061,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.7969\WINWORD.EXE
+ 2007-09-26 17:02:39 10,134 ----a-r C:\WINDOWS\Installer\{02BD1C19-5946-4420-BAE3-F742686B3D43}\ARPPRODUCTICON.exe
+ 2007-09-26 17:02:39 40,960 ----a-r C:\WINDOWS\Installer\{02BD1C19-5946-4420-BAE3-F742686B3D43}\NewShortcut1_56E721DA0A134E46A4B3EC5584F58066.exe
+ 2007-09-26 17:02:39 40,960 ----a-r C:\WINDOWS\Installer\{02BD1C19-5946-4420-BAE3-F742686B3D43}\NewShortcut3_56E721DA0A134E46A4B3EC5584F58066.exe
+ 2007-09-12 23:43:59 29,926 ----a-r C:\WINDOWS\Installer\{37FD253D-5064-4034-8CEC-CC3995F823A4}\MsblIco.Exe
+ 2007-10-11 01:13:45 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-10-11 01:13:45 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-11 01:13:45 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-11 01:13:45 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-11 01:13:45 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-11 01:13:46 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-11 01:13:46 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-11 01:13:46 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-11 01:13:45 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-10-11 01:13:45 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-11 01:13:46 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-11 01:13:45 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-11 01:13:45 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-10-19 00:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
+ 2006-10-19 00:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2007-08-22 13:13:26 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:13:26 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2006-10-19 00:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2007-09-08 16:46:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2007-09-08 16:46:00 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-08 16:46:00 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-22 13:13:27 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll
+ 2006-10-19 00:47:22 2,450,944 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2007-03-04 00:39:06 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-09-08 16:45:29 179,472 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-03-09 23:58:06 25,734 ----a-w C:\WINDOWS\system32\drivers\klop.dat
+ 2006-10-19 00:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-18 23:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-28 21:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-28 22:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-10-18 23:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
+ 2006-10-19 00:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2007-08-22 13:13:27 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:13:27 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:13:27 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2005-03-17 17:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-09-14 15:42:11 211,288 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-08-22 13:13:28 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:13:28 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:13:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-03-09 23:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2006-10-19 00:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
+ 2006-10-18 23:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2004-03-22 18:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2006-10-19 00:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 00:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
+ 2006-10-19 00:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 00:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
+ 2006-10-19 00:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 00:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
+ 2006-10-19 00:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2006-10-02 18:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
+ 2007-08-22 13:13:29 3,079,168 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:13:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2006-10-19 00:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 00:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-19 00:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2007-08-22 13:13:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2006-12-04 19:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2007-08-22 13:13:30 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-10-19 00:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2007-08-22 13:13:30 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2006-10-19 00:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 00:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 00:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 00:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 00:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
+ 2006-10-19 00:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-08-22 13:13:31 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:13:32 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-01-19 15:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2006-09-25 20:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-09-19 19:42:38 38,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EP9BRES.DLL
+ 2005-09-19 19:42:56 11,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIKJRES.DLL
+ 2004-03-22 18:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2004-03-22 18:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2005-09-19 19:43:32 8,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\TTY.DLL
+ 2005-09-19 19:43:38 39,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\TTYRES.DLL
+ 2005-09-19 19:43:32 16,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\TTYUI.DLL
+ 2004-03-22 18:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2004-03-22 18:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2004-03-22 18:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2006-09-25 20:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2007-04-02 17:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-08-22 13:13:32 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2006-10-19 00:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 00:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 00:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2007-08-22 13:13:32 660,992 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-10-19 00:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
+ 2006-10-19 00:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
+ 2006-10-19 00:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
+ 2006-10-19 00:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-19 00:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-10-19 00:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-19 00:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 00:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
+ 2006-10-19 00:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 00:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
+ 2006-10-19 00:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 00:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 00:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
+ 2006-10-19 00:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-10-19 00:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-19 00:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 00:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 00:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
+ 2006-10-19 00:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 00:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 00:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 00:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 00:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 00:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-19 00:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 00:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 00:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 00:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 00:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-18 23:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-11-02 14:52:56 41,984 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 00:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-19 00:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-09-28 23:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-28 21:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-09-28 21:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-28 21:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-28 21:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll
+ 2007-08-21 10:53:16 119,296 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2006-06-05 17:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 17:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 17:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"D-Link AirPlus G"="C:\Arquivos de programas\D-Link\AirPlus G\AirGCFG.exe" [2005-03-29 11:41]
"ANIWZCS2Service"="C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 20:50]
"PowerDVD"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" [2005-02-24 20:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45]
"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 06:26]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ced10c2-4eb0-11dc-b88e-0020ed660a1a}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97d26c23-5d51-11dc-b8c0-0020ed660a1a}]
Auto\command - auto.exe
AutoRun\command - auto.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97d26c24-5d51-11dc-b8c0-0020ed660a1a}]
Auto\command - G:\auto.exe
AutoRun\command - G:\auto.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F9E9A340-D1F1-11D0-821E-POISONIVY2007}]
C:\WINDOWS\system32\dllcache\poisonivy.exe s
.
Conteúdo da pasta 'Tarefas Agendadas'
"2007-10-23 00:23:02 C:\WINDOWS\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 22:15:15
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
**************************************************************************
.
Tempo para conclusão: 2007-10-22 22:16:50
.
--- E O F ---
Desde ja adradeço, tenha paciencia comigo pois sou novo na area de informatica..
OBS: não respondir logo pois estava viajando...
Olá Armando Leitão,
Para facilitar a análise gostaria de lhe pedir que seja criado um tópico para cada máquina, pois a junção de vários logs em um mesmo tópico acaba por atrapalhar o processo como um todo.
Este tópico será da Máquina 01 ou da 03?
Quero que você analise a Maquina 3 se a mesma estiver limpa.., daí você analise a 1... pode ser ou não?
Ha! o combofix que postei no poste anterior é da maquina 01...
Valeu desde ja;;;...
Opa Edvan,
Máquina 03 -> aparentemente limpa.
Máquina 01 -> seguir procedimento abaixo:
Execute o Active Scan da Panda, observando os seguintes procedimentos:
**1)** Alguns **anti-vírus**, tal como o **AVAST**, podem exibir um **alerta** de detecção durante a execução do scan, porém tal alerta **deve ser ignorado**. O aviso não passa de um **falso-positivo**. Sugiro que o **AV** seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;
**2)** Para iniciar o processo, clique sobre o botão /applications/core/interface/imageproxy/imageproxy.php?img=http://www.pandasoftware.com/activescan/com/imagenes/01bt_scan_pt.gif&key=7643a25a06a889eba14c1b6fc73d3dc69733b60e0e6615629989c118f837f433" alt="01bt_scan_pt.gif" />;
**3)** Informe os dados solicitados no formulário;
**4)** Clique sobre o botão **"Pesquise agora sem custos"**;
**5)** Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;
**6)** Ao término do scan, clique em **visualizar o log**. Salve-o em seu **Desktop**;7) Poste o conteúdo do log em sua próxima resposta.
Abraços.
Desculpe a demora...;;....
Incidência Estado Localização
Virus:Generic Malware Desinfectado C:\Arquivos de programas\ESET\Instalar\NOD32FIX.exe
Spyware:Cookie/PointRoll Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@ads.pointroll[2].txt
Spyware:Cookie/Atlas DMT Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@atdmt[2].txt
Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt
Spyware:Cookie/Comclick Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@fl01.ct2.comclick[1].txt
Spyware:Cookie/Serving-sys Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@serving-sys[1].txt
Spyware:Cookie/SpyLog Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@spylog[2].txt
Spyware:Cookie/Statcounter Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@statcounter[1].txt
Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@terra.com[1].txt
Spyware:Cookie/Com.com Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[2].txt
Spyware:Cookie/Yadro Não desinfectado C:\Documents and Settings\Administrador\Cookies\administrador@yadro[1].txt
Ferramenta potencialmente indesejada:Application/NirCmd.A Não desinfectado C:\WINDOWS\nircmd.exe
Opa Armando Leitão,
Baixe o CCleaner em:
Execute o CCleaner e clique em Executar Limpeza.
Execute o Active Scan novamente e veja se ainda detecta algo.
Um abraço.
Ola Garcia, quero lhe agradecer por sua ajuda, infeslimente tive que formatar a maquina pois um colega meu deletou alguns arquivos dll do windows, daí o pc não quis mais abir...
Se quiser pode fechar o topico....
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto é preciso enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Opa Armando Leitão,
Para máquina 01.
Favor criar um tópico próprio.
Para máquina 02.
1. Baixe o BankerFix.
2. Desative o seu anti-vírus temporariamente.
3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.
4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.
5. Habilite o seu anti-vírus.
6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).
7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.
Abraços.