[Arquivado] Provável infestação no meu PC

[Júniorsc 0]

Boa tarde,

Há alguns dias meu PC vem se apresntando lento e começou a encerrar aplicativos repentinamente.

Estou enviando um log do Hijackthis. Na última vez que postei aqui, não enviei resposta da solução do problema pq resolvi trocar a máquina e peguei uma nova, que é esta que começou a apresentar problemas agora. Estou com ela há 1 ano e não pretendo trocá-la. Utilizo vários programas de segurança e até agora vinha gerenciando bem as infestações, bloqueando a maioria das pestes. Só que, ao que parece, algo conseguiu furar o bloqueio. Agradeço muito qualquer ajuda que puderem me dar.

Abraços,

juniorsc.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:43:23, on 13/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

C:\WINDOWS\Explorer.EXE

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe

C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

C:\WINDOWS\system32\winmine.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: SECUREMAKER.lnk = C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...204/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: McAfee Application Installer Cleanup (0029231200010086) (0029231200010086mcinstcleanup) - Unknown owner - C:\DOCUME~1\Usuario\CONFIG~1\Temp\002923~1.EXE (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

[jgarcia 1]

Opa Júniorsc,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[Júniorsc 0]

Caro JGarcia,

Procedi conforme sua instrução e estou enviando os logs que solicitou.

Abraço,

JúniorSC.

 

ComboFix 08-02-17.2 - Usuario 2008-02-17 13:18:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.395 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Meus documentos\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Usuario\Dados de aplicativos\macromedia\Flash Player\#SharedObjects\CRKB34J2\www.broadcaster.com

C:\Documents and Settings\Usuario\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\Documents and Settings\Usuario\Dados de aplicativos\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\WINDOWS\svchosts.dll

C:\WINDOWS\system32\5_exception.nls

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_WINCOM32

-------\LEGACY_WINDEV-7043-183C

-------\windev-7043-183c

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))

.

 

Nenhum ficheiro/arquivo criado durante este per¡odo

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-17 15:55 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Skype

2008-02-17 15:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-02-17 15:13 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-02-08 00:03 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-01-18 03:09 --------- d-----w C:\Arquivos de programas\eMule

2008-01-11 00:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-01-11 00:08 --------- d-----w C:\Arquivos de programas\Arquivos comuns\McAfee

2008-01-11 00:07 --------- d-----w C:\Arquivos de programas\McAfee.com

2008-01-11 00:07 --------- d-----w C:\Arquivos de programas\McAfee

2008-01-06 04:55 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-01-01 13:57 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\SecureMaker

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-06-18 05:56 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-04-29 21:08 1,362,977 ----a-w C:\Arquivos de programas\BitLord_1.01.exe

2007-04-28 17:09 16 ----a-w C:\Arquivos de programas\opproject.lck

2007-04-28 17:08 630 ----a-w C:\Arquivos de programas\opproject.log

2007-04-28 17:08 428 ----a-w C:\Arquivos de programas\opproject.properties

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2006-03-13 23:06 1397760]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 5898240]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 23:33 86016]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-02-13 15:29 35328]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 20:17 421888]

"Anti-Trojan-Watch"="" []

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-15 01:19 2776576]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IETI"="C:\Arquivos de programas\Skype\Phone\IEPlugin\unins000.exe" [2007-04-28 15:43 674138]

 

C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]

SECUREMAKER.lnk - C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe [2007-07-13 08:35:02 3227648]

Windows Desktop Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-09 02:51]

R2 sm;SECUREMAKER driver;C:\WINDOWS\system32\drivers\sm.sys [2007-07-05 12:10]

S2 0029231200010086mcinstcleanup;McAfee Application Installer Cleanup (0029231200010086);C:\DOCUME~1\Usuario\CONFIG~1\Temp\002923~1.EXE C:\ARQUIV~1\ARQUIV~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-02-15 03:17:07 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\ARQUIV~1\mcafee\mqc\QcConsol.exe'

"2008-02-01 03:00:01 C:\WINDOWS\Tasks\McQcTask.job"

- c:\ARQUIV~1\mcafee\mqc\QcConsol.exe

"2008-02-17 16:23:53 C:\WINDOWS\Tasks\Microsoft Office Outlook 2007.job"

- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Outlook 2007.lnk

"2008-02-17 16:26:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-17 13:24:57

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\SearchFilterHost.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-02-17 13:27:45 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-17 16:27:37

.

2008-02-14 17:31:11 --- E O F ---

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:33:32, on 17/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: SECUREMAKER.lnk = C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...204/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: McAfee Application Installer Cleanup (0029231200010086) (0029231200010086mcinstcleanup) - Unknown owner - C:\DOCUME~1\Usuario\CONFIG~1\Temp\002923~1.EXE (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

[jgarcia 1]

Opa Júniorsc,

 

Execute o Active Scan da Panda, observando os seguintes procedimentos:

 

1) Alguns anti-vírus, tal como o AVAST, podem exibir um alerta de detecção durante a execução do scan, porém tal alerta deve ser ignorado. O aviso não passa de um falso-positivo. Sugiro que o AV seja desabilitado, temporariamente, a fim de que o scan ocorra sem problemas;

 

2) Para iniciar o processo, clique sobre o botão ;

 

3) Informe os dados solicitados no formulário;

 

4) Clique sobre o botão "Pesquise agora sem custos";

 

5) Siga todas as instruções que lhe serão passadas e aguarde o fim da varredura;

 

6) Ao término do scan, clique em visualizar o log. Salve-o em seu Desktop;

 

7) Poste o conteúdo do log em sua próxima resposta.

 

Abraços.

[Júniorsc 0]

Olá JGarcia,

Desculpe a demora pra lhe retornar.

Efetuei o scan com o Panda ActiveScan e o mesmo não encontrou nada: "Não foram encontrados vírus ou quaisquer outros códigos maliciosos!".

Entretyanto, meu PC continua fechando o IE (não é sempre, mas acontece), além de estar lento (qdo navego ele demora pra abrir as páginas, mesmo tendo conexão via cabo de 4 Kbps). Continuo achando que há alguma praga.

Aguardo seu contato.

Abraço,

JúniorSC.

[jgarcia 1]

Opa Júniorsc,

 

Vamos tentar resolver o problema remanescente por meio do CCleaner -> baixe aqui.

 

1. Para efetivar a limpeza basta marcar a opção Limpeza – no alto e à esquerda – e clicar em Executar Limpeza – abaixo e à direita. Neste caso você poderá optar pela limpeza do Windows, de Programas ou de ambos;

 

2. Para a correção de erros basta escolher a opção Registro – no alto e à esquerda – clicar em Procurar erros – abaixo e à esquerda – e depois em Corrigir Erros Selecionados – abaixo e à direita (por padrão todos serão selecionados);

 

3. Em Ferramentas – no alto e à esquerda – você poderá efetivar a desinstalação de programas (os mesmos contidos em Adicionar / Remover programas) ou ainda remover processos de programas contidos na inicialização (somente para usuários experientes);

 

4. Em Opções encontram-se os dispositivos de configuração do CCleaner, os quais sugiro que permaneçam inalterados.

 

Execute as ações acima (apenas 1. e 2.) e retorne com o resultado.

 

Abraços.

[Júniorsc 0]

Prezado JGarcia,

Demorei pra responder pq estava viajando a trabalho.

Efetuei a limpeza com o CCleaner e o relatório gerado foi ENORME!

Estou enviando o mesmo em partes, pois o site não aceitou o envio integral do mesmo e aguardo suas instruções.

Abraço,

JúniorSC.

 

Aí vai:

 

 

Windows Registry Editor Version 5.00

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\system32\\DIMM.DLL"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-dan.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-cht.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-nld.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-fra.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-deu.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-ita.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-jpn.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-kor.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-nor.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-ptg.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-rus.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-esp.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-sve.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-fin.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-chs.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-plk.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-csy.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-sky.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-slv.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-hun.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-tha.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-trk.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-ell.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\CoverDesigner\\covered-esl.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_chs.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_cht.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_deu.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_esl.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_esp.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_fra.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_ita.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_jpn.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_kor.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_nld.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_ptg.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero StartSmart\\NeroStartSmart_sve.chm"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Arquivos de programas\\Ahead\\Nero BackItUp\\BackItUp-Jpn.nls"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.Windows.Forms.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.EnterpriseServices.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.JScript.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.Vsa.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.Drawing.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\mscoree.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\mscorlib.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\System.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"=dword:00001000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\system32\\pxwma.dll"=dword:00000004

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\system32\\pxcpyi64.exe"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\WINDOWS\\system32\\INETWH32.dll"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Adobe\\Photoshop Album\\Catálogos\\My Catalog.psa"=dword:00000001

 

[HKEY_CLASSES_ROOT\.eta]

@="Google Earth.etafile"

 

[HKEY_CLASSES_ROOT\DefaultIcon]

 

[HKEY_CLASSES_ROOT\OISemffile]

@=""

 

[HKEY_CLASSES_ROOT\OIStiffile]

@=""

 

[HKEY_CLASSES_ROOT\OISwmffile]

@=""

 

[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]

 

[HKEY_CLASSES_ROOT\WMPCD]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.006\OpenWithList]

"a"="CorelPP.exe"

"MRUList"="a"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\OpenWithList]

 

[HKEY_CLASSES_ROOT\acrobat\DefaultIcon]

@="C:\\Arquivos de programas\\Adobe\\Reader 8.0\\Acrobat\\AcroRd32.exe"

 

[HKEY_CLASSES_ROOT\ADCS]

@="Recipiente de classes de pastas"

 

[HKEY_CLASSES_ROOT\ADCS\CLSID]

@="{89E30300-764D-11d0-B282-00A0C90F56FC}"

 

[HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon]

@="C:\\WINDOWS\\system32\\CMMGR32.EXE,1"

 

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open]

 

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command]

@="C:\\WINDOWS\\system32\\CMMGR32.EXE \"%1\""

 

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...]

 

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command]

@="C:\\WINDOWS\\system32\\CMMGR32.EXE /settings \"%1\""

 

[HKEY_CLASSES_ROOT\dcsfile\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,11"

 

[HKEY_CLASSES_ROOT\DirectAnimation.PathControl]

@="Microsoft DirectAnimation Path"

 

[HKEY_CLASSES_ROOT\DirectAnimation.PathControl\CLSID]

@="{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}"

 

[HKEY_CLASSES_ROOT\DirectAnimation.Sequence]

@="Microsoft DirectAnimation Sequence"

 

[HKEY_CLASSES_ROOT\DirectAnimation.Sequence\CLSID]

@="{4F241DB1-EE9F-11D0-9824-006097C99E51}"

 

[HKEY_CLASSES_ROOT\DirectAnimation.SequencerControl]

@="Microsoft DirectAnimation Sequencer"

 

[HKEY_CLASSES_ROOT\DirectAnimation.SequencerControl\CLSID]

@="{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}"

 

[HKEY_CLASSES_ROOT\DirectAnimation.SpriteControl]

@="Microsoft DirectAnimation Sprite"

 

[HKEY_CLASSES_ROOT\DirectAnimation.SpriteControl\CLSID]

@="{FD179533-D86E-11D0-89D6-00A0C90833E6}"

 

[HKEY_CLASSES_ROOT\DirectAnimation.StructuredGraphicsControl]

@="Microsoft DirectAnimation Structured Graphics"

 

[HKEY_CLASSES_ROOT\DirectAnimation.StructuredGraphicsControl\CLSID]

@="{369303C2-D7AC-11D0-89D5-00A0C90833E6}"

 

[HKEY_CLASSES_ROOT\ecsfile\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,10"

 

[HKEY_CLASSES_ROOT\fcsfile\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,12"

 

[HKEY_CLASSES_ROOT\GoogleGadget\DefaultIcon]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\",0"

 

[HKEY_CLASSES_ROOT\GoogleGadget\shell\open]

@="&Open with Google Desktop"

 

[HKEY_CLASSES_ROOT\GoogleGadget\shell\open\command]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /display /load \"%1\""

 

[HKEY_CLASSES_ROOT\GoogleGadgetManifest\DefaultIcon]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\",0"

 

[HKEY_CLASSES_ROOT\GoogleGadgetManifest\shell\open]

 

[HKEY_CLASSES_ROOT\GoogleGadgetManifest\shell\open\command]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /display /load \"%1\""

 

[HKEY_CLASSES_ROOT\InfoPath.TemplatePart.2]

 

[HKEY_CLASSES_ROOT\InfoPath.TemplatePart.2\shell]

@="open"

 

[HKEY_CLASSES_ROOT\kavwebscan.KAVWebScan.1]

@="CKAVWebScan Object"

 

[HKEY_CLASSES_ROOT\kavwebscan.KAVWebScan.1\CLSID]

@="{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}"

 

[HKEY_CLASSES_ROOT\MailFileAtt]

 

[HKEY_CLASSES_ROOT\MailFileAtt\CLSID]

@="{00020D05-0000-0000-C000-000000000046}"

 

[HKEY_CLASSES_ROOT\mapifvbx.object]

@="MAPIForm object"

 

[HKEY_CLASSES_ROOT\mapifvbx.object\Clsid]

@="{41116C00-8B90-101B-96CD-00AA003B14FC}"

 

[HKEY_CLASSES_ROOT\mapifvbx.object.1]

@="MAPIForm object (V 1.0)"

 

[HKEY_CLASSES_ROOT\mapifvbx.object.1\Clsid]

@="{41116C00-8B90-101B-96CD-00AA003B14FC}"

 

[HKEY_CLASSES_ROOT\ncsfile\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,14"

 

[HKEY_CLASSES_ROOT\OGACheckControl.LegitCheck.1]

@="Office Genuine Advantage Validation Tool"

 

[HKEY_CLASSES_ROOT\OGACheckControl.LegitCheck.1\CLSID]

@="{05CA9FB0-3E3E-4b36-BF41-0E3A5CAA8CD8}"

 

 

 

[HKEY_CLASSES_ROOT\Picture]

@="Picture"

 

[HKEY_CLASSES_ROOT\Picture\Shell]

@="OpenWithPowerProducer"

 

[HKEY_CLASSES_ROOT\SPhoneParser.FoundSkypeNumber]

@="FoundSkypeNumber Class"

 

[HKEY_CLASSES_ROOT\SPhoneParser.FoundSkypeNumber\CLSID]

@="{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}"

 

[HKEY_CLASSES_ROOT\SPhoneParser.FoundSkypeNumber\CurVer]

@="SPhoneParser.FoundSkypeNumber.1"

 

[HKEY_CLASSES_ROOT\SPhoneParser.FoundSkypeNumber.1]

@="FoundSkypeNumber Class"

 

[HKEY_CLASSES_ROOT\SPhoneParser.FoundSkypeNumber.1\CLSID]

@="{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}"

 

[HKEY_CLASSES_ROOT\Symantec.NavSniff.1]

@="Symantec AntiVirus scanner"

 

[HKEY_CLASSES_ROOT\Symantec.NavSniff.1\CLSID]

@="{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}"

 

[HKEY_CLASSES_ROOT\tcsfile\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,13"

 

[HKEY_CLASSES_ROOT\urn:content-classes:catalog\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,15"

 

[HKEY_CLASSES_ROOT\urn:content-classes:catalog-settings\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12471"

 

[HKEY_CLASSES_ROOT\urn:content-classes:contentclassdef\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-13101"

 

[HKEY_CLASSES_ROOT\urn:content-classes:exchange55startaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12451"

 

[HKEY_CLASSES_ROOT\urn:content-classes:exchangestartaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12451"

 

[HKEY_CLASSES_ROOT\urn:content-classes:filestartaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12453"

 

[HKEY_CLASSES_ROOT\urn:content-classes:management\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,20"

 

[HKEY_CLASSES_ROOT\urn:content-classes:notesstartaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12456"

 

[HKEY_CLASSES_ROOT\urn:content-classes:remoteworkspacestartaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12454"

 

[HKEY_CLASSES_ROOT\urn:content-classes:webstartaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12450"

 

[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addcontentclass\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-13100"

 

[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addsearchcontentlocation\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12461"

 

[HKEY_CLASSES_ROOT\urn:content-classes:workspace-settings\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12472"

 

[HKEY_CLASSES_ROOT\urn:content-classes:workspaceconfiguration\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12476"

 

[HKEY_CLASSES_ROOT\urn:content-classes:workspacestartaddress\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,-12454"

 

[HKEY_CLASSES_ROOT\wcsfile\DefaultIcon]

@="C:\\Arquivos de programas\\Arquivos comuns\\Microsoft Shared\\Web Folders\\pkmres.dll,9"

 

[HKEY_CLASSES_ROOT\wdsShell.WDSCalendar]

@="Windows Desktop Search Calendar class"

 

[HKEY_CLASSES_ROOT\wdsShell.WDSCalendar\CLSID]

@="{10935444-7CC4-483B-9FDB-37560F5F3BBF2}"

 

[HKEY_CLASSES_ROOT\wdsShell.WDSCalendar\CurVer]

@="wdsShell.WDSCalendar.1"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}]

@="ActiveXPlugin Object"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Control]

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories]

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\InprocServer32]

@="C:\\WINDOWS\\system32\\plugin.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus]

@="0"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus\1]

@="131473"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ProgID]

@="Microsoft.ActiveXPlugin.1"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ToolboxBitmap32]

@="C:\\WINDOWS\\system32\\plugin.ocx, 1"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\TypeLib]

@="{06DD38D0-D187-11CF-A80D-00C04FD74AD8}"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Version]

@="1.0"

 

[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\VersionIndependentProgID]

@="Microsoft.ActiveXPlugin"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}]

@="DMZMgr Control"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\Control]

@=""

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\Implemented Categories]

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\InprocServer32]

@="C:\\ARQUIV~1\\Finjan\\SURFIN~1\\bin\\DMZMgr.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\MiscStatus]

@="0"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\MiscStatus\1]

@="131473"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\ProgID]

@="SurfinShield.DMZManager"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\ToolboxBitmap32]

@="C:\\ARQUIV~1\\Finjan\\SURFIN~1\\bin\\DMZMgr.ocx, 16001"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\TypeLib]

@="{2991E83A-5EA0-11D2-B5CD-00600854AF13}"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83D-5EA0-11D2-B5CD-00600854AF13}\Version]

@="1.0"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83E-5EA0-11D2-B5CD-00600854AF13}]

@="DMZMgr Property Page"

 

[HKEY_CLASSES_ROOT\CLSID\{2991E83E-5EA0-11D2-B5CD-00600854AF13}\InprocServer32]

@="C:\\ARQUIV~1\\Finjan\\SURFIN~1\\bin\\DMZMgr.ocx"

 

[HKEY_CLASSES_ROOT\CLSID\{2BC66F51-93A8-11D3-BEB6-00105AA9B6AE}]

@="PSFactoryBuffer"

 

[HKEY_CLASSES_ROOT\CLSID\{2BC66F51-93A8-11D3-BEB6-00105AA9B6AE}\InProcServer32]

@="C:\\WINDOWS\\Downloaded Program Files\\avsniff.dll"

"ThreadingModel"="Both"

 

[HKEY_CLASSES_ROOT\CLSID\{40BC80C0-5B92-44F6-91CE-6D000C9AACF5}]

@="Weather Options"

 

[HKEY_CLASSES_ROOT\CLSID\{40BC80C0-5B92-44F6-91CE-6D000C9AACF5}\InprocServer32]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\""

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{40BC80C0-5B92-44F6-91CE-6D000C9AACF5}\Programmable]

 

[HKEY_CLASSES_ROOT\CLSID\{40BC80C0-5B92-44F6-91CE-6D000C9AACF5}\TypeLib]

@="{ACD1A266-C77B-4691-B96A-AF712B83A364}"

 

[HKEY_CLASSES_ROOT\CLSID\{44270ABA-D71B-11DA-8750-001185653D78}]

@="Google Toolbar User Broker"

 

[HKEY_CLASSES_ROOT\CLSID\{44270ABA-D71B-11DA-8750-001185653D78}\LocalServer32]

@="\"c:\\arquivos de programas\\google\\googletoolbar1user.exe\""

 

[HKEY_CLASSES_ROOT\CLSID\{5373CB31-110C-11d6-B7F4-0090279129BC}]

@="Corel DRAW Bevel Tool"

 

[HKEY_CLASSES_ROOT\CLSID\{5373CB31-110C-11d6-B7F4-0090279129BC}\InprocServer32]

@="C:\\Arquivos de programas\\Corel\\Corel Graphics 11\\PROGRAMS\\DrwBevelTool110.dll"

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}]

@="RegValues.CRegistryEintraege"

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\Implemented Categories]

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\InprocServer32]

@="C:\\Arquivos de programas\\Anti-Trojan-55\\DLL\\RegValues.dll"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\ProgID]

@="RegValues.CRegistryEintraege"

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\Programmable]

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\TypeLib]

@="{759253B3-FCD6-11D3-81A0-64C832C10000}"

 

[HKEY_CLASSES_ROOT\CLSID\{759253B5-FCD6-11D3-81A0-64C832C10000}\VERSION]

@="1.0"

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}]

@="Registry.CRegistry"

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\Implemented Categories]

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}]

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\InprocServer32]

@="C:\\Arquivos de programas\\Anti-Trojan-55\\DLL\\Registry.dll"

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\ProgID]

@="Registry.CRegistry"

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\Programmable]

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\TypeLib]

@="{759253FA-FCD6-11D3-81A0-64C832C10000}"

 

[HKEY_CLASSES_ROOT\CLSID\{759253FC-FCD6-11D3-81A0-64C832C10000}\VERSION]

@="13.0"

 

[HKEY_CLASSES_ROOT\CLSID\{7DD60240-E101-11D2-865D-00A0C9E79206}]

@="SurfinShield.SfsLogicServer"

 

[HKEY_CLASSES_ROOT\CLSID\{7DD60240-E101-11D2-865D-00A0C9E79206}\InprocHandler32]

@="ole32.dll"

 

[HKEY_CLASSES_ROOT\CLSID\{7DD60240-E101-11D2-865D-00A0C9E79206}\LocalServer32]

@="C:\\ARQUIV~1\\Finjan\\SURFIN~1\\bin\\winsfcm.exe"

 

[HKEY_CLASSES_ROOT\CLSID\{7DD60240-E101-11D2-865D-00A0C9E79206}\ProgID]

@="SurfinShield.SfsLogicServer"

 

[HKEY_CLASSES_ROOT\CLSID\{7DF02555-7D2E-11D2-8E96-006097B45F8B}]

@="SurfinShield.DMZFrame"

 

[HKEY_CLASSES_ROOT\CLSID\{7DF02555-7D2E-11D2-8E96-006097B45F8B}\InprocHandler32]

@="ole32.dll"

 

[HKEY_CLASSES_ROOT\CLSID\{7DF02555-7D2E-11D2-8E96-006097B45F8B}\LocalServer32]

@="C:\\ARQUIV~1\\Finjan\\SURFIN~1\\bin\\DMZFrame.exe"

 

[HKEY_CLASSES_ROOT\CLSID\{7DF02555-7D2E-11D2-8E96-006097B45F8B}\ProgID]

@="SurfinShield.DMZFrame"

 

[HKEY_CLASSES_ROOT\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}]

@="eProtocol"

 

[HKEY_CLASSES_ROOT\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\LocalServer32]

@="C:\\DOCUME~1\\Usuario\\CONFIG~1\\Temp\\wze55f\\ENTEND~1.EXE"

 

[HKEY_CLASSES_ROOT\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71}\ProgID]

@="Entendendo o Mercado de Ações.eProtocol"

 

[HKEY_CLASSES_ROOT\CLSID\{A1E23136-DA3C-49F3-9DF5-C209A89C03AA}]

@="Weather Details View"

 

[HKEY_CLASSES_ROOT\CLSID\{A1E23136-DA3C-49F3-9DF5-C209A89C03AA}\InprocServer32]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\""

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{A1E23136-DA3C-49F3-9DF5-C209A89C03AA}\Programmable]

 

[HKEY_CLASSES_ROOT\CLSID\{A1E23136-DA3C-49F3-9DF5-C209A89C03AA}\TypeLib]

@="{ACD1A266-C77B-4691-B96A-AF712B83A364}"

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}]

@="Weather"

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}\Description]

@="Shows weather for specified locations"

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}\InprocServer32]

@="\"C:\\Arquivos de programas\\Google\\Google Desktop Search\\GoogleDesktop.exe\""

"ThreadingModel"="Apartment"

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}\MiscStatus]

@="0"

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}\MiscStatus\1]

@="131072"

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}\Programmable]

 

[HKEY_CLASSES_ROOT\CLSID\{A5B8FE6A-E3E1-40F3-8189-630E37C2AA47}\TypeLib]

@="{ACD1A266-C77B-4691-B96A-AF712B83A364}"

 

[HKEY_CLASSES_ROOT\Applications\moviemk.exe]

 

[HKEY_CLASSES_ROOT\Applications\moviemk.exe\shell]

"FriendlyCache"="Movie Maker"

 

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\open]

@="Open with &WinZip"

 

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\open\command]

@="C:\\ARQUIV~1\\WINZIP\\winzip32.exe \"%1\""

 

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\print]

 

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\print\command]

@="C:\\ARQUIV~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe]

@="C:\\WINDOWS\\system32\\cmmgr32.exe"

"Path"="C:\\WINDOWS\\system32"

"CmstpExtensionDll"="C:\\WINDOWS\\system32\\cmcfg32.dll"

"CMInternalVersion"="1.2"

"CmNative"=dword:00000001

"ProfilesUpgraded"=dword:00000002

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]

"nwindcs9.cnt"=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]

"nwind9.cnt"=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]

"nwind9.hlp"=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]

"nwindcs9.hlp"=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash]

"DisplayName"="Adobe Flash Player 9 ActiveX"

"UninstallString"="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9c.exe -uninstallUnlock"

"RequiresIESysFile"="4.70.0.1155"

"Publisher"="Adobe Systems"

"DisplayVersion"="9.0.115.0"

"VersionMajor"="9"

"VersionMinor"="0"

"HelpLink"="http://www.adobe.com/go/flashplayer_support/"

"URLUpdateInfo"="http://www.adobe.com/go/flashplayer/"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WDIC]

"DisplayName"="DIC Prático Michaelis"

"UninstallString"="C:\\DTS\\WDIC\\instal32.exe -d"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KB917283.T1_1ToU93_1]

"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\

00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KB922770.T1_1ToU168_1]

"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\

00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\M886903]

"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\

00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Skype_is1]

"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,70,d8,01,00,00,00,00,3e,81,a8,\

e3,ca,89,c7,01,01,00,00,00,43,00,3a,00,5c,00,41,00,72,00,71,00,75,00,69,00,\

76,00,6f,00,73,00,20,00,64,00,65,00,20,00,70,00,72,00,6f,00,67,00,72,00,61,\

00,6d,00,61,00,73,00,5c,00,53,00,6b,00,79,00,70,00,65,00,5c,00,50,00,68,00,\

6f,00,6e,00,65,00,5c,00,49,00,45,00,50,00,6c,00,75,00,67,00,69,00,6e,00,5c,\

00,69,00,65,00,74,00,69,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ToolBand.SkypeIEToolbarToolbar]

"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,d0,41,00,00,00,00,00,3e,81,a8,\

e3,ca,89,c7,01,01,00,00,00,43,00,3a,00,5c,00,41,00,72,00,71,00,75,00,69,00,\

76,00,6f,00,73,00,20,00,64,00,65,00,20,00,70,00,72,00,6f,00,67,00,72,00,61,\

00,6d,00,61,00,73,00,5c,00,53,00,6b,00,79,00,70,00,65,00,5c,00,50,00,68,00,\

6f,00,6e,00,65,00,5c,00,49,00,45,00,50,00,6c,00,75,00,67,00,69,00,6e,00,5c,\

00,69,00,65,00,74,00,69,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC76BA86-7AD7-1046-7B44-A80000000000}]

"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,94,e3,07,00,00,00,00,76,ee,19,\

56,61,88,c7,01,02,00,00,00,43,00,3a,00,5c,00,41,00,72,00,71,00,75,00,69,00,\

76,00,6f,00,73,00,20,00,64,00,65,00,20,00,70,00,72,00,6f,00,67,00,72,00,61,\

00,6d,00,61,00,73,00,5c,00,41,00,64,00,6f,00,62,00,65,00,5c,00,52,00,65,00,\

61,00,64,00,65,00,72,00,20,00,38,00,2e,00,30,00,5c,00,52,00,65,00,61,00,64,\

00,65,00,72,00,5c,00,41,00,64,00,6f,00,62,00,65,00,43,00,6f,00,6c,00,6c,00,\

61,00,62,00,53,00,79,00,6e,00,63,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E659E0EE-10E6-49B7-8696-60F38D0EB174}]

"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,08,e6,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

 

[HKEY_CURRENT_USER\Software\Becherovka 2005]

 

[HKEY_CURRENT_USER\Software\Wget]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\SoftwareDistribution\\Download\\Install\\WindowsXP-KB905474-PTB-x86.exe"="Hotfix Package"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"c:\\242a0cf52f617933607d7a6a06\\update\\update.exe"="Instalação do Windows Service Pack"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9c.exe"="Adobe Flash Player Helper 9.0 r45"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\DOCUME~1\\Usuario\\CONFIG~1\\Temp\\FlashPlayerUpdate.exe"="Adobe® Flash® Player ActiveX Installer"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\327882R2FWJFW\\nircmd.com"="NirCmd"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\WINDOWS\\system32\\kmd.exe"="Processador de comandos do Windows"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\ComboFix\\ERUNT.cfexe"="ERUNT"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]

"C:\\Documents and Settings\\Usuario\\Configurações locais\\Temporary Internet Files\\Content.IE5\\IZZOHUTG\\ccsetup205[2].exe"="CCleaner Installer"

[jgarcia 1]

Opa Júniorsc,

 

Como anda a performance da máquina?

[Júniorsc 0]

Olá JGarcia,

A demora pra responder-lhe é pq o PC ficou mais de uma semana sem conexão com a Internet. Minha conexão é por cabo, 24h e, qdo tentava acessar o explorer, aparecia "O IExplorer não pode se conectar a internet". A empresa está monitorando o sinal, que aparentemente está normal. Hj, por milagre, consegui conexão. Não sei se é alguma praga, mas estou desconfiado.

você sugere mais alguma ação?

Um abraço,

Júniorsc.

[jgarcia 1]

Olá JGarcia,

A demora pra responder-lhe é pq o PC ficou mais de uma semana sem conexão com a Internet. Minha conexão é por cabo, 24h e, qdo tentava acessar o explorer, aparecia "O IExplorer não pode se conectar a internet". A empresa está monitorando o sinal, que aparentemente está normal. Hj, por milagre, consegui conexão. Não sei se é alguma praga, mas estou desconfiado.

você sugere mais alguma ação?

Um abraço,

Júniorsc.

O problema parece não possuir relação com malwares. Como anda a conexão?

[Júniorsc 0]

Olá JGarcia,

Mais uma vez peço desculpas pela demora do feedback, mas estava fora e só cheguei ontem.

A conexão continua a mesma coisa. O que está muito estranho é que, qdo tento fazer uma varredura com o "Spyware Terminator", entra uma janela do "Windows Defender" avisando sobre a presença do "Adware:Win32/Generic.A", high level alert. E o ST simplesmente varre por apenas 8 segundos, sumindo após esse tempo, ou seja, não está mais fazendo a varredura do sistema. É como se algo o deletasse repentinamente. Além disso, tentei fazer nova varredura pelo PandaActiveScan e não consegui, acusa erro. Pela minha experiência, penso haver algo estranho nesta máquina. :blink:

Por via das dúvidas, estou enviando novo log do HijackThis.

Se puder ajudar, agradeço!

Um grande abraço,

JúniorSC.

 

Logfile of HijackThis v1.99.1

Scan saved at 12:32:57, on 11/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

C:\Arquivos de programas\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\Arquivos de programas\Winamp\winampa.exe

C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe

C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\ARQUIV~1\Crawler\Toolbar\CToolbar.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jucheck.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Usuario\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Arquivos de programas\Winamp\winampa.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: SECUREMAKER.lnk = C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...204/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\ARQUIV~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcpromgr.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Arquivos de programas\WinClamAVShield\sp_clamsrv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

[Ravani 0]

se for de ajuda, existe um programa muito bom chamado "Advanced Windows Care". Ele faz uma geral no PC, removendo problemas com registro e outras coisas que costumam causar lentidao na maquina. se quiser o programa, manda um e-mail pra mim que eu te passo: dark_gmbt@hotmail.com

[jgarcia 1]

Opa Júniorsc,

 

Poste um novo log do ComboFix.

 

Abraços.

[Júniorsc 0]

Caro JGARCIA,

Desculpe, mais uma vez, a demora pra lhe responder. Estou lhe enviando o relatório gerado pelo ComboFix.

Aguardo suas instruções.

Abraço,

JuniorSC.

 

ComboFix 08-04-27.3 - Usuario 2008-04-28 23:46:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.481 [GMT -3:00]

Executando de: C:\Documents and Settings\Usuario\Meus documentos\ComboFix.exe

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))

.

 

2008-04-28 16:17 . 2008-04-28 17:26 <DIR> d-------- C:\Recnet

2008-04-28 16:17 . 2006-10-31 13:12 128,000 --a------ C:\WINDOWS\DesinstWRecnet.exe

2008-04-28 16:17 . 2008-02-12 14:27 122,880 --a------ C:\WINDOWS\DesinstRecnet.exe

2008-04-28 16:17 . 2006-10-31 13:12 5,361 --a------ C:\WINDOWS\DesinstWRecnet.ini

2008-04-28 16:17 . 2008-04-28 16:17 127 --a------ C:\WINDOWS\REC-NET.INI

2008-04-28 16:16 . 2008-04-28 16:16 <DIR> d-------- C:\Arquivos de programas\Programas RFB

2008-04-09 23:37 . 2008-04-09 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Registry Helper

2008-04-09 23:03 . 2008-04-09 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\IncrediMail

2008-04-09 23:03 . 2008-04-09 23:10 <DIR> d-------- C:\Arquivos de programas\IncrediMail

2008-04-03 22:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-03 22:08 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-03 22:08 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-03 18:15 . 2008-04-11 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-04-03 18:15 . 2008-04-03 18:34 <DIR> d-------- C:\Arquivos de programas\Windows Live

2008-04-03 18:15 . 2008-04-03 18:33 <DIR> d--hsc--- C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-29 02:50 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Skype

2008-04-29 02:49 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\DNA

2008-04-28 17:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2008-04-28 17:11 --------- d-----w C:\Arquivos de programas\Spyware Terminator

2008-04-28 17:08 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\Spyware Terminator

2008-04-21 02:30 --------- d-----w C:\Arquivos de programas\WinClamAVShield

2008-04-13 07:06 --------- d-----w C:\Documents and Settings\Usuario\Dados de aplicativos\BitTorrent

2008-04-13 04:46 --------- d-----w C:\Arquivos de programas\eMule

2008-04-10 03:49 --------- d-----w C:\Arquivos de programas\a-squared Free

2008-04-10 01:50 32,776 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2008-04-09 15:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-12 02:46 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-03-11 03:44 --------- d-----w C:\Arquivos de programas\DNA

2008-03-11 03:44 --------- d-----w C:\Arquivos de programas\BitTorrent

2008-03-11 03:36 --------- d-----w C:\Arquivos de programas\BitLord2

2008-03-11 03:26 --------- d-----w C:\Arquivos de programas\BitLord

2008-03-11 01:04 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-03-11 00:39 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-03-11 00:39 --------- d-----w C:\Arquivos de programas\CCleaner

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-29 00:12 --------- d-----w C:\Arquivos de programas\McAfee

2008-02-28 22:14 --------- d-----w C:\Arquivos de programas\Windows Desktop Search

2008-02-28 22:14 --------- d-----w C:\Arquivos de programas\Windows Defender

2008-02-28 22:14 --------- d-----w C:\Arquivos de programas\Winamp

2008-02-28 22:14 --------- d-----w C:\Arquivos de programas\SECUREMAKER

2008-02-28 22:13 --------- d-----w C:\Arquivos de programas\Picasa2

2008-02-28 22:11 --------- d-----w C:\Arquivos de programas\Eset

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2007-06-18 05:56 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-04-29 21:08 1,362,977 ----a-w C:\Arquivos de programas\BitLord_1.01.exe

2007-04-28 17:09 16 ----a-w C:\Arquivos de programas\opproject.lck

2007-04-28 17:08 630 ----a-w C:\Arquivos de programas\opproject.log

2007-04-28 17:08 428 ----a-w C:\Arquivos de programas\opproject.properties

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2008-04-10 23:40 288576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]

"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41 860160]

"InCD"="C:\Arquivos de programas\Ahead\InCD\InCD.exe" [2006-03-13 23:06 1397760]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"RemoteControl"="C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-24 23:33 5898240]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-24 23:33 86016]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2007-02-13 15:29 35328]

"Picasa Media Detector"="C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe" [2006-04-19 20:17 421888]

"Anti-Trojan-Watch"="" []

"SpywareTerminator"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-11 23:46 2957824]

"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]

"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"Windows Defender"="C:\Arquivos de programas\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

"Adobe Photo Downloader"="C:\Arquivos de programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IETI"="C:\Arquivos de programas\Skype\Phone\IEPlugin\unins000.exe" [2007-04-28 15:43 674138]

 

C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]

SECUREMAKER.lnk - C:\Arquivos de programas\SECUREMAKER\SecureMaker.exe [2007-07-13 08:35:02 3227648]

Windows Desktop Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

 

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-11 23:46]

R2 sm;SECUREMAKER driver;C:\WINDOWS\system32\drivers\sm.sys [2007-07-05 12:10]

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-15 04:11:38 C:\WINDOWS\Tasks\McDefragTask.job"

- c:\ARQUIV~1\mcafee\mqc\QcConsol.exe'

"2008-04-01 04:00:00 C:\WINDOWS\Tasks\McQcTask.job"

- c:\ARQUIV~1\mcafee\mqc\QcConsol.exe

"2008-04-29 02:28:59 C:\WINDOWS\Tasks\Microsoft Office Outlook 2007.job"

- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Outlook 2007.lnk

"2008-04-29 02:32:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 23:50:05

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Messenger\A_JuniorSC@hotmail.com\SharingMetadata\Working\database_8C8_5615_C856_FC\$db_clean$ 0 bytes

 

Varredura completada com sucesso

Ficheiros ocultos: 24

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\Arquivos de programas\Eset\pr_imon.dll

.

Tempo para conclusão: 2008-04-28 23:51:31

ComboFix-quarantined-files.txt 2008-04-29 02:51:25

ComboFix2.txt 2008-02-17 16:27:47

 

Pre-Run: 65,490,264,064 bytes disponíveis

Post-Run: 66,004,750,336 bytes disponíveis

 

154 --- E O F --- 2008-04-24 22:08:58

[jgarcia 1]

Opa Júniorsc,

 

Baixe o SilentRunners.

 

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

 

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

 

Abraços.

 

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.