[Arquivado] sumiu minha área de trabalho

[brunoricetti 0]

boa noite

sou novo no fórum e estou com um grande problema:

sumiu minha área de trabalho e todos os outros itens, só aparece o papel de parede.

gostaria muito de contar com a ajuda de vcs para resolver esse problema

Scan saved at 22:53:31, on 17/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

F2 - REG:system.ini: Shell=

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: PhotoPos Pro Toolbar - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\ARQUIV~1\PHOTOP~1\PHOTOP~1.DLL

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: PhotoPos Pro Toolbar - {A057A204-BACC-4D26-9F9D-3BEFCFBE6E86} - C:\ARQUIV~1\PHOTOP~1\PHOTOP~1.DLL

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Arquivos de programas\free-downloads.net\tbfree.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CreatEmotions Check] "C:\Arquivos de programas\CreatEmotions Preview Pack\Control Center\CEPreviewCC.exe" /CheckRelease

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ClamWin] "C:\Arquivos de programas\ClamWin\bin\ClamTray.exe" --logon

O4 - HKLM\..\Run: [spySweeper] C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKLM\..\Run: [winlogon] C:\Arquivos de programas\msnspy\svchost.exe

O4 - HKLM\..\RunOnce: [ GbPluginCef] RunDll32.exe C:\ARQUIV~1\GbPlugin\gbiehcef.dll,Gbieh

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [explorer] C:\Arquivos de programas\mcae.exe

O4 - HKCU\..\Run: [Pandora] "C:\Arquivos de programas\gnrdb.exe"

O4 - HKCU\..\Run: [kutorkt] c:\windows\sistem32\kutorkt.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Arquivos de programas\Video Add-on\isfmntr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: XFCE Menu (andLinux).lnk = C:\Arquivos de programas\andLinux\Launcher\menu.exe

O4 - Global Startup: Xming (andLinux).lnk = C:\Arquivos de programas\andLinux\Xming\Xming.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\xdogcat.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\xdogcat.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\xdogcat.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\xdogcat.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - http://www.yoyogames.com/downloads/activex/YoYo.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{24938F43-2024-44B3-8A1C-1C92BEDA443D}: NameServer = 172.16.100.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{24938F43-2024-44B3-8A1C-1C92BEDA443D}: NameServer = 172.16.100.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{24938F43-2024-44B3-8A1C-1C92BEDA443D}: NameServer = 172.16.100.1

O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O23 - Service: andLinux - Unknown owner - C:\Arquivos de programas\andLinux\colinux-daemon.exe (file missing)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gerenciador do Google Desktop 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Unknown owner - C:\Arquivos de programas\iPod\bin\iPodService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 11542 bytes

[jgarcia 1]

Opa brunoricetti,

 

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txt em sua próxima resposta.

 

Abraços.

[brunoricetti 0]

boa noite.

eu executei o combofix porém ele abriu uma tela azul dizendo que havia sido encontrado um erro

e por segurança o windows foi fechado.

obrigado pela atenção.abraço

[jgarcia 1]

boa noite.

eu executei o combofix porém ele abriu uma tela azul dizendo que havia sido encontrado um erro

e por segurança o windows foi fechado.

obrigado pela atenção.abraço

Repita o processo, mas agora em Modo Seguro. :thumbsup:

[brunoricetti 0]

boa tarde!!!

executei o combo fix em modo seguro e reiniciei dai meu desktop voltou...

muito obrigado pela ajuda..eo log criado foiComboFix 08-06-16.5 - Carlos Marcilio 2008-06-19 13:36:06.1 - NTFSx86 MINIMAL

Executando de: C:\Documents and Settings\Carlos Marcilio\Meus documentos\nova música\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\ADSTechnology

C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

C:\Arquivos de programas\ADSTechnology\ADSTechnology.exe

C:\Arquivos de programas\ADSTechnology\Uninstall.exe

C:\Arquivos de programas\gnrdb.exe

C:\Arquivos de programas\Helper

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

C:\WINDOWS\bobsaver.exe

C:\WINDOWS\bobsaver.scr

C:\WINDOWS\Help\svhost.txt

C:\WINDOWS\sysedir.dat

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))

.

 

2008-06-19 13:20 . 2008-06-19 13:20 <DIR> d-------- C:\WINDOWS\LastGood

2008-06-17 21:51 . 2008-06-17 21:51 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de rede

2008-06-17 21:46 . 2008-06-17 21:46 <DIR> d-------- C:\Documents and Settings\bruno\Dados de aplicativos\PHOTOPOSCOMTBR

2008-06-17 21:44 . 2007-08-23 22:07 <DIR> d--h----- C:\Documents and Settings\bruno\Modelos

2008-06-17 21:44 . 2007-08-23 18:43 <DIR> d-------- C:\Documents and Settings\bruno\Meus documentos

2008-06-17 21:44 . 2007-08-23 18:43 <DIR> dr------- C:\Documents and Settings\bruno\Menu Iniciar

2008-06-17 21:44 . 2007-08-23 18:43 <DIR> d-------- C:\Documents and Settings\bruno\Favoritos

2008-06-17 21:44 . 2007-08-23 18:43 <DIR> dr-h----- C:\Documents and Settings\bruno\Dados de aplicativos

2008-06-17 21:44 . 2008-06-19 13:39 <DIR> d--h----- C:\Documents and Settings\bruno\Configurações locais

2008-06-17 21:44 . 2007-08-23 18:43 <DIR> d--h----- C:\Documents and Settings\bruno\Ambiente de rede

2008-06-17 21:44 . 2007-08-23 18:43 <DIR> d--h----- C:\Documents and Settings\bruno\Ambiente de impressão

2008-06-17 21:44 . 2008-06-17 21:44 <DIR> d-------- C:\Documents and Settings\bruno

2008-06-17 21:29 . 2008-06-17 21:29 <DIR> dr------- C:\Documents and Settings\Administrador\Favoritos

2008-06-17 21:25 . 2008-06-17 21:25 <DIR> dr------- C:\Documents and Settings\Administrador\Meus documentos

2008-06-17 21:08 . 2006-08-31 02:47 25,856 --a------ C:\WINDOWS\system32\drivers\tap0801co.sys

2008-06-17 21:01 . 2008-06-17 21:01 <DIR> d-------- C:\bruno

2008-06-17 18:45 . 2008-06-17 18:45 <DIR> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files

2008-06-17 18:45 . 2008-06-17 18:45 <DIR> d---s---- C:\Documents and Settings\LocalService\Histórico

2008-06-15 13:40 . 2008-06-19 00:22 <DIR> d--h----- C:\Arquivos de programas\msnspy

2008-06-14 17:43 . 2008-04-14 12:52 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 17:43 . 2008-04-14 12:52 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-14 16:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-14 16:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-11 22:18 . 2008-06-11 22:18 <DIR> d-------- C:\Arquivos de programas\Champion Software

2008-06-09 19:18 . 2008-06-09 19:18 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-06-09 19:18 . 2008-06-09 19:18 <DIR> d--h----- C:\Documents and Settings\Administrador\Ambiente de impressão

2008-06-09 19:17 . 2008-06-09 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-06-09 19:17 . 2008-06-09 19:17 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-06-09 18:44 . 2008-06-09 19:14 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-06-09 18:44 . 2008-06-09 19:14 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos

2008-06-09 18:44 . 2008-06-19 13:39 <DIR> d--h----- C:\Documents and Settings\Administrador\Configurações locais

2008-06-09 18:44 . 2008-06-17 21:51 <DIR> d-------- C:\Documents and Settings\Administrador

2008-06-09 13:36 . 2008-06-09 13:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Dados de aplicativos\Webroot

2008-06-09 13:34 . 2008-06-09 13:34 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\Webroot

2008-06-09 13:34 . 2008-06-09 13:34 <DIR> d-------- C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\Webroot

2008-06-09 13:34 . 2008-06-09 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Webroot

2008-06-09 13:34 . 2008-06-09 13:34 <DIR> d-------- C:\Arquivos de programas\Webroot

2008-06-09 13:34 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll

2008-06-09 13:34 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys

2008-06-09 13:34 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys

2008-06-09 13:34 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys

2008-06-09 13:34 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys

2008-06-09 13:31 . 2008-06-09 13:31 164 --a------ C:\install.dat

2008-06-07 15:12 . 2008-06-17 22:40 <DIR> d-------- C:\Arquivos de programas\Anti Adware Pro Demo

2008-06-04 19:41 . 2008-06-09 19:15 <DIR> d-------- C:\Arquivos de programas\Disk Heal

2008-06-04 13:46 . 2008-06-04 13:46 <DIR> d-------- C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\.clamwin

2008-06-04 13:46 . 2008-06-09 19:17 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin

2008-06-04 13:46 . 2008-06-09 19:15 <DIR> d-------- C:\Arquivos de programas\ClamWin

2008-06-03 18:58 . 2008-06-03 18:58 <DIR> d-------- C:\!KillBox

2008-06-03 18:47 . 2008-06-03 18:47 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-06-03 16:11 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-31 15:44 . 2008-06-09 19:17 <DIR> d-------- C:\Arquivos de programas\mp3DirectCut

2008-05-31 13:35 . 2008-05-31 13:35 <DIR> d-------- C:\Arquivos de programas\JntMeego

2008-05-29 22:01 . 2008-05-29 22:01 <DIR> d-------- C:\temp_dvd

2008-05-29 22:00 . 2008-05-29 22:01 <DIR> d-------- C:\Arquivos de programas\Dvd-cloner

2008-05-29 21:21 . 2008-06-03 00:54 <DIR> d-------- C:\Arquivos de programas\free-downloads.net

2008-05-29 21:21 . 2008-05-29 21:21 <DIR> d-------- C:\Arquivos de programas\Conduit

2008-05-29 21:21 . 2008-05-29 21:21 <DIR> d-------- C:\Arquivos de programas\Alcohol Soft

2008-05-29 20:49 . 2008-05-29 20:49 <DIR> d-------- C:\Arquivos de programas\System Tuneup

2008-05-29 17:57 . 2008-06-15 13:40 14 --a------ C:\WINDOWS\system32\alsndmgr.dat

2008-05-29 12:51 . 2008-06-15 16:57 <DIR> d-------- C:\Downloads

2008-05-29 12:51 . 2008-06-16 00:44 <DIR> d-------- C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\Orbit

2008-05-29 12:51 . 2008-05-29 12:51 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-05-22 22:21 . 2008-05-22 22:21 <DIR> d-------- C:\ATI

2008-05-22 21:58 . 2008-05-22 21:58 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\InstallShield

2008-05-22 21:50 . 2008-05-22 21:50 <DIR> d-------- C:\Arquivos de programas\EA Games

2008-05-22 21:50 . 2004-06-16 06:03 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl

2008-05-22 21:29 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-05-22 14:31 . 2008-05-22 14:31 <DIR> d-------- C:\Arquivos de programas\KONAMI

2008-05-22 13:28 . 2007-03-14 20:25 264,063 --a------ C:\MiniImage.rar

2008-05-22 13:26 . 2008-05-23 01:36 <DIR> d-------- C:\Arquivos de programas\DaemonTools_WhenUSave_Installer

2008-05-22 13:25 . 2008-06-15 14:46 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2008-05-22 13:19 . 2008-05-29 21:20 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-22 13:17 . 2008-05-22 13:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll

2008-05-22 12:07 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-22 12:07 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-22 10:38 . 2008-05-22 10:38 <DIR> d-------- C:\Documents and Settings\Carlos Marcilio\Configuraþ§es locais

2008-05-20 12:03 . 2008-05-20 12:03 <DIR> d-------- C:\Arquivos de programas\CreatEmotions Preview Pack

2008-05-20 11:28 . 2008-05-20 11:29 <DIR> d-------- C:\Arquivos de programas\webGobbler

2008-05-20 11:28 . 2005-09-24 10:40 121,810 --a------ C:\WINDOWS\system32\webGobbler.scr

2008-05-20 11:06 . 2008-06-18 23:49 <DIR> d-------- C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\photoposcomtbr

2008-05-20 11:06 . 2008-05-20 11:06 <DIR> d-------- C:\Arquivos de programas\PowerOfSoftware Ltd

2008-05-20 11:06 . 2008-05-20 11:06 <DIR> d-------- C:\Arquivos de programas\photoposcomtbr

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 16:33 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-06-19 16:30 --------- d-----w C:\Arquivos de programas\Spyware Doctor

2008-06-18 16:50 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-06-17 21:51 --------- d-----w C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\LimeWire

2008-06-15 17:45 --------- d-----w C:\Arquivos de programas\BraZip

2008-06-02 22:19 --------- d-----w C:\Arquivos de programas\LimeWire

2008-05-26 15:18 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-05-25 21:57 --------- d-----w C:\Arquivos de programas\MegaCubo

2008-05-23 00:50 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-05-23 00:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-05-22 17:02 --------- d-----w C:\Arquivos de programas\DreMule

2008-05-20 14:03 --------- d-----w C:\Arquivos de programas\SpeedyiTunes

2008-05-16 16:50 --------- d-----w C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\speedyitunes

2008-05-11 13:45 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Bcgsoft

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 16:32 --------- d-----w C:\Arquivos de programas\Photo!

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-06 23:06 --------- d-----w C:\Arquivos de programas\Java

2008-04-29 23:49 --------- d-----w C:\Documents and Settings\Carlos Marcilio\Dados de aplicativos\Apple Computer

2008-04-29 23:49 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-04-29 23:49 --------- d-----w C:\Arquivos de programas\iTunes

2008-04-21 07:02 661,504 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-02 13:49 287,744 ----a-w C:\WINDOWS\system32\XDogcat.dll

2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-25 19:53 13,987 ----a-w C:\Documents and Settings\Carlos Marcilio\xrt_log.dat

2008-02-23 22:12 375,296 ----a-w C:\Arquivos de programas\mdn.exe

2007-12-14 17:41 36,608 ----a-w C:\Documents and Settings\Carlos Marcilio\xrt_knoo.exe

2007-09-15 23:51 1,259,088 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\pswi_preloaded.exe

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-10-15 03:43 88 --sh--r C:\WINDOWS\system32\0D363A4D67.sys

2007-10-15 03:43 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}]

2007-10-16 15:58 1923584 --a------ C:\ARQUIV~1\PHOTOP~1\PHOTOP~1.DLL

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

2008-02-14 14:54 1555480 --a------ C:\Arquivos de programas\free-downloads.net\tbfree.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}"= "C:\ARQUIV~1\PHOTOP~1\PHOTOP~1.DLL" [2007-10-16 15:58 1923584]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Arquivos de programas\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9f9d-3befcfbe6e86}]

[HKEY_CLASSES_ROOT\photoposcomtbr.PHOTOPOSCOMTBR]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}"= C:\ARQUIV~1\PHOTOP~1\PHOTOP~1.DLL [2007-10-16 15:58 1923584]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Arquivos de programas\free-downloads.net\tbfree.dll [2008-02-14 14:54 1555480]

 

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9f9d-3befcfbe6e86}]

[HKEY_CLASSES_ROOT\photoposcomtbr.PHOTOPOSCOMTBR]

 

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-22 13:44 68856]

"kutorkt"="c:\windows\sistem32\kutorkt.exe" [ ]

"AlcoholAutomount"="C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 08:30 217544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 20:19 79224]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 09:00 33280 C:\WINDOWS\system32\rundll32.exe]

"Google Desktop Search"="C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-26 14:21 29744]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

"iTunesHelper"="C:\Arquivos de programas\iTunes\iTunesHelper.exe" [2005-12-20 20:54 278528]

"CreatEmotions Check"="C:\Arquivos de programas\CreatEmotions Preview Pack\Control Center\CEPreviewCC.exe" [2006-11-07 15:31 804864]

"DAEMON Tools"="C:\Arquivos de programas\DAEMON Tools\daemon.exe" [2006-11-12 07:48 157592]

"ISUSPM Startup"="C:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03 221184]

"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]

"ClamWin"="C:\Arquivos de programas\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]

"SpySweeper"="C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-02-22 13:44:14 125624]

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-05-29 12:51:41 1678536]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoScrSavPage"= 0 (0x0)

"NoDispApprearancePage"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

"NoStartMenuEjectPC"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"NoRecycleFiles"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoStartMenuEjectPC"= 1 (0x1)

"NoLogoff"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= C:\Arquivos de programas\GbPlugin\gbiehcef.dll [2008-03-05 11:29 341576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

C:\Arquivos de programas\GbPlugin\gbiehcef.dll 2008-03-05 11:29 341576 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\ARQUIV~1\Google\GOOGLE~2\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2005-05-02 13:00 69632 C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

-ra------ 2006-10-05 10:13 114688 C:\WINDOWS\system32\hkcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

-ra------ 2006-10-05 10:11 98304 C:\WINDOWS\system32\igfxtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-26 04:29 7700480 C:\WINDOWS\system32\NvCpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-26 04:29 86016 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-26 04:29 1622016 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

-ra------ 2006-10-05 10:10 94208 C:\WINDOWS\system32\igfxpers.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Arquivos de programas\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-12-17 13:00 16062464 C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-05-15 13:00 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\UOL\\UIM\\uim.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\theduel.exe"=

"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Arquivos de programas\\LevelUpGames\\The Duel\\GunzLauncher.exe"=

"C:\\WINDOWS\\system32\\ac3config.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Documents and Settings\\Carlos Marcilio\\Meus documentos\\piano\\NetPianoServer.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\KONAMI\\Winning Eleven 2007\\we2007.exe"=

"C:\\Arquivos de programas\\MegaCubo\\megacubo.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Brazilian\\setup.exe"=

 

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

S2 andLinux;andLinux;"C:\Arquivos de programas\andLinux\colinux-daemon.exe" --run-service andLinux @C:\ARQUIV~1\andLinux\settings.txt []

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

S2 CoLinuxDriver;CoLinuxDriver;C:\Arquivos de programas\andLinux\linux.sys []

S2 NwSapAgent;Agente SAP;C:\WINDOWS\system32\svchost.exe [2004-08-04 09:00]

S3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 02:50]

S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 18:45]

S3 GoogleDesktopManager-121807-210419;Gerenciador do Google Desktop 5.7.712.18632;"C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-26 14:21]

S3 tap0801co;TAP-Win32 Adapter V8 (coLinux);C:\WINDOWS\system32\DRIVERS\tap0801co.sys [2006-08-31 02:47]

S3 XDva033;XDva033;C:\WINDOWS\system32\XDva033.sys []

S3 XDva038;XDva038;C:\WINDOWS\system32\XDva038.sys []

S3 XDva074;XDva074;C:\WINDOWS\system32\XDva074.sys []

S3 XDva095;XDva095;C:\WINDOWS\system32\XDva095.sys []

S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []

 

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-05-02 18:05:27 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Arquivos de programas\Norton Security Scan\Nss.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 13:39:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\tsd32.dll

.

Tempo para conclusão: 2008-06-19 13:40:20

ComboFix-quarantined-files.txt 2008-06-19 16:40:07

 

Pre-Run: 109,220,274,176 bytes disponíveis

Post-Run: 109,220,257,792 bytes disponíveis

 

305 --- E O F --- 2008-06-15 00:32:13

abraço obrigado...

[jgarcia 1]

Opa brunoricetti,

 

Siga as instruções:

 

1. Reinicie em Modo Seguro.

 

2. Abra o Bloco de Notas -> Copie (Control + C) e Cole (Control + V) todo o texto incluído no "Quote":

File::

C:\Documents and Settings\All Users\Dados de aplicativos\pswi_preloaded.exe

C:\Documents and Settings\Carlos Marcilio\xrt_knoo.exe

C:\Arquivos de programas\Video Add-on\isfmntr.exe

C:\Arquivos de programas\free-downloads.net\tbfree.dll

C:\Arquivos de programas\msnspy\svchost.exe

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

C:\Arquivos de programas\mdn.exe

C:\Arquivos de programas\mcae.exe

C:\Arquivos de programas\gnrdb.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\alsndmgr.dat

C:\WINDOWS\system32\webGobbler.scr

C:\WINDOWS\sistem32\kutorkt.exe

C:\install.dat

Folder::

C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

C:\Arquivos de programas\DaemonTools_WhenUSave_Installer

C:\Arquivos de programas\Video Add-on

C:\Arquivos de programas\free-downloads.net

C:\Arquivos de programas\webGobbler

C:\ARQUIV~1\GbPlugin

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9f9d-3befcfbe6e86}]

[-HKEY_CLASSES_ROOT\photoposcomtbr.PHOTOPOSCOMTBR]

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9F9D-3BEFCFBE6E86}"=-

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-

[-HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9f9d-3befcfbe6e86}]

[-HKEY_CLASSES_ROOT\photoposcomtbr.PHOTOPOSCOMTBR]

[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"kutorkt"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

ATENÇÃO: O script acima foi elaborado especifícamente para a infecção contida neste computador. Utilizá-lo em outra máquina poderá originar graves problemas ao usuário.

• 3. Salve o arquivo como CFScript.txt;
   
  4. Tal como exemplificado na foto abaixo, arraste o arquivo CFScript.txt para o ComboFix.exe.
  
   
  5. Ao término do processo a ferramenta irá gerar um log. Poste-o (C:\ComboFix.txt) em sua próxima resposta, juntamente com um novo log do HijackThis.
  

Abraços.

[brunoricetti 0]

boa noite.

desculpe a minha ignorância, mas sera q você poderia me explicar mais detalhadamente esse ultimo processo?

Eu tentei de várias maneiras mas não consegui.

obrigado pela paciência.

abraço

[jgarcia 1]

boa noite.

desculpe a minha ignorância, mas sera q você poderia me explicar mais detalhadamente esse ultimo processo?

Eu tentei de várias maneiras mas não consegui.

obrigado pela paciência.

abraço

Você deve abrir o Bloco de Notas (Notepad) > Selecionar todo o conteúdo do texto em QUOTE > Dar um clique-direito > Selecionar Copiar > Selecionar a página aberta do Bloco de Notas > Clique-direito > Selecionar Colar > Salvar o documento como CFScript > Fechá-lo.

 

Depois você deverá arrastar o documento criado (CFScript) para dentro do ComboFix, tal como exemplificado abaixo:

 

 

Aguarde que o ComboFix execute a varredura e poste o log gerado ao fim do processo.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.