[Arquivado] Análise de log

survivorman · Julho 23, 2008

MEU PC FICO LENTO DERRENPE,MINHA TAXA DE DOWNLOAD BAIXA TBM,

OLHA Q EXEÇÃO DO FIREWALL ESTÁ DESBLOQUEADA. AGARDO RESPOSTAS OBG DESDE JÁ! :)

Logfile of HijackThis v1.99.1

Scan saved at 22:23 , on 22/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\sm56hlpr.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\ARQUIV~1\AVG\AVG8\avgfws8.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Micro\Meus documentos\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com//

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\pc tools\lsp\pctlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{65F7D34F-611B-464D-8696-689E3BD6B82C}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{65F7D34F-611B-464D-8696-689E3BD6B82C}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgfws8.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Silas Martins · Julho 23, 2008

Log Limpo

survivorman · Julho 26, 2008

OBRIGADO SILAS PELO ANALISE :thumbsup:

MAS ESTOU COM PROBLEMINHA AQUI NO PROGRAMA SYSFADER.

APARECE ESSE LOG DE ERRO,QUANDO ABRO ALGUMAS PAGINAS PELO IE! :blush:

SYSFADER.IEXPLORE.EXE-ERROD E APLICATIVO...MEMÓRIA TAL,FEZREFERNCIA TAL,MEMÓRIA NÃO PODE SER RE..deu

branco.

JÁ FIZ SCAM EM TODAS ÁREAS COM ANTI-VÍRUS E ANTI-SPYWARE,MALWARE,WORS ETC...SISTEMA LIMPO!

SÉRA É PROLEMA COM MEU IE?! ME AJUDEM PLEASE...OBG GRANDE ABRAÇO Á TODOS !

Silas Martins · Julho 26, 2008

Baixe o ComboFix e salve na área de trabalho.

Feche todos os programas.

Clique duas vezes sobre combofix.exe e tecle (1) logo após aperte Enter para continuar.

O ComboFix irá reiniciar seu computador automaticamente, isto faz parte do processo de remoção.

Ao se encerrar, será gerado um log, que vai estar em C:\ComboFix.txt.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo um novo log do HijackThis juntamente com o ComboFix.txt

survivorman · Julho 26, 2008

SILAS MARTINS,FIZ TUDO CERTO COMO VOCE INDICOU SEGUE OS LOGS!

COMBOFIX:

ComboFix 08-07-25.7 - Micro 2008-07-26 12:06:19.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.207 [GMT -3:00]

Executando de: C:\Documents and Settings\Micro\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\pskill.exe

C:\WINDOWS\system32\sysdm.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-26 to 2008-07-26 ))))))))))))))))))))))))))))))))

.

2008-07-25 19:44 . 2008-07-25 19:44 <DIR> d-------- C:\WINDOWS\Sun

2008-07-25 11:59 . 2008-07-25 11:59 <DIR> d-------- C:\Documents and Settings\Micro\Ambiente de rede

2008-07-23 20:59 . 2008-07-23 20:59 <DIR> d-------- C:\Documents and Settings\Micro\Dados de aplicativos\Franckey

2008-07-23 16:25 . 2008-07-23 21:12 <DIR> d-------- C:\Arquivos de programas\Opera

2008-07-21 22:41 . 2008-07-21 22:41 <DIR> d-------- C:\!KillBox

2008-07-21 11:47 . 2008-07-21 11:47 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2008-07-18 16:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-14 16:15 . 2008-07-14 16:15 <DIR> d-------- C:\Documents and Settings\Micro\Dados de aplicativos\Malwarebytes

2008-07-14 16:14 . 2008-07-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-07-14 16:14 . 2008-07-14 16:15 <DIR> d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-07-14 16:14 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-14 16:14 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-13 21:25 . 2008-07-13 21:25 <DIR> d-------- C:\Arquivos de programas\CCleaner

2008-07-08 17:06 . 2006-08-16 08:59 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll

2008-07-07 22:52 . 2008-07-07 23:02 <DIR> d-------- C:\Arquivos de programas\CyberScript32

2008-07-04 21:28 . 2008-07-04 21:28 <DIR> d-------- C:\Arquivos de programas\Marcos Velasco Security

2008-06-26 21:16 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-06-26 21:16 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-26 14:58 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-07-26 14:57 --------- d-----w C:\Arquivos de programas\Spyware Doctor

2008-07-25 17:59 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-24 00:05 --------- d-----w C:\Arquivos de programas\DivX

2008-07-23 01:14 --------- d-----w C:\Arquivos de programas\Google

2008-07-22 22:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-07-21 15:07 --------- d-----w C:\Arquivos de programas\Java

2008-07-18 19:04 --------- d-----w C:\Arquivos de programas\LimeWire

2008-07-17 00:25 --------- d-----w C:\Arquivos de programas\DreMule

2008-07-14 00:25 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-07-10 13:34 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\avg8

2008-07-07 17:08 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-25 20:22 --------- d-----w C:\Documents and Settings\Micro\Dados de aplicativos\Styler

2008-06-25 20:22 --------- d-----w C:\Arquivos de programas\TuneUp Utilities 2008

2008-06-25 20:20 --------- d-----w C:\Arquivos de programas\WinFlip

2008-06-25 01:41 --------- d-----w C:\Arquivos de programas\Electronic Arts

2008-06-24 23:01 --------- d-----w C:\Documents and Settings\Micro\Dados de aplicativos\ViStart

2008-06-24 18:15 --------- d-----w C:\Arquivos de programas\Wallpapers

2008-06-24 18:15 --------- d-----w C:\Arquivos de programas\Fonts

2008-06-24 02:53 64,849 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-06-24 02:53 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-24 02:53 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 22:17 --------- d-----w C:\Arquivos de programas\MeMe

2008-06-19 20:12 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-06-19 20:12 45,568 ----a-w C:\WINDOWS\system32\avgfwdx.dll

2008-06-19 20:12 23,296 ----a-w C:\WINDOWS\system32\drivers\avgfwdx.sys

2008-06-19 20:12 12,936 ----a-w C:\WINDOWS\system32\drivers\avgrkx86.sys

2008-06-19 00:27 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PC Tools

2008-06-19 00:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\PC Tools

2008-06-19 00:25 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys

2008-06-18 17:59 --------- d-----w C:\Documents and Settings\LocalService\Dados de aplicativos\MEGAUPLOADTOOLBAR

2008-06-18 17:37 --------- d-----w C:\Documents and Settings\Micro\Dados de aplicativos\PC Tools

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 14:17 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-10 14:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

2008-06-05 19:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet

2008-06-05 19:01 --------- d-----w C:\Arquivos de programas\Bonjour

2008-06-05 19:01 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-05 18:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macrovision Shared

2008-06-03 14:23 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems

2008-05-27 02:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-05-16 17:13 2,279,424 ----a-w C:\WINDOWS\system32\TUKernel.exe

2008-05-10 15:04 839,680 ----a-w C:\WINDOWS\system32\xinstall.dll

2008-05-09 19:06 354,560 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2004-10-01 18:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

------- Sigcheck -------

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\explorer.exe

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\VCP_SAVE\explorer.exe

2007-06-13 10:21 977408 e2af4bc9e7859fdbbe6626c2b648b6bc C:\WINDOWS\VCP_TEMP\explorer.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 13:47 7311360]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 13:47 86016]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"RemoteControl"="C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"AudioDeck"="C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 07:28 540672]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-04-30 14:23 413696]

"AVG8_TRAY"="C:\ARQUIV~1\AVG\AVG8\avgtray.exe" [2008-07-25 14:59 1235736]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"nwiz"="nwiz.exe" [2005-11-11 13:47 1519616 C:\WINDOWS\system32\nwiz.exe]

"SMSERIAL"="sm56hlpr.exe" [2004-12-28 19:01 544768 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\Micro\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Documents and Settings\\All Users\\Dados de aplicativos\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Arquivos de programas\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"C:\\Arquivos de programas\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMIndexStoreSvr.exe"=

"C:\\Arquivos de programas\\Nero\\Nero 7\\Nero Vision\\NeroVision.exe"=

"C:\\Arquivos de programas\\DreMule\\emule.exe"=

"C:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"C:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"C:\\Arquivos de programas\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=

"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"888:TCP"= 888:TCP:TCP

"6346:TCP"= 6346:TCP:tcp

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-19 17:12]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 00:38]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 00:39]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-25 14:59]

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-18 21:25]

R2 avg8emc;AVG8 E-mail Scanner;C:\ARQUIV~1\AVG\AVG8\avgemc.exe [2008-07-25 14:59]

R2 avg8wd;AVG8 WatchDog;C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe [2008-07-25 14:59]

R2 avgfws8;AVG8 Firewall;C:\ARQUIV~1\AVG\AVG8\avgfws8.exe [2008-07-25 14:59]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-19 17:12]

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:45]

R2 xinstall;xinstall;C:\WINDOWS\system32\drivers\xinstall.sys [2008-05-10 12:04]

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-19 17:12]

S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-19 17:12]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-09 16:06]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-07-26 C:\WINDOWS\Tasks\1-Click Maintenance.job - s !CC:\Arquivos de programas\TuneUp Utilities 2008\OneClickStarter.exe/schedulestartMicro,Runs 1-Click Maintenance at specified times0 0<0 []

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{65F7D34F-611B-464D-8696-689E3BD6B82C}: NameServer = 200.204.0.10 200.204.0.138

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-26 12:09:27

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0