[Arquivado] Micro lento, reiniciando sozinho e tela azul

[eliabner 0]

Olá galera,

 

O meu micro está muito lento, reiniciando sozinho e de vez em quando aparece a tela azul, as vezes quando faço uma pesquisa no google não sou direcionado para o link escolhido por mim, e sim para outro não escolhido e desconhecido.

configuração do micro: placa intel, processador dual core, 512 memoria

abaixo o log do hijachthis: :wacko:

 

Logfile of HijackThis v1.99.1

Scan saved at 07:24:50, on 22/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk142YYBR

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204477029390

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c00824b72a6fd277.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B13E387D-249D-4394-9BA3-B2388D43C01A}: NameServer = 192.168.254.254

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

[jgarcia 1]

Opa eliabner,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Abraços.

[eliabner 0]

Olá jgarcia

 

Conforme solicitado o resultado do Combofix e o log do hijckthis:

 

ComboFix 08-03-25.1 - Familia Soriano 2008-03-26 21:34:03.1 - NTFSx86

Executando de: C:\Documents and Settings\Familia Soriano\Meus documentos\Meus arquivos recebidos\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

-- Script messages for sUBs --

Findstr -MI oemiglib.dll C:\WINDOWS\explorer.exe

MTEE /+ d-delA.dat

 

 

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\ADSTechnology

C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

C:\Arquivos de programas\ADSTechnology\ADSTechnology.exe

C:\Arquivos de programas\ADSTechnology\Uninstall.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

C:\Documents and Settings\Familia Soriano\Dados de aplicativos\inst.exe

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))

.

 

2008-03-22 07:23 . 2008-03-22 07:24 <DIR> d-------- C:\hijackthis

2008-03-21 17:13 . 2008-03-21 17:14 212,849 --a------ C:\hijackthis.zip

2008-03-21 12:17 . 2008-03-21 12:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-21 12:12 . 2008-03-22 04:34 <DIR> d-------- C:\Documents and Settings\Familia Soriano\.housecall6.6

2008-03-16 11:20 . 2008-03-18 22:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-16 11:20 . 2008-03-16 11:20 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-10 00:04 . 2008-03-10 00:04 15,129,632 --a------ C:\Arquivos de programas\IE8-WindowsXP-x86-ENU.exe

2008-03-05 08:40 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS

2008-03-05 08:25 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\cybnpvlkkoxx.sys

2008-03-05 07:27 . 2008-03-05 07:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-03-05 07:27 . 2008-03-05 07:27 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-03-03 23:46 . 2008-03-05 20:14 <DIR> d-------- C:\Arquivos de programas\Windows Live Safety Center

2008-03-03 00:32 . 2008-03-03 00:32 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-03-02 17:34 . 2008-03-02 17:35 <DIR> d-------- C:\4460bb4efeb9d3b8936da8a459

2008-03-02 16:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-02 16:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-26 23:41 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2008-03-26 23:36 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\AVG7

2008-03-21 20:12 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\SiteAdvisor

2008-03-07 23:45 --------- d-----w C:\Arquivos de programas\Google

2008-03-05 13:24 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-05 11:49 --------- d-----w C:\Arquivos de programas\DVD Region-Free

2008-03-05 11:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-04 06:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-02-17 15:47 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\Vso

2008-02-16 22:51 --------- d-----w C:\Arquivos de programas\Nova pasta

2008-02-16 20:48 --------- d-----w C:\Arquivos de programas\lang

2008-02-16 20:36 9,896 ----a-w C:\Arquivos de programas\megaupload_sx.3.2-3.2-fx.xpi

2008-02-15 03:18 --------- d-----w C:\Arquivos de programas\eMule

2008-02-14 23:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-14 02:27 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-10 13:51 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-02-10 02:15 --------- d-----w C:\Arquivos de programas\QuickTime

2008-02-10 02:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-02-02 22:39 --------- d-----w C:\Arquivos de programas\iGv6

2007-12-16 04:07 47,360 ----a-w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\pcouffin.sys

2007-12-15 12:18 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-12-15 12:16 7,025,782 ----a-w C:\Arquivos de programas\mpeg-encoder-47660.exe

2007-09-07 02:26 8 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

2007-07-20 02:51 468,253 ----a-w C:\Arquivos de programas\CCleaner.rar

2005-06-13 15:29 48 ----a-w C:\Arquivos de programas\Leia-me.txt

2003-04-14 17:26 3,929,282 ----a-w C:\Arquivos de programas\SetupXp.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2007-12-28 22:27 579072]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 22:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 12:42 36904]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2007-10-22 22:32 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARQUIV~1\DVDREG~1\DVDShell.dll [2003-08-26 10:58 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-24 23:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

"2008-03-26 23:34:54 C:\WINDOWS\Tasks\startt.job"

- c:\autoexec.bat

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-26 21:40:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

**************************************************************************

.

Tempo para conclusão: 2008-03-26 21:42:40

ComboFix-quarantined-files.txt 2008-03-27 00:41:44

.

2008-03-12 03:08:22 --- E O F ---

 

Logfile of HijackThis v1.99.1

Scan saved at 21:53:34, on 26/3/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [siteAdvisor] C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Search - ?p=ZNxmk142YYBR

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dados de aplicativos\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204477029390

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-c00824b72a6fd277.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B13E387D-249D-4394-9BA3-B2388D43C01A}: NameServer = 192.168.254.254

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe

O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Arquivos de programas\SiteAdvisor\6253\SAService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos

[jgarcia 1]

Opa eliabner,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

C:\WINDOWS\system32\drivers\cybnpvlkkoxx.sys

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\Tasks\startt.job

Folder::

C:\4460bb4efeb9d3b8936da8a459

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[eliabner 0]

Olá jgarcia

conforme solicitado:

 

ComboFix 08-04-06.1 - Familia Soriano 2008-04-06 23:22:11.3 - NTFSx86

Executando de: C:\ComboFix.exe

Command switches used :: C:\Documents and Settings\Familia Soriano\Meus documentos\Meus arquivos recebidos\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Documents and Settings\All Users\Dados de aplicativos\VGANGMJYMWPP.SYS

C:\WINDOWS\system32\drivers\cybnpvlkkoxx.sys

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\Tasks\startt.job

.

The following files were disabled during the run:

C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))

.

 

2008-04-06 23:30 . 2008-04-06 23:30 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS

2008-04-06 23:16 . 2008-04-06 23:16 1,613,559 --a------ C:\ComboFix.exe

2008-04-01 08:01 . 2008-04-05 23:39 2,592 --a------ C:\WINDOWS\svchost

2008-03-30 23:41 . 2008-03-30 23:41 <DIR> d-------- C:\Arquivos de programas\MyRealGames.com

2008-03-30 21:45 . 2008-04-05 23:42 <DIR> d-------- C:\Arquivos de programas\GbPluggin

2008-03-30 18:53 . 2008-03-30 22:20 <DIR> d-------- C:\Arquivos de programas\TVSuper3

2008-03-30 18:53 . 2004-01-14 14:45 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-30 18:53 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx

2008-03-30 18:53 . 2000-05-22 00:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-03-30 18:19 . 2008-03-30 18:19 <DIR> d-------- C:\Documents and Settings\Familia Soriano\Dados de aplicativos\WebCompiler3

2008-03-22 07:23 . 2008-03-26 21:53 <DIR> d-------- C:\hijackthis

2008-03-21 17:13 . 2008-03-21 17:14 212,849 --a------ C:\hijackthis.zip

2008-03-21 12:17 . 2008-03-21 12:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-21 12:12 . 2008-03-22 04:34 <DIR> d-------- C:\Documents and Settings\Familia Soriano\.housecall6.6

2008-03-16 11:20 . 2008-03-29 22:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-16 11:20 . 2008-03-16 11:20 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-10 00:04 . 2008-03-10 00:04 15,129,632 --a------ C:\Arquivos de programas\IE8-WindowsXP-x86-ENU.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 01:20 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2008-04-07 01:19 --------- d-----w C:\Arquivos de programas\eMule

2008-04-02 02:50 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-03-30 14:34 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\AVG7

2008-03-21 20:12 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\SiteAdvisor

2008-03-07 23:45 --------- d-----w C:\Arquivos de programas\Google

2008-03-05 23:14 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-05 13:24 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-05 11:49 --------- d-----w C:\Arquivos de programas\DVD Region-Free

2008-03-05 11:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-04 06:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-03-03 03:32 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-02-17 15:47 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\Vso

2008-02-16 22:51 --------- d-----w C:\Arquivos de programas\Nova pasta

2008-02-16 20:48 --------- d-----w C:\Arquivos de programas\lang

2008-02-16 20:36 9,896 ----a-w C:\Arquivos de programas\megaupload_sx.3.2-3.2-fx.xpi

2008-02-14 23:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-14 02:27 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-02-10 13:51 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-02-10 02:15 --------- d-----w C:\Arquivos de programas\QuickTime

2008-02-10 02:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2007-12-16 04:07 47,360 ----a-w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\pcouffin.sys

2007-12-15 12:18 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-12-15 12:16 7,025,782 ----a-w C:\Arquivos de programas\mpeg-encoder-47660.exe

2007-07-20 02:51 468,253 ----a-w C:\Arquivos de programas\CCleaner.rar

2005-06-13 15:29 48 ----a-w C:\Arquivos de programas\Leia-me.txt

2003-04-14 17:26 3,929,282 ----a-w C:\Arquivos de programas\SetupXp.exe

.

 

((((((((((((((((((((((((((((( snapshot@2008-03-26_21.40.55,93 )))))))))))))))))))))))))))))))))))))))))

.

- 2000-08-31 11:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2000-08-31 11:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe

+ 2000-08-31 11:00:00 80,412 ----a-w C:\WINDOWS\grep.exe

+ 2000-08-31 11:00:00 98,816 ----a-w C:\WINDOWS\sed.exe

+ 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 11:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe

+ 2000-08-31 11:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe

+ 2000-08-31 11:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe

+ 2000-08-31 11:00:00 68,096 ----a-w C:\WINDOWS\zip.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [ ]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 22:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 12:42 36904]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 "C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll" SpecialFunction

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARQUIV~1\DVDREG~1\DVDShell.dll [2003-08-26 10:58 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef]

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll 2008-03-30 21:46 739840 C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-03-31 23:49:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 23:31:40

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

 

PROCESS: C:\WINDOWS\system32\lsass.exe

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

 

PROCESS: C:\WINDOWS\system32\csrss.exe

-> C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

.

Tempo para conclusão: 2008-04-06 23:36:11

ComboFix-quarantined-files.txt 2008-04-07 02:35:18

ComboFix2.txt 2008-03-27 00:42:41

Pre-Run: 47,206,739,968 bytes disponíveis

Post-Run: 47,194,583,040 bytes disponíveis

.

2008-03-12 03:08:22 --- E O F ---

[jgarcia 1]

Opa eliabner,

 

Siga as instruções:

 

1. Reinicie em Modo Seguro.

 

2. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

Folder::

C:\WINDOWS\svchost

C:\Arquivos de programas\GbPluggin

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbiehCef]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

ATENÇÃO: O script acima foi elaborado especificamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 3. Salve o arquivo como CFScript.txt;
   
  4. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  5. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[eliabner 0]

OLÁ JGARCIA, COMO SOLICITADO:

 

ComboFix 08-04-06.1 - Familia Soriano 2008-04-11 0:33:50.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.359 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\Documents and Settings\Familia Soriano\Desktop\CFScript.txt.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ARQUIV~1\GBPLUG~1\gbiehcef.dll

C:\ARQUIV~1\GBPLUG~1\gbpdist.dll

C:\Arquivos de programas\GbPluggin

C:\Arquivos de programas\GbPluggin\Cef.gpc

C:\Arquivos de programas\GbPluggin\gbiehcef.dll

C:\Arquivos de programas\GbPluggin\gbiehcef.gmd

C:\Arquivos de programas\GbPluggin\gbpdist.dll

C:\Arquivos de programas\GbPluggin\gbppsv.exe

C:\Arquivos de programas\GbPluggin\svchost

C:\Documents and Settings\Familia Soriano\Dados de aplicativos\inst.exe

C:\WINDOWS\svchost\

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))

.

 

2008-04-09 00:31 . 2008-04-09 00:31 1,523 --a------ C:\WINDOWS\system32\MRT.INI

2008-04-08 12:02 . 2008-04-08 12:02 49,152 --a------ C:\cartao_uol(2).exe

2008-04-08 12:01 . 2008-04-08 12:01 49,152 --a------ C:\cartao_uol.exe

2008-04-06 23:16 . 2008-04-06 23:16 1,613,559 --a------ C:\ComboFix.exe

2008-04-01 08:01 . 2008-04-09 21:46 3,488 --a------ C:\WINDOWS\svchost

2008-03-30 18:53 . 2008-03-30 22:20 <DIR> d-------- C:\Arquivos de programas\TVSuper3

2008-03-30 18:53 . 2004-01-14 14:45 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-30 18:53 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx

2008-03-30 18:53 . 2000-05-22 00:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-03-30 18:19 . 2008-03-30 18:19 <DIR> d-------- C:\Documents and Settings\Familia Soriano\Dados de aplicativos\WebCompiler3

2008-03-22 07:23 . 2008-03-26 21:53 <DIR> d-------- C:\hijackthis

2008-03-21 17:13 . 2008-03-21 17:14 212,849 --a------ C:\hijackthis.zip

2008-03-21 12:17 . 2008-03-21 12:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-21 12:12 . 2008-03-22 04:34 <DIR> d-------- C:\Documents and Settings\Familia Soriano\.housecall6.6

2008-03-16 11:20 . 2008-03-29 22:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-16 11:20 . 2008-03-16 11:20 1,409 --a------ C:\WINDOWS\QTFont.for

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-11 03:45 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2008-04-11 02:31 --------- d-----w C:\Arquivos de programas\eMule

2008-04-10 00:43 47,360 ----a-w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\pcouffin.sys

2008-04-10 00:43 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\Vso

2008-04-02 02:50 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-03-30 14:34 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\AVG7

2008-03-21 20:12 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\SiteAdvisor

2008-03-10 03:04 15,129,632 ----a-w C:\Arquivos de programas\IE8-WindowsXP-x86-ENU.exe

2008-03-07 23:45 --------- d-----w C:\Arquivos de programas\Google

2008-03-05 23:14 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-05 13:24 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-05 11:49 --------- d-----w C:\Arquivos de programas\DVD Region-Free

2008-03-05 11:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-04 06:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-03-03 03:32 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-02-16 22:51 --------- d-----w C:\Arquivos de programas\Nova pasta

2008-02-16 20:48 --------- d-----w C:\Arquivos de programas\lang

2008-02-16 20:36 9,896 ----a-w C:\Arquivos de programas\megaupload_sx.3.2-3.2-fx.xpi

2008-02-14 23:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-02-14 02:27 691,545 ----a-w C:\WINDOWS\unins000.exe

2007-12-15 12:18 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-07-20 02:51 468,253 ----a-w C:\Arquivos de programas\CCleaner.rar

2005-06-13 15:29 48 ----a-w C:\Arquivos de programas\Leia-me.txt

2003-04-14 17:26 3,929,282 ----a-w C:\Arquivos de programas\SetupXp.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 22:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 12:42 36904]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARQUIV~1\DVDREG~1\DVDShell.dll [2003-08-26 10:58 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

 

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-03-31 23:49:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 00:44:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\Arquivos de programas\SiteAdvisor\6253\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

.

**************************************************************************

.

Tempo para conclusÆo: 2008-04-11 0:51:17 - machine was rebooted [Familia Soriano]

ComboFix-quarantined-files.txt 2008-04-11 03:50:13

ComboFix2.txt 2008-04-07 02:36:14

ComboFix3.txt 2008-03-27 00:42:41

Pre-Run: 47,173,300,224 bytes disponíveis

Post-Run: 47,160,233,984 bytes dispon¡veis

.

2008-04-09 03:33:58 --- E O F ---

[jgarcia 1]

Opa eliabner,

 

Siga as instruções:

 

1. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Arquivos de programas\SetupXp.exe

C:\WINDOWS\system32\MRT.INI

C:\cartao_uol(2).exe

C:\cartao_uol.exe

Folder::

C:\WINDOWS\svchost

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000000

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 2. Salve o arquivo como CFScript.txt;
   
  3. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  4. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta.
  

Abraços.

[eliabner 0]

Olá jgarcia log como solicitado:

 

ComboFix 08-04-17.1 - Familia Soriano 2008-04-18 22:57:37.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.161 [GMT -3:00]

Executando de: C:\ComboFix.exe

Command switches used :: C:\CFScript.txt

* Criado um novo ponto de restauro

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\Arquivos de programas\SetupXp.exe

C:\cartao_uol(2).exe

C:\cartao_uol.exe

C:\WINDOWS\system32\MRT.INI

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\SetupXp.exe

C:\WINDOWS\svchost\

C:\WINDOWS\system32\MRT.INI

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))

.

 

2008-04-18 22:54 . 2008-04-18 22:54 1,770,815 --a------ C:\ComboFix.exe

2008-04-18 00:31 . 2008-04-18 00:59 56,646,668 --a------ C:\Fernanda_Brum_Cura-me.rar

2008-04-15 00:09 . 2008-04-17 06:23 <DIR> dr-h----- C:\$VAULT$.AVG

2008-04-15 00:08 . 2008-04-15 00:29 43,063,777 --a------ C:\Toque_no_Altar_E_Impossivel_Mas_Deus_Pode_2007__www.zpoc.com.br.rar

2008-04-14 23:48 . 2008-04-18 20:34 <DIR> d-------- C:\Documents and Settings\Familia Soriano\Dados de aplicativos\AVG7

2008-04-14 23:45 . 2008-04-15 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\avg7

2008-04-14 23:17 . 2008-04-14 23:35 35,960,792 --a------ C:\avg75free_519a1276.exe

2008-04-11 00:51 . 2008-04-11 00:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-04-11 00:51 . 2008-04-11 00:51 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-04-11 00:51 . 2008-04-11 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-04-11 00:51 . 2008-04-11 00:51 <DIR> d-------- C:\Documents and Settings\Familia Soriano\Configuraþ§es locais

2008-04-09 20:19 . 2008-02-29 06:00 625,664 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-01 08:01 . 2008-04-09 21:46 3,488 --a------ C:\WINDOWS\svchost

2008-03-30 18:53 . 2008-03-30 22:20 <DIR> d-------- C:\Arquivos de programas\TVSuper3

2008-03-30 18:53 . 2004-01-14 14:45 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-30 18:53 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\Tabctl32.ocx

2008-03-30 18:53 . 2000-05-22 00:00 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX

2008-03-30 18:19 . 2008-03-30 18:19 <DIR> d-------- C:\Documents and Settings\Familia Soriano\Dados de aplicativos\WebCompiler3

2008-03-22 19:21 . 2008-03-22 19:21 <DIR> d-------- C:\!KillBox

2008-03-22 07:23 . 2008-03-26 21:53 <DIR> d-------- C:\hijackthis

2008-03-21 17:13 . 2008-03-21 17:14 212,849 --a------ C:\hijackthis.zip

2008-03-21 12:17 . 2008-03-21 12:13 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-03-21 12:12 . 2008-03-22 04:34 <DIR> d-------- C:\Documents and Settings\Familia Soriano\.housecall6.6

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 23:34 --------- d-----w C:\Arquivos de programas\eMule

2008-04-18 00:13 --------- d-----w C:\Arquivos de programas\Symantec AntiVirus

2008-04-15 02:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft

2008-04-10 00:43 47,360 ----a-w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\pcouffin.sys

2008-04-10 00:43 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\Vso

2008-04-02 02:50 --------- d-----w C:\Arquivos de programas\SiteAdvisor

2008-03-21 20:12 --------- d-----w C:\Documents and Settings\Familia Soriano\Dados de aplicativos\SiteAdvisor

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-10 03:04 15,129,632 ----a-w C:\Arquivos de programas\IE8-WindowsXP-x86-ENU.exe

2008-03-07 23:45 --------- d-----w C:\Arquivos de programas\Google

2008-03-05 23:14 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-03-05 13:24 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-03-05 11:49 --------- d-----w C:\Arquivos de programas\DVD Region-Free

2008-03-05 11:38 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-03-03 03:32 --------- d-----w C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 20:36 9,896 ----a-w C:\Arquivos de programas\megaupload_sx.3.2-3.2-fx.xpi

2008-02-14 02:27 691,545 ----a-w C:\WINDOWS\unins000.exe

2007-12-15 12:18 7,237,952 ----a-w C:\Arquivos de programas\vsoConvertXtoDVD2_setup.exe

2007-07-20 02:51 468,253 ----a-w C:\Arquivos de programas\CCleaner.rar

2005-06-13 15:29 48 ----a-w C:\Arquivos de programas\Leia-me.txt

.

 

((((((((((((((((((((((((((((( snapshot@2008-04-11_ 0.49.35.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-01 12:35:02 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll

+ 2008-03-01 12:35:02 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll

+ 2008-03-01 12:35:02 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll

+ 2008-03-01 12:35:02 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll

+ 2008-03-01 12:35:02 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll

+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe

+ 2008-03-01 12:35:02 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll

+ 2008-03-01 12:35:02 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat

+ 2008-03-01 12:35:02 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll

+ 2008-03-01 12:35:02 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll

+ 2008-03-01 12:35:04 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll

+ 2008-03-01 12:35:04 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll

+ 2008-03-01 12:35:04 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll

+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe

+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

+ 2008-03-01 12:35:04 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll

+ 2008-03-01 12:35:04 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll

+ 2008-03-01 12:35:04 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll

+ 2008-03-01 12:35:05 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

+ 2008-03-01 12:35:06 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll

+ 2008-03-01 12:35:06 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll

+ 2008-03-01 12:35:06 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll

+ 2008-03-01 12:35:06 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll

+ 2008-03-01 12:35:06 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll

+ 2008-03-01 12:35:06 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll

+ 2008-03-01 12:35:07 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll

+ 2008-03-01 12:35:07 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll

+ 2008-03-01 12:35:07 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe

+ 2007-03-06 01:00:54 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll

+ 2007-10-08 02:27:34 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

+ 2008-04-18 23:29:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2007-12-07 02:09:20 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll

+ 2007-12-19 22:53:59 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll

+ 2007-12-07 02:09:20 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll

+ 2007-12-07 02:09:20 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll

+ 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll

+ 2007-12-06 11:05:55 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe

+ 2007-12-07 02:09:20 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll

+ 2007-12-07 02:09:20 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll

+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll

+ 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll

+ 2007-12-07 02:09:20 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll

+ 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll

+ 2007-12-07 02:09:21 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll

+ 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll

+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe

+ 2007-12-06 11:06:21 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe

+ 2007-12-07 02:09:21 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll

+ 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll

+ 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll

+ 2007-12-08 05:09:22 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll

+ 2007-12-07 02:09:22 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll

+ 2007-12-07 02:09:22 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll

+ 2007-12-07 02:09:22 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll

+ 2007-12-07 02:09:22 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll

+ 2008-01-11 05:37:21 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:09:22 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll

+ 2007-12-07 02:09:22 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll

+ 2007-12-07 02:09:22 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll

+ 2007-12-07 02:09:22 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

+ 2008-02-14 22:48:19 2,678 ----a-w C:\WINDOWS\java\Packages\Data\8YU4HJVB.DAT

+ 2008-02-14 22:48:20 2,678 ----a-w C:\WINDOWS\java\Packages\Data\9JNVVRD3.DAT

+ 2008-02-14 22:48:21 2,678 ----a-w C:\WINDOWS\java\Packages\Data\B9NL33ZP.DAT

+ 2008-02-14 22:48:27 2,678 ----a-w C:\WINDOWS\java\Packages\Data\DRDBNLNH.DAT

+ 2007-06-19 13:01:20 2,232 ----a-w C:\WINDOWS\java\Packages\Data\JLJRX317.DAT

+ 2008-02-14 22:48:19 2,678 ----a-w C:\WINDOWS\java\Packages\Data\RHNLFRNT.DAT

+ 2007-06-22 04:50:00 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin

+ 2001-10-28 15:06:40 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV

+ 2001-10-28 15:07:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV

+ 2001-10-28 15:07:28 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV

+ 2001-10-28 15:07:34 2,176 ----a-w C:\WINDOWS\system\VGA.DRV

- 2007-12-07 02:09:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-03-01 13:02:08 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2004-08-04 03:57:52 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin

- 2007-12-07 02:09:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-03-01 13:02:08 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2004-08-04 02:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys

- 2007-12-19 22:53:59 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-03-01 13:02:09 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-03-01 13:02:09 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-07 02:09:20 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-03-01 13:02:09 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-03-01 13:02:09 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-12-06 11:05:55 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-02-29 08:59:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-03-01 13:02:09 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-12-07 02:09:20 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-03-01 13:02:09 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-03-01 13:02:09 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-03-01 13:02:09 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-03-01 13:02:10 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2007-12-07 02:09:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-03-01 13:02:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-03-01 13:02:10 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2007-12-07 02:09:21 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-03-01 13:02:10 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2001-10-28 15:06:40 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv

+ 2001-10-28 15:06:56 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll

+ 2001-10-28 15:07:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv

- 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-03-01 13:02:10 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-03-01 13:02:10 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-12-08 05:09:22 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-03-01 21:32:12 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-12-07 02:09:22 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-03-01 13:02:12 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-12-07 02:09:22 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-01 13:02:12 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-12-07 02:09:22 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-01 13:02:12 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2001-10-28 15:07:12 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys

- 2007-12-07 02:09:22 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-03-01 13:02:12 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-01-11 05:37:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-03-01 13:02:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2001-10-28 15:07:28 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv

- 2007-12-07 02:09:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-03-01 13:02:12 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2007-12-07 02:09:22 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-03-01 13:02:12 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2001-10-28 15:07:34 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv

- 2007-12-07 02:09:22 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-03-01 13:02:12 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-12-07 02:09:22 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-03-01 13:02:12 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2001-10-28 15:07:46 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll

+ 2001-10-28 15:07:46 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe

+ 2001-10-28 15:07:48 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe

- 2007-10-23 01:32:04 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys

+ 2008-04-15 02:46:19 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys

- 2007-06-19 11:00:29 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys

+ 2008-04-15 02:46:54 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys

- 2007-06-19 11:00:30 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys

+ 2008-04-15 02:46:54 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys

- 2007-12-29 01:27:18 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys

+ 2008-04-15 02:45:53 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys

- 2007-12-29 01:27:05 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys

+ 2008-04-15 02:45:45 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys

- 2007-06-19 11:00:31 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys

+ 2008-04-15 02:45:50 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys

+ 2004-08-04 02:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys

+ 2001-10-28 15:07:12 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys

- 2007-12-19 22:53:59 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-03-01 13:02:09 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-03-01 13:02:09 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-07 02:09:20 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-03-01 13:02:09 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2007-12-07 02:09:20 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-03-01 13:02:09 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-12-06 11:05:55 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-02-29 08:59:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-03-01 13:02:09 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-12-07 02:09:20 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-03-01 13:02:09 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-12-07 02:09:20 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-03-01 13:02:09 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-03-01 13:02:09 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-03-01 13:02:10 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-12-07 02:09:21 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-03-01 13:02:10 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-12-07 02:09:21 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-03-01 13:02:10 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-12-07 02:09:21 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-01 13:02:10 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2001-10-28 15:06:40 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv

+ 2001-10-28 15:06:56 2,560 ----a-w C:\WINDOWS\system32\lz32.dll

+ 2001-10-28 15:07:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv

- 2007-12-07 02:09:21 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-03-01 13:02:10 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-12-07 02:09:21 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-03-01 13:02:10 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-12-08 05:09:22 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-03-01 21:32:12 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 02:09:22 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-03-01 13:02:12 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-12-07 02:09:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-03-01 13:02:12 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-12-07 02:09:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-03-01 13:02:12 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2001-10-28 15:07:08 2,656 ----a-w C:\WINDOWS\system32\netware.drv

- 2007-12-07 02:09:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-03-01 13:02:12 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-01-11 05:37:21 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-03-01 13:02:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2001-10-28 15:07:28 1,744 ----a-w C:\WINDOWS\system32\sound.drv

+ 2002-12-25 06:00:00 2,251 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A2X081.DAT

+ 2002-12-25 06:00:00 2,251 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_c439909\E_A2X081.DAT

- 2007-12-07 02:09:22 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-03-01 13:02:12 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-12-07 02:09:22 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-03-01 13:02:12 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2001-10-28 15:07:34 2,176 ----a-w C:\WINDOWS\system32\vga.drv

- 2007-12-07 02:09:22 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-03-01 13:02:12 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2001-10-28 15:07:46 2,864 ----a-w C:\WINDOWS\system32\winsock.dll

+ 2001-10-28 15:07:46 2,112 ----a-w C:\WINDOWS\system32\winspool.exe

+ 2001-10-28 15:07:48 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"eMuleAutoStart"="C:\Arquivos de programas\eMule\emule.exe" [2007-05-13 11:57 5308416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 22:21 16270848 C:\WINDOWS\RTHDCPL.EXE]

"SiteAdvisor"="C:\Arquivos de programas\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 12:42 36904]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"AVG7_CC"="C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 08:14 579584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

"AVG7_Run"="C:\ARQUIV~1\Grisoft\AVG7\avgw.exe" [2008-04-14 23:46 219136]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARQUIV~1\DVDREG~1\DVDShell.dll [2003-08-26 10:58 49152]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Arquivos de programas\\Grisoft\\AVG7\\avgemc.exe"=

 

 

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-04-14 23:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 23:03:53

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-04-18 23:08:49

ComboFix-quarantined-files.txt 2008-04-19 02:07:39

ComboFix2.txt 2008-04-11 03:51:18

ComboFix3.txt 2008-04-07 02:36:14

ComboFix4.txt 2008-03-27 00:42:41

 

Pre-Run: 46,053,679,104 bytes disponíveis

Post-Run: 46,076,297,216 bytes disponíveis

.

2008-04-11 14:58:35 --- E O F ---

[eliabner 0]

hoje o micro ficou super lento, a ponto do windows exibir mensagem de memória insuficiente para continuar o processo, que no momento estava com Nero aberto., reiniciei 2 x e não resolveu.

[jgarcia 1]

Opa eliabner,

 

Você já tentou reinicializar a máquina em modo seguro?

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.