[Arquivado] PSAPI.DLL

[Josyy 0]

Sempre que tento iniciar o MSM Messenger da este erro.

 

Não foi possivel localizar o ponto de entrada do procedimento GetProcessImageFileNameW na biblioteca de vínculo dinâmico PSAPI.DLL.

 

Segue ai o log :

 

Logfile of HijackThis v1.99.1

Scan saved at Willy e Josy 02:27:38 , on 23/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O2 - BHO: (no name) - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file)

O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6A2E44D-C771-47DF-9131-F2E8C4436D74}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

 

Obrigado~

[jgarcia 1]

Opa Josyy,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Josyy 0]

O pc não foi reiniciado.

 

 

ComboFix 07-12-31.4 - x 2008-01-01 15 32 31.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.45 [GMT -2:00]Executando de: C:\Documents and Settings\x\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((( Ficheiros criados de 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))

.

 

2008-01-01 15:31 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-31 16:10 . 2008-01-01 10:47 <DIR> d-------- C:\Documents and Settings\x\Dados de aplicativos\AVG7

2007-12-31 16:10 . 2007-12-31 16:10 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\AVG7

2007-12-31 16:08 . 2007-12-31 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2007-12-31 16:08 . 2007-12-31 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2007-12-25 16:45 . 2007-12-25 16:45 <DIR> d-------- C:\Documents and Settings\x\Dados de aplicativos\X-Setup Pro

2007-12-25 16:45 . 2007-12-25 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\X-Setup Pro

2007-12-25 16:45 . 2007-12-25 16:45 <DIR> d-------- C:\Arquivos de programas\X-Setup Pro

2007-12-24 20:59 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-24 20:58 . 2007-12-24 20:59 <DIR> d-------- C:\Arquivos de programas\Java

2007-12-24 20:52 . 2007-12-24 20:52 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2007-12-23 03:00 . 2007-12-23 03:00 <DIR> d-------- C:\Arquivos de programas\Panda Software

2007-12-23 02:56 . 2007-12-23 02:56 0 --------- C:\WINDOWS\PAVSHRB.INI

2007-12-23 02:55 . 2007-12-23 02:55 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Panda Software

2007-12-23 02:43 . 2007-12-23 02:43 <DIR> d-------- C:\Documents and Settings\x\Dados de aplicativos\Comodo

2007-12-23 02:43 . 2007-12-23 02:43 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

2007-12-23 02:41 . 2007-06-28 19:23 211 --a------ C:\boot.ini.comodofirewall

2007-12-23 02:40 . 2007-12-23 10:51 <DIR> d-------- C:\Arquivos de programas\Comodo

2007-12-23 02:21 . 2007-12-23 02:21 218,112 --a------ C:\HijackThis.exe

2007-12-23 02:00 . 2005-03-03 16:46 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll

2007-12-23 02:00 . 2005-03-03 16:45 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll

2007-12-23 02:00 . 2004-11-05 06:43 32,768 -ra------ C:\WINDOWS\system32\drivers\sisnicxp.sys

2007-12-23 01:59 . 2007-12-23 02:01 <DIR> d-------- C:\Arquivos de programas\SiS VGA Utilities V3.65

2007-12-23 01:59 . 2007-12-23 10:51 <DIR> d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-12-23 01:59 . 2005-03-07 04:15 28,672 -ra------ C:\WINDOWS\system32\SiSPInst.dll

2007-12-23 01:50 . 2007-12-24 18:25 <DIR> d-------- C:\Documents and Settings\x\Dados de aplicativos\Tibia

2007-12-23 01:42 . 2007-12-23 01:42 <DIR> d-------- C:\Arquivos de programas\Tibia

2007-12-17 14:23 . 2007-12-23 02:07 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2007-12-17 14:21 . 2004-03-09 00:00 609,824 --a------ C:\WINDOWS\system32\COMCTL32.ocx

2007-12-17 14:21 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX

2007-12-17 14:21 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx

2007-12-11 22:33 . 2007-12-11 22:34 <DIR> d-------- C:\Arquivos de programas\TibiaBR Cam Lite

2007-12-10 21:06 . 2005-03-04 02:48 266,240 --a------ C:\WINDOWS\system32\sistray.exe

2007-12-10 21:06 . 2005-03-03 16:46 176,128 --------- C:\WINDOWS\system32\SiSApCom.dll

2007-12-10 21:06 . 2005-03-03 16:49 110,592 --------- C:\WINDOWS\system32\TVMode.dll

2007-12-10 21:06 . 2005-03-08 08:11 28,672 --------- C:\WINDOWS\system32\SiSHook.dll

2007-12-10 20:49 . 2007-12-23 02:00 <DIR> d-------- C:\WINDOWS\SiS

2007-12-10 14:43 . 2007-12-10 14:43 <DIR> d-------- C:\WINDOWS\system32\psapi

2007-12-10 14:35 . 2007-12-30 21:50 <DIR> d-------- C:\Arquivos de programas\eMule

2007-12-09 04:02 . 2007-12-09 04:02 <DIR> d-------- C:\Arquivos de programas\MassTube

2007-12-09 03:40 . 2007-12-09 03:40 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SWF Studio

2007-12-08 20:43 . 2007-12-08 20:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-12-08 19:07 . 2006-11-07 06:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys

2007-12-08 19:05 . 2006-11-07 06:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys

2007-12-08 19:05 . 2006-11-07 06:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys

2007-12-08 19:05 . 2006-11-07 06:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys

2007-12-08 19:05 . 2006-11-07 06:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys

2007-12-08 18:58 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-12-08 18:57 . 2006-11-07 06:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys

2007-12-08 18:57 . 2006-11-07 06:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys

2007-12-08 18:57 . 2006-11-07 06:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys

2007-12-08 18:55 . 2007-12-08 18:55 <DIR> d-------- C:\Arquivos de programas\Disc2Phone

2007-12-08 18:41 . 2007-12-08 18:44 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2007-12-08 18:37 . 2007-12-29 13:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-08 18:37 . 2007-12-29 13:07 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-05 16:24 . 2007-12-23 02:02 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-12-03 11:27 . 2007-12-23 02:00 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2007-12-03 08:58 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

2007-12-03 08:57 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll

2007-12-03 08:57 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll

2007-12-03 08:57 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll

2007-12-02 16:50 . 2007-08-20 08:01 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-12-02 16:50 . 2007-04-17 07:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-02 16:50 . 2007-03-08 03:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-02 16:50 . 2007-08-20 08:01 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-12-02 16:50 . 2007-08-20 08:01 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-12-02 16:50 . 2007-08-20 08:01 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-12-02 16:50 . 2007-08-20 08:01 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-12-02 16:50 . 2007-08-20 08:01 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-12-02 16:50 . 2007-08-17 08:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-12-02 16:40 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2007-12-01 14:23 . 2007-12-01 14:23 <DIR> d-------- C:\WINDOWS\Setup533

2007-12-01 14:23 . 2002-10-20 20:37 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys

2007-12-01 14:23 . 2002-01-19 00:33 131,072 --a------ C:\WINDOWS\system32\Sp5x_32.dll

2007-12-01 14:23 . 2000-04-11 21:25 118,784 --a------ C:\WINDOWS\ShowBmp.exe

2007-12-01 14:23 . 2003-05-29 20:06 65,536 --a------ C:\WINDOWS\amcap533.exe

2007-12-01 14:23 . 2002-07-30 04:40 16,384 --a------ C:\WINDOWS\system32\Dext533.ax

2007-12-01 14:23 . 2002-07-24 20:19 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys

2007-12-01 14:23 . 2003-01-05 22:33 1,325 --a------ C:\WINDOWS\Remove.ini

2007-12-01 10:02 . 2007-12-06 07:22 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-31 17:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2007-12-23 04:07 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2007-12-23 04:01 --------- d-----w C:\Arquivos de programas\sisagp

2007-12-23 03:42 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2007-12-15 17:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2007-12-13 15:32 --------- d-----w C:\Arquivos de programas\DAP

2007-12-08 20:54 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2007-12-05 18:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WindowsLiveInstaller

2007-12-04 13:14 --------- d-----w C:\Arquivos de programas\mobile PhoneTools

2007-12-03 13:23 --------- d-----w C:\Arquivos de programas\Windows Live

2007-12-03 01:43 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2007-11-28 20:14 --------- d-----w C:\Arquivos de programas\Telefonica

2007-11-28 18:56 --------- d-----w C:\Arquivos de programas\Google

2007-11-28 18:52 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2007-11-28 18:25 --------- d-----w C:\Arquivos de programas\CyberLink

2007-11-14 04:40 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2007-11-09 15:55 --------- d-----w C:\Arquivos de programas\MediaCoder

2007-11-09 15:18 --------- d-----w C:\Documents and Settings\x\Dados de aplicativos\MegauploadToolbar

2007-10-09 14:10 4,825 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-10-09 14:10 39,471 ----a-w C:\WINDOWS\BricoPackUninst.cmd

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 08:15 106496]

"SiSPower"="SiSPower.dll" [2005-03-03 16:50 49152 C:\WINDOWS\system32\SiSPower.dll]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-31 16:09 579072]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-12-31 16:09 219136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-08-20 08:01 124928 C:\WINDOWS\system32\advpack.dll]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-12-10 21:06:30]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Iniciar^Programas^Inicializar^Utility Tray.lnk]

backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 01:45 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]

Rundll32.exe SiSPower.dll,ModeAgent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]

2002-07-12 08:15 106496 --a------ C:\WINDOWS\SiSUSBrg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 06:43]

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []

S3 dump_wmimmc;dump_wmimmc;C:\Documents and Settings\x\Desktop\l2\System\GameGuard\dump_wmimmc.sys []

S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 06:42]

S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 06:42]

S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 06:42]

S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 06:42]

 

*Newly Created Service* - PROCEXP90

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-01 15:35:03

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-01-01 15 36 28

.

2007-07-06 23:49:38 --- E O F ---

[jgarcia 1]

Opa Josyy,

 

Submeta os arquivos abaixo, um a um, ao site VirusTotal:

 

C:\WINDOWS\QTFont.qfn

C:\WINDOWS\QTFont.for

C:\WINDOWS\Remove.ini

 

... e retorne com os resultados.

 

Abraços.

[Josyy 0]

QTFont.qfn

http://www.virustotal.com/pt/analisis/a6ff...5bef9bd20df3a2d

 

QTFont.for

http://www.virustotal.com/pt/analisis/f729...08382162922ff4e

 

Remove.ini

http://www.virustotal.com/pt/analisis/3045...d759aca65ebb628

[jgarcia 1]

Opa Josyy,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Josyy 0]

Lamentamos. O ActiveScan requer o browser Microsoft Internet Explorer 5.0 ou uma versão posterior.

 

Mesmo com o explorer no meu computador ele não abre.

[jgarcia 1]

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

O seu IE é o 7.0, ou seja, uma versão superior ao Microsoft Internet Explorer 5.0. Não dá para entender!? :no:

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.