Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Fred Bracher

[Resolvido!]  explorer.exe abre e fecha toda hr Log para analise PLEAS

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 18:08, on 2008-07-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\Arquivos de programas\McAfee\VirusScan\McShield.exe

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\imapi.exe

c:\ARQUIV~1\mcafee\virusscan\mcvsshld.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\McAfee\VirusScan\mcsysmon.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Winpooch] C:\Arquivos de programas\Winpooch\Winpooch.exe

O4 - HKLM\..\Run: [Vistadrv] C:\Arquivos de programas\VistaDrives\vsdrv.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Administrador\lsass.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [bM6f78b3f4] Rundll32.exe "C:\WINDOWS\system32\lbbpnaau.dll",s

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [6c4b8068] rundll32.exe "C:\WINDOWS\system32\bjifqpqn.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214328035968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VirusScan\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

explorer.exe abre e fecha toda hr......McAfee mostra a mensagem q o trojan Vundo foi removido a cada 20 minutos mais ou menos..... por favor me ajudem naum consigo trabalhar !!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 23:58, on 2008-07-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\HijackThis.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\imapi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bM6f78b3f4] Rundll32.exe "C:\WINDOWS\system32\lbbpnaau.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214328035968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

 

 

Combofix naum salva Log....depois q reinicia o pc ele naum cria log e o pc continua com o mesmo problema !!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Fred Bracher,

 

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

 

E execute o combofix novamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-23.4 - Administrador 2008-07-29 14:21:23.8 - NTFSx86 NETWORK

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\iifefFuS.dll

C:\WINDOWS\system32\SuFfefii.ini

C:\WINDOWS\system32\SuFfefii.ini2

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 14:29 . 2008-07-29 14:29 22 --a------ C:\WINDOWS\pskt.ini

2008-07-29 14:28 . 2008-07-29 14:28 283,648 --a------ C:\WINDOWS\system32\ljJCrSJb.dll

2008-07-29 14:28 . 2008-07-29 14:28 345 --ahs---- C:\WINDOWS\system32\bJSrCJjl.ini2

2008-07-29 14:28 . 2008-07-29 14:33 345 --ahs---- C:\WINDOWS\system32\bJSrCJjl.ini

2008-07-27 22:33 . 2008-07-27 22:33 47,616 --a------ C:\7d871b16211c1f0.bup

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\srchasst

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-07-23 23:49 . 2008-07-23 23:49 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-23 23:49 . 2008-07-23 23:49 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-07-23 23:49 . 2008-07-23 23:49 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-07-23 18:00 . 2008-07-23 18:00 218,112 --a------ C:\HijackThis.exe

2008-07-23 13:07 . 2008-07-24 17:39 <DIR> d-------- C:\Arquivos de programas\Winpooch

2008-07-23 13:07 . 2006-07-16 18:48 1,073,152 --a------ C:\WINDOWS\system32\FreeImage.dll

2008-07-23 13:07 . 2007-04-21 00:38 516,096 --a------ C:\WINDOWS\system32\libclamav.dll

2008-07-23 12:13 . 2008-07-23 12:13 <DIR> d-------- C:\VundoFix Backups

2008-07-23 01:40 . 2008-07-23 01:40 <DIR> d-------- C:\Arquivos de programas\EA Sports

2008-07-22 14:23 . 2008-07-27 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-07-20 19:48 . 2008-07-20 19:48 244 --ah----- C:\sqmnoopt05.sqm

2008-07-20 19:48 . 2008-07-20 19:48 232 --ah----- C:\sqmdata05.sqm

2008-07-19 22:33 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-07-13 13:36 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-13 13:36 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-07-11 21:34 . 2003-07-17 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-07-11 21:34 . 2005-01-01 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-07-11 21:33 . 2008-07-11 21:33 <DIR> d-------- C:\Program Files

2008-07-11 21:16 . 2008-07-11 21:16 <DIR> d-------- C:\Arquivos de programas\OnGame

2008-07-11 20:06 . 2008-07-11 20:08 157,939,821 --a------ C:\GunBound_Brasil_Season2.exe

2008-07-08 23:55 . 2008-07-08 23:55 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-07-08 23:55 . 2008-07-08 23:55 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-07-08 23:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-08 22:56 . 2008-07-08 22:56 <DIR> d-------- C:\Arquivos de programas\Sierra

2008-07-04 13:53 . 2008-07-04 15:07 113 --a------ C:\WINDOWS\winzipme.ini

2008-07-03 18:06 . 2008-07-03 18:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-07-03 01:38 . 2008-07-03 01:43 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-07-03 01:37 . 2008-07-03 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-03 01:35 . 2008-07-03 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-07-03 01:35 . 2008-07-03 01:35 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-07-02 18:28 . 2008-07-02 18:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-07-02 18:25 . 2008-07-02 18:25 <DIR> d-------- C:\Arquivos de programas\Real

2008-07-02 18:25 . 2008-07-02 18:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-07-01 15:29 . 2008-07-13 13:36 <DIR> d-------- C:\WINDOWS\system32\ffdshow

2008-07-01 15:29 . 2008-07-01 15:29 <DIR> d-------- C:\Arquivos de programas\SourceTec

2008-07-01 15:29 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax

2008-07-01 15:29 . 2007-03-28 16:08 122,880 --a------ C:\WINDOWS\system32\stQTSource.ax

2008-07-01 13:11 . 2008-07-01 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-07-01 13:06 . 2008-07-01 13:06 <DIR> d-------- C:\Arquivos de programas\SRSLabs

2008-07-01 13:06 . 2008-07-01 13:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SRS

2008-07-01 13:04 . 2008-07-16 22:05 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-06-30 16:35 . 2008-07-01 14:31 <DIR> d-------- C:\Arquivos de programas\MediaCoder

2008-06-29 21:00 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-06-29 21:00 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-06-29 21:00 . 2006-09-24 12:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-06-29 21:00 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-06-29 21:00 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-06-29 21:00 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-06-29 21:00 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-06-29 21:00 . 2008-03-21 17:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-06-29 21:00 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-06-29 20:59 . 2008-06-29 21:00 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 20:59 . 2008-03-31 18:25 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-06-29 20:59 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-06-29 20:59 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-06-29 19:50 . 2008-06-29 19:50 <DIR> d-------- C:\Arquivos de programas\NeXus RV10 & MKV Filtres

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-22 17:59 --------- d-----w C:\Arquivos de programas\ESET

2008-07-09 01:56 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-30 19:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-06-30 19:32 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink

2008-06-26 13:23 --------- d-----w C:\Arquivos de programas\Infogrames

2008-06-26 12:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ATI

2008-06-26 11:54 --------- d-----w C:\Arquivos de programas\ATI Technologies

2008-06-26 11:54 --------- d-----w C:\Arquivos de programas\ATI

2008-06-25 20:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-06-25 20:31 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-06-24 17:41 --------- d-----w C:\Arquivos de programas\IObit

2008-06-24 15:21 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-06-24 06:38 137,728 ----a-w C:\WINDOWS\system32\qgigdnpd.dll

2008-06-24 06:35 131,584 ----a-w C:\WINDOWS\system32\lbbpnaau.dll

2008-06-22 15:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-06-20 18:53 --------- d-----w C:\Arquivos de programas\VIA

2008-06-20 18:52 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-06-20 18:45 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\ATI

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\Realtek Sound Manager

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\Realtek AC97

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\AvRack

2008-06-20 18:26 --------- d-----w C:\Arquivos de programas\Realtek

2008-06-20 18:25 44,544 ------w C:\WINDOWS\system32\byXPGYQi.dll

2008-06-20 18:24 14,336 ----a-w C:\Documents and Settings\Administrador\services.exe

2008-06-20 18:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-20 18:22 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-06-20 18:21 --------- d-----w C:\Arquivos de programas\MSBuild

2008-06-20 18:19 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-06-20 18:17 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2008-06-20 18:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-06-20 18:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-06-20 18:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-06-20 18:09 --------- d-----w C:\Arquivos de programas\Nero

2008-06-20 18:06 --------- d-----w C:\Arquivos de programas\CyberLink

2008-06-20 18:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-20 18:02 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-20 17:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VisualTaskTips

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VistaDrives

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VAIOXP

2008-06-20 17:42 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Windows Sidebar

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-06-20 17:34 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll

2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll

2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-06-03 00:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,292,288 ------w C:\WINDOWS\system32\dllcache\quartz.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-23_23.47.38.84 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW1504\_PerfCounter.dll

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW23344\_PerfCounter.dll

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2800\_PerfCounter.dll

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3272\_PerfCounter.dll

+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_aspnet_isapi.dll

+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_CORPerfMonExt.dll

+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_fusion.dll

+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_mscorjit.dll

+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_mscorlib.dll

+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_mscorsn.dll

+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_mscorsvr.dll

+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_mscorwks.dll

+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_msvcr71.dll

+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3928\_PerfCounter.dll

- 2008-07-23 21:58:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-07-27 21:29:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2008-07-23 21:58:18 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-07-27 21:29:31 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2006-12-02 01:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-02 01:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-02 01:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 01:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 03:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 03:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 03:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 03:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-02 03:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-02 03:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-02 03:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-02 03:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-02 03:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-02 03:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-02 03:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-02 03:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-02 03:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-02 03:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25b8cb39-6617-4d56-be60-e326e9e278dc}]

2008-06-24 03:38 137728 --a------ C:\WINDOWS\system32\qgigdnpd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E06327D-0415-475F-898B-6ACFB316073E}]

2008-06-20 15:25 44544 --------- C:\WINDOWS\system32\byXPGYQi.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB39AAFE-298D-4F07-A78B-AFA5CB2A912C}]

2008-07-29 14:28 283648 --a------ C:\WINDOWS\system32\ljJCrSJb.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 21:45 159744]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"BM6f78b3f4"="C:\WINDOWS\system32\lbbpnaau.dll" [2008-06-24 03:35 131584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Arquivos de programas\Windows Sidebar\sidebar.exe" [2007-01-29 23:21 1230848]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-06-11 14:47 366672]

"{4E06327D-0415-475F-898B-6ACFB316073E}"= "C:\WINDOWS\system32\byXPGYQi.dll" [2008-06-20 15:25 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-06-11 14:47 366672 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGYQi]

2008-06-20 15:25 44544 C:\WINDOWS\system32\byXPGYQi.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=qgigdnpd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"VIDC.YV12"= yv12vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ljJCrSJb

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

--a------ 2007-10-04 18:38 307200 C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-08-25 12:52 339968 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6f78b3f4]

--a------ 2008-06-24 03:35 131584 C:\WINDOWS\system32\lbbpnaau.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 21:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-05-15 15:55 1057328 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-05-15 15:55 1628208 C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2008-01-21 12:17 61440 C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-02 18:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

--a------ 2006-07-30 03:37 121089 C:\Arquivos de programas\VistaDrives\vsdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winpooch]

--a------ 2007-04-23 19:12 388096 C:\Arquivos de programas\Winpooch\Winpooch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Infogrames\\Grand Prix 4\\GP4.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R1 Winpooch;Winpooch kernel spy;C:\Arquivos de programas\Winpooch\Winpooch.sys [2007-04-23 19:12]

S3 S3chipid;S3chipid;C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f68b20f-3ef2-11dd-b478-000feaab79fe}]

\Shell\Auto\command - G:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

"C:\Arquivos de programas\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

"C:\Arquivos de programas\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

C:\WINDOWS\system32\hidec /W "C:\Arquivos de programas\VAIOXP\Tools\regtlib.exe" "C:\Arquivos de programas\Windows Sidebar\sidebar.exe"

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-26 01:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

- - - - ORFAOS REMOVIDOS - - - -

 

MSConfigStartUp-mcagent_exe - C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

 

 

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.globo.com/

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 14:28:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\byXPGYQi.dll

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\ljJCrSJb.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-29 14:36:44 - Maquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2008-07-29 17:36:22

ComboFix2.txt 2008-07-24 02:49:29

 

Pre-Run: 13 pasta(s) 21,534,310,400 bytes disponíveis

Post-Run: 16 pasta(s) 21,847,691,264 bytes dispon¡veis

 

388 --- E O F --- 2008-07-29 08:02:02

 

 

 

 

Depois de passar o combofix e criar o log passei o hijackthis como mostra o log abaixo

 

 

Logfile of HijackThis v1.99.1

Scan saved at 14:44:57, on 29/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\taskmgr.exe

C:\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\imapi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bM6f78b3f4] Rundll32.exe "C:\WINDOWS\system32\lbbpnaau.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214328035968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: qgigdnpd.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

obs. o problema continua

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\7d871b16211c1f0.bup

File::

C:\WINDOWS\pskt.ini

E:\autorun.exe

G:\Start.exe

Registry::

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f68b20f-3ef2-11dd-b478-000feaab79fe}]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

 

@- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-23.4 - Administrador 2008-07-30 0:56:08.9 - NTFSx86 MINIMAL

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt

 

FILE ::

C:\WINDOWS\pskt.ini

E:\autorun.exe

E:\AutoRun.exe

G:\Start.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\7d871b16211c1f0.bup\

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bJSrCJjl.ini

C:\WINDOWS\system32\bJSrCJjl.ini2

C:\WINDOWS\system32\ljJCrSJb.dll

E:\AutoRun.exe . . . . falha na exclusão

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))

.

 

2008-07-27 22:33 . 2008-07-27 22:33 47,616 --a------ C:\7d871b16211c1f0.bup

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\srchasst

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-07-23 23:49 . 2008-07-29 14:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-23 23:49 . 2008-07-29 14:36 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-07-23 23:49 . 2008-07-29 14:36 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-07-23 18:00 . 2008-07-23 18:00 218,112 --a------ C:\HijackThis.exe

2008-07-23 13:07 . 2008-07-24 17:39 <DIR> d-------- C:\Arquivos de programas\Winpooch

2008-07-23 13:07 . 2006-07-16 18:48 1,073,152 --a------ C:\WINDOWS\system32\FreeImage.dll

2008-07-23 13:07 . 2007-04-21 00:38 516,096 --a------ C:\WINDOWS\system32\libclamav.dll

2008-07-23 12:13 . 2008-07-23 12:13 <DIR> d-------- C:\VundoFix Backups

2008-07-23 01:40 . 2008-07-23 01:40 <DIR> d-------- C:\Arquivos de programas\EA Sports

2008-07-22 14:23 . 2008-07-27 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-07-20 19:48 . 2008-07-20 19:48 244 --ah----- C:\sqmnoopt05.sqm

2008-07-20 19:48 . 2008-07-20 19:48 232 --ah----- C:\sqmdata05.sqm

2008-07-19 22:33 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-07-13 13:36 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-13 13:36 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-07-11 21:34 . 2003-07-17 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-07-11 21:34 . 2005-01-01 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-07-11 21:33 . 2008-07-11 21:33 <DIR> d-------- C:\Program Files

2008-07-11 21:16 . 2008-07-11 21:16 <DIR> d-------- C:\Arquivos de programas\OnGame

2008-07-11 20:06 . 2008-07-11 20:08 157,939,821 --a------ C:\GunBound_Brasil_Season2.exe

2008-07-08 23:55 . 2008-07-08 23:55 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-07-08 23:55 . 2008-07-08 23:55 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-07-08 23:47 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-07-08 22:56 . 2008-07-08 22:56 <DIR> d-------- C:\Arquivos de programas\Sierra

2008-07-04 13:53 . 2008-07-04 15:07 113 --a------ C:\WINDOWS\winzipme.ini

2008-07-03 18:06 . 2008-07-03 18:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-07-03 01:38 . 2008-07-03 01:43 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-07-03 01:37 . 2008-07-03 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-03 01:35 . 2008-07-03 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-07-03 01:35 . 2008-07-03 01:35 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-07-02 18:28 . 2008-07-02 18:28 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-07-02 18:25 . 2008-07-02 18:25 <DIR> d-------- C:\Arquivos de programas\Real

2008-07-02 18:25 . 2008-07-02 18:27 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-07-01 15:29 . 2008-07-13 13:36 <DIR> d-------- C:\WINDOWS\system32\ffdshow

2008-07-01 15:29 . 2008-07-01 15:29 <DIR> d-------- C:\Arquivos de programas\SourceTec

2008-07-01 15:29 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax

2008-07-01 15:29 . 2007-03-28 16:08 122,880 --a------ C:\WINDOWS\system32\stQTSource.ax

2008-07-01 13:11 . 2008-07-01 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-07-01 13:06 . 2008-07-01 13:06 <DIR> d-------- C:\Arquivos de programas\SRSLabs

2008-07-01 13:06 . 2008-07-01 13:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\SRS

2008-07-01 13:04 . 2008-07-16 22:05 <DIR> d-------- C:\Arquivos de programas\XP Codec Pack

2008-06-30 16:35 . 2008-07-01 14:31 <DIR> d-------- C:\Arquivos de programas\MediaCoder

2008-06-29 21:00 . 2008-03-21 17:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-06-29 21:00 . 2008-01-10 09:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-06-29 21:00 . 2006-09-24 12:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-06-29 21:00 . 2004-01-25 13:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-06-29 21:00 . 2007-09-04 13:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-06-29 21:00 . 2008-01-10 09:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-06-29 21:00 . 2007-09-20 21:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-06-29 21:00 . 2008-03-21 17:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-06-29 21:00 . 2007-10-03 12:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-06-29 20:59 . 2008-06-29 21:00 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 20:59 . 2008-03-31 18:25 682,496 --a------ C:\WINDOWS\system32\divx.dll

2008-06-29 20:59 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-06-29 20:59 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-06-29 19:50 . 2008-06-29 19:50 <DIR> d-------- C:\Arquivos de programas\NeXus RV10 & MKV Filtres

2008-06-26 09:00 . 2008-06-26 09:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\ATI

2008-06-26 08:57 . 2008-06-26 08:57 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-06-26 08:54 . 2008-06-26 08:54 <DIR> d-------- C:\Arquivos de programas\ATI

2008-06-26 08:42 . 2008-06-26 08:42 <DIR> d-------- C:\ATI

2008-06-25 19:40 . 2008-07-16 15:13 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-06-25 17:31 . 2008-06-25 17:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-06-25 17:30 . 2008-06-30 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-06-25 17:30 . 2008-06-30 16:32 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink

2008-06-24 14:41 . 2008-06-24 14:41 <DIR> d-------- C:\Arquivos de programas\IObit

2008-06-24 14:25 . 2004-08-03 21:45 33,280 --a------ C:\WINDOWS\system32\rundll32.exe

2008-06-24 14:05 . 2008-06-24 14:05 <DIR> d-------- C:\!KillBox

2008-06-24 14:00 . 2008-06-25 17:29 <DIR> d-------- C:\LinhaDefensiva

2008-06-24 12:21 . 2008-06-24 12:21 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2008-06-24 11:39 . 2008-06-24 12:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-06-24 03:38 . 2008-06-24 03:38 137,728 --a------ C:\WINDOWS\system32\qgigdnpd.dll

2008-06-24 03:35 . 2008-06-24 03:35 131,584 --a------ C:\WINDOWS\system32\lbbpnaau.dll

2008-06-23 10:30 . 2008-07-17 17:17 38 --a------ C:\WINDOWS\AviSplitter.INI

2008-06-23 09:27 . 2008-06-23 09:27 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-22 22:20 . 2008-06-22 22:20 169 --a------ C:\WINDOWS\RtlRack.ini

2008-06-22 21:14 . 2008-07-18 14:06 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-06-22 12:02 . 2008-06-22 12:02 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-06-22 11:46 . 2008-06-26 10:23 <DIR> d-------- C:\Arquivos de programas\Infogrames

2008-06-22 10:40 . 2008-06-25 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-06-22 10:40 . 2008-06-25 17:31 <DIR> d-------- C:\Arquivos de programas\GbPlugin

2008-06-21 23:05 . 2008-06-25 20:44 767 --a------ C:\WINDOWS\wbocx.ini

2008-06-21 12:58 . 2008-07-11 19:23 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-06-21 03:33 . 2008-07-30 01:03 111,552 --a------ C:\WINDOWS\BM6f78b3f4.xml

2008-06-20 21:19 . 2004-08-04 00:45 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-06-20 21:19 . 2004-08-04 00:39 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-06-20 21:19 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-06-20 21:19 . 2008-06-20 21:19 268 --ah----- C:\sqmdata04.sqm

2008-06-20 21:19 . 2008-06-20 21:19 244 --ah----- C:\sqmnoopt04.sqm

2008-06-20 21:18 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-06-20 17:54 . 2008-06-20 17:54 268 --ah----- C:\sqmdata03.sqm

2008-06-20 17:54 . 2008-06-20 17:54 244 --ah----- C:\sqmnoopt03.sqm

2008-06-20 16:15 . 2008-06-20 16:15 268 --ah----- C:\sqmdata02.sqm

2008-06-20 16:15 . 2008-06-20 16:15 244 --ah----- C:\sqmnoopt02.sqm

2008-06-20 16:13 . 2007-03-19 16:13 118,120 --a------ C:\WINDOWS\system32\drivers\viamraid.sys

2008-06-20 16:09 . 2004-01-09 15:23 42,496 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys

2008-06-20 16:09 . 2003-07-17 16:10 7,040 --a------ C:\WINDOWS\system32\ntsim.sys

2008-06-20 16:00 . 2008-06-20 16:00 268 --ah----- C:\sqmdata01.sqm

2008-06-20 16:00 . 2008-06-20 16:00 244 --ah----- C:\sqmnoopt01.sqm

2008-06-20 15:53 . 2008-06-20 15:53 <DIR> d-------- C:\Arquivos de programas\VIA

2008-06-20 15:53 . 2007-04-11 15:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll

2008-06-20 15:52 . 2008-06-20 15:52 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-06-20 15:52 . 2007-03-29 11:36 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys

2008-06-20 15:45 . 2008-06-20 15:45 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\ATI

2008-06-20 15:38 . 2008-06-20 15:38 268 --ah----- C:\sqmdata00.sqm

2008-06-20 15:38 . 2008-06-20 15:38 244 --ah----- C:\sqmnoopt00.sqm

2008-06-20 15:37 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-06-20 15:37 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-06-20 15:36 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2008-06-20 15:36 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-06-20 15:36 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-06-20 15:36 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2008-06-20 15:36 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2008-06-20 15:35 . 2008-06-20 15:35 <DIR> d-------- C:\Arquivos de programas\Realtek Sound Manager

2008-06-20 15:35 . 2008-06-20 15:35 <DIR> d-------- C:\Arquivos de programas\Realtek AC97

2008-06-20 15:35 . 2008-06-20 15:35 <DIR> d-------- C:\Arquivos de programas\AvRack

2008-06-20 15:35 . 2006-08-10 07:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe

2008-06-20 15:35 . 2006-08-18 13:52 4,017,536 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys

2008-06-20 15:35 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe

2008-06-20 15:35 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe

2008-06-20 15:35 . 2006-08-01 14:58 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll

2008-06-20 15:35 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-22 17:59 --------- d-----w C:\Arquivos de programas\ESET

2008-06-20 17:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VisualTaskTips

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VistaDrives

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VAIOXP

2008-06-20 17:42 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Windows Sidebar

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-06-20 17:34 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,292,288 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2008-04-24 04:14 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-22 07:43 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-22 07:43 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25b8cb39-6617-4d56-be60-e326e9e278dc}]

2008-06-24 03:38 137728 --a------ C:\WINDOWS\system32\qgigdnpd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E06327D-0415-475F-898B-6ACFB316073E}]

2008-06-20 15:25 44544 --------- C:\WINDOWS\system32\byXPGYQi.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 21:45 159744]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\qttask.exe" [2008-05-27 10:50 413696]

"BM6f78b3f4"="C:\WINDOWS\system32\lbbpnaau.dll" [2008-06-24 03:35 131584]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Arquivos de programas\Windows Sidebar\sidebar.exe" [2007-01-29 23:21 1230848]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-06-11 14:47 366672]

"{4E06327D-0415-475F-898B-6ACFB316073E}"= "C:\WINDOWS\system32\byXPGYQi.dll" [2008-06-20 15:25 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-06-11 14:47 366672 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGYQi]

2008-06-20 15:25 44544 C:\WINDOWS\system32\byXPGYQi.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=qgigdnpd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"VIDC.YV12"= yv12vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

--a------ 2007-10-04 18:38 307200 C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-08-25 12:52 339968 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM6f78b3f4]

--a------ 2008-06-24 03:35 131584 C:\WINDOWS\system32\lbbpnaau.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 21:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-05-15 15:55 1057328 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-05-15 15:55 1628208 C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2008-01-21 12:17 61440 C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-02 18:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

--a------ 2006-07-30 03:37 121089 C:\Arquivos de programas\VistaDrives\vsdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winpooch]

--a------ 2007-04-23 19:12 388096 C:\Arquivos de programas\Winpooch\Winpooch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Infogrames\\Grand Prix 4\\GP4.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R1 Winpooch;Winpooch kernel spy;C:\Arquivos de programas\Winpooch\Winpooch.sys [2007-04-23 19:12]

S3 S3chipid;S3chipid;C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f68b20f-3ef2-11dd-b478-000feaab79fe}]

\Shell\Auto\command - G:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

"C:\Arquivos de programas\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

"C:\Arquivos de programas\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

C:\WINDOWS\system32\hidec /W "C:\Arquivos de programas\VAIOXP\Tools\regtlib.exe" "C:\Arquivos de programas\Windows Sidebar\sidebar.exe"

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-26 01:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-30 01:03:16

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\byXPGYQi.dll

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\lbbpnaau.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-30 1:07:49 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-07-30 04:07:41

 

Pre-Run: 13 pasta(s) 21,882,228,736 bytes disponíveis

Post-Run: 16 pasta(s) 21,881,438,208 bytes dispon¡veis

 

330 --- E O F --- 2008-07-29 08:02:02

 

 

 

 

 

 

 

o problema tinha se resolvido após os ultimos passos....mas quando acessei o site para postar no forum.... houve um erro de dll e o explorer sumiu !!!

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:00:27, on 30/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: {cd872e9e-623e-06eb-65d4-716693bc8b52} - {25b8cb39-6617-4d56-be60-e326e9e278dc} - C:\WINDOWS\system32\qgigdnpd.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {4E06327D-0415-475F-898B-6ACFB316073E} - C:\WINDOWS\system32\byXPGYQi.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bM6f78b3f4] Rundll32.exe "C:\WINDOWS\system32\lbbpnaau.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214328035968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: qgigdnpd.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: byXPGYQi - C:\WINDOWS\SYSTEM32\byXPGYQi.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe a EliStarA = no final da página clique no botão Descargar EliStarA.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não utilize a internet até terminado o procedimento.

 

Reinicie em Modo Seguro (pressione repetidamente a tecla F8 durante a inicialização, até que apareça o menu, onde você deverá selecionar Modo Seguro).

 

Execute o EliStarA.exe e aguarde, pois o scan é um pouco demorado.

 

Terminado o processo, reinicie e poste o log (ele estará em C:\infoSat.txt).

 

Faça isso com o Pendrive conectado

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Wed Jul 30 20:20:38 2008

EliStartPage v16.82 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Acción Directa):

Key Eliminada [WinLogon\Notify\BYXPGYQI] -> C:\WINDOWS\SYSTEM32\byXPGYQi.dll

Entrada Eliminada [HKLM\...\Run] "BM6f78b3f4"="Rundll32.exe "C:\WINDOWS\system32\lbbpnaau.dll",s" (Vundo)

[WinLogon\Notify\BYXPGYQI]

Por favor, envienos el INFOSAT.TXT y una muestra del fichero

C:\WinLogon\BYXPGYQI.DLL

a "virus@satinfo.es". Gracias.

Por favor, envienos una muestra del fichero

C:\Muestras\BYXPGYQI.DLL.Muestra EliStartPage v16.82

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\BYXPGYQI.DLL --> Acceso Denegado.

C:\WINDOWS\ALCMTR.EXE --> Eliminado SpyRealtek

Por favor, envienos una muestra del fichero

C:\Muestras\LBBPNAAU.DLL.Muestra EliStartPage v16.82

a "virus@satinfo.es". Gracias.

C:\WINDOWS\SYSTEM32\LBBPNAAU.DLL --> Eliminado

C:\WINDOWS\PSKT.INI --> Eliminado (Fichero Complementario).

Eliminada Carpeta "%WinDir%\PeerNet"

No detectado SP3 de Windows XP

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

Reinicie para Completar la Limpieza.

 

Wed Jul 30 20:22:04 2008

EliStartPage v16.82 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\AvRack\CLASSIC.DLL --> Eliminado, FraudTool.Agent.D

C:\Arquivos de programas\Realtek\InstallShield\ALCMTR.EXE --> Eliminado, SpyRealtek

C:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\SYSTEM.DRAWING.DESIGN.RESOURCES.DLL --> Eliminado, MalWare.Celular

C:\WINDOWS\system32\CLOSEAPP.EXE --> Eliminado, RiskTool.CloseApp

C:\WINDOWS\system32\VIMC.EXE --> Eliminado, RiskTool.CloseApp(dropper)

C:\WINDOWS\system32\VITrans\VIVP.EXE --> Eliminado, RiskTool.CloseApp(dropper)

 

Nº Total de Directorios: 5525

Nº Total de Ficheros: 57409

Nº de Ficheros Analizados: 13873

Nº de Ficheros Infectados: 7

Nº de Ficheros Limpiados: 7

 

Wed Jul 30 20:37:48 2008

EliStartPage v16.82 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Julio del 2008)

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad D:\

 

Nº Total de Directorios: 675

Nº Total de Ficheros: 8085

Nº de Ficheros Analizados: 1287

Nº de Ficheros Infectados: 0

Nº de Ficheros Limpiados: 0

Sistema Infectado por el Downloader.ConHook

Sistema Infectado por el Vundo9

(C:\WINDOWS\SYSTEM32\TUVTJHWP.DLL)

No Detectada Utilidad "ELINOTIF.DLL" (Necesaria para la Limpieza)

 

 

 

 

OBS: mesmo depois de todo o procedimento o problema de ficar abrindo e fechando o explorer.exe continua......Porem problema com o internet explorer sumiu ....

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa Fred Bracher

 

Digite no excutar combofix /u depois clique em "ok" e aguarde a remoção do combofix.

 

- Faça o donwload do combofix novamente. Depois execute-o.

 

proxima resposta poste o log do combofix + hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-07-30.02 - Administrador 2008-08-09 18:25:10.11 - NTFSx86 MINIMAL

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrador\services.exe

C:\InfoSat.txt

C:\WINDOWS\BM6f78b3f4.xml

C:\WINDOWS\system32\iSuFNqru.ini

C:\WINDOWS\system32\iSuFNqru.ini2

C:\WINDOWS\system32\KkloYJlm.ini

C:\WINDOWS\system32\KkloYJlm.ini2

C:\WINDOWS\system32\mlJYolkK.dll

C:\WINDOWS\system32\pWHjTvut.ini

C:\WINDOWS\system32\pWHjTvut.ini2

C:\WINDOWS\system32\urqNFuSi.dll

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))))

.

 

2008-08-09 18:32 . 2008-08-09 18:32 283,136 --a------ C:\WINDOWS\system32\yayaXRHY.dll

2008-08-09 18:32 . 2008-08-09 18:32 345 --ahs---- C:\WINDOWS\system32\YHRXayay.ini2

2008-08-09 18:32 . 2008-08-09 18:37 345 --ahs---- C:\WINDOWS\system32\YHRXayay.ini

2008-07-30 20:41 . 2008-07-30 20:41 <DIR> d-------- C:\WINDOWS\peernet

2008-07-30 20:20 . 2008-07-30 20:20 <DIR> d-------- C:\WinLogon

2008-07-30 20:20 . 2008-07-30 22:31 <DIR> d-------- C:\Muestras

2008-07-30 12:39 . 2008-07-30 12:39 283,136 --a------ C:\WINDOWS\system32\TUVTJHWP.DLL.VIR

2008-07-27 22:33 . 2008-07-27 22:33 47,616 --a------ C:\7d871b16211c1f0.bup

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\srchasst

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-07-23 23:49 . 2008-07-30 01:07 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-23 23:49 . 2008-07-30 01:07 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-07-23 23:49 . 2008-07-30 01:07 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-07-23 18:00 . 2008-07-23 18:00 218,112 --a------ C:\HijackThis.exe

2008-07-23 13:07 . 2008-07-24 17:39 <DIR> d-------- C:\Arquivos de programas\Winpooch

2008-07-23 13:07 . 2006-07-16 18:48 1,073,152 --a------ C:\WINDOWS\system32\FreeImage.dll

2008-07-23 13:07 . 2007-04-21 00:38 516,096 --a------ C:\WINDOWS\system32\libclamav.dll

2008-07-23 01:40 . 2008-07-23 01:40 <DIR> d-------- C:\Arquivos de programas\EA Sports

2008-07-22 14:23 . 2008-07-27 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-07-20 19:48 . 2008-07-20 19:48 244 --ah----- C:\sqmnoopt05.sqm

2008-07-20 19:48 . 2008-07-20 19:48 232 --ah----- C:\sqmdata05.sqm

2008-07-19 22:33 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-07-13 13:36 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-13 13:36 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

2008-07-11 21:34 . 2003-07-17 15:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd

2008-07-11 21:34 . 2005-01-01 06:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

2008-07-11 21:33 . 2008-07-11 21:33 <DIR> d-------- C:\Program Files

2008-07-11 21:16 . 2008-07-11 21:16 <DIR> d-------- C:\Arquivos de programas\OnGame

2008-07-11 20:06 . 2008-07-11 20:08 157,939,821 --a------ C:\GunBound_Brasil_Season2.exe

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-09 21:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-31 16:58 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-07-30 23:22 --------- d-----w C:\Arquivos de programas\AvRack

2008-07-22 17:59 --------- d-----w C:\Arquivos de programas\ESET

2008-07-17 01:05 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-07-09 02:55 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-07-09 02:55 --------- d--h--r C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-07-09 01:56 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-09 01:56 --------- d-----w C:\Arquivos de programas\Sierra

2008-07-03 21:06 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-07-03 04:43 --------- d-----w C:\Arquivos de programas\QuickTime

2008-07-03 04:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-03 04:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-07-03 04:35 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-07-02 21:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-07-02 21:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-07-02 21:25 --------- d-----w C:\Arquivos de programas\Real

2008-07-01 18:29 --------- d-----w C:\Arquivos de programas\SourceTec

2008-07-01 17:31 --------- d-----w C:\Arquivos de programas\MediaCoder

2008-07-01 16:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-07-01 16:06 --------- d-----w C:\Arquivos de programas\SRSLabs

2008-07-01 16:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRS

2008-06-30 19:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-06-30 19:32 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink

2008-06-30 00:00 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 22:50 --------- d-----w C:\Arquivos de programas\NeXus RV10 & MKV Filtres

2008-06-26 13:23 --------- d-----w C:\Arquivos de programas\Infogrames

2008-06-26 12:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ATI

2008-06-26 11:54 --------- d-----w C:\Arquivos de programas\ATI Technologies

2008-06-26 11:54 --------- d-----w C:\Arquivos de programas\ATI

2008-06-24 17:41 --------- d-----w C:\Arquivos de programas\IObit

2008-06-24 15:21 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-06-24 06:38 137,728 ----a-w C:\WINDOWS\system32\qgigdnpd.dll

2008-06-22 15:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-06-20 18:53 --------- d-----w C:\Arquivos de programas\VIA

2008-06-20 18:52 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-06-20 18:45 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\ATI

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\Realtek Sound Manager

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\Realtek AC97

2008-06-20 18:26 --------- d-----w C:\Arquivos de programas\Realtek

2008-06-20 18:25 44,544 ------w C:\WINDOWS\system32\byXPGYQi.dll

2008-06-20 18:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-20 18:22 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-06-20 18:21 --------- d-----w C:\Arquivos de programas\MSBuild

2008-06-20 18:19 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-06-20 18:17 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2008-06-20 18:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-06-20 18:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-06-20 18:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-06-20 18:09 --------- d-----w C:\Arquivos de programas\Nero

2008-06-20 18:06 --------- d-----w C:\Arquivos de programas\CyberLink

2008-06-20 18:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-20 18:02 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-20 17:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VisualTaskTips

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VistaDrives

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VAIOXP

2008-06-20 17:42 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Windows Sidebar

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-06-20 17:34 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 23:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll

2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll

2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-06-03 02:22 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-06-03 00:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25b8cb39-6617-4d56-be60-e326e9e278dc}]

2008-06-24 03:38 137728 --a------ C:\WINDOWS\system32\qgigdnpd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E06327D-0415-475F-898B-6ACFB316073E}]

2008-06-20 15:25 44544 --------- C:\WINDOWS\system32\byXPGYQi.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E815A205-0177-4C23-8542-C83772405D1D}]

2008-08-09 18:32 283136 --a------ C:\WINDOWS\system32\yayaXRHY.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 21:45 159744]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Arquivos de programas\Windows Sidebar\sidebar.exe" [2007-01-29 23:21 1230848]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 15:12 366664]

"{4E06327D-0415-475F-898B-6ACFB316073E}"= "C:\WINDOWS\system32\byXPGYQi.dll" [2008-06-20 15:25 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGYQi]

2008-06-20 15:25 44544 C:\WINDOWS\system32\byXPGYQi.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"VIDC.YV12"= yv12vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayaXRHY

Vundo9 REG_SZ C:\WINDOWS\SYSTEM32\TUVTJHWP.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\^ntuser.dat]

path=\ntuser.dat

backup=C:\WINDOWS\pss\ntuser.datCommon Startup

 

[HKLM\~\startupfolder\^NTUSER.DAT.LOG]

path=\NTUSER.DAT.LOG

backup=C:\WINDOWS\pss\NTUSER.DAT.LOGCommon Startup

 

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

backup=C:\WINDOWS\pss\ntuser.iniCommon Startup

 

[HKLM\~\startupfolder\^services.exe]

path=\services.exe

backup=C:\WINDOWS\pss\services.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

--a------ 2007-10-04 18:38 307200 C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-08-25 12:52 339968 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 21:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-05-15 15:55 1057328 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-05-15 15:55 1628208 C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2008-01-21 12:17 61440 C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-02 18:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

--a------ 2006-07-30 03:37 121089 C:\Arquivos de programas\VistaDrives\vsdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winpooch]

--a------ 2007-04-23 19:12 388096 C:\Arquivos de programas\Winpooch\Winpooch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Infogrames\\Grand Prix 4\\GP4.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R1 Winpooch;Winpooch kernel spy;C:\Arquivos de programas\Winpooch\Winpooch.sys [2007-04-23 19:12]

S3 S3chipid;S3chipid;C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f68b20f-3ef2-11dd-b478-000feaab79fe}]

\Shell\Auto\command - G:\Start.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

"C:\Arquivos de programas\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

"C:\Arquivos de programas\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

C:\WINDOWS\system32\hidec /W "C:\Arquivos de programas\VAIOXP\Tools\regtlib.exe" "C:\Arquivos de programas\Windows Sidebar\sidebar.exe"

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORFAOS REMOVIDOS - - - -

 

BHO-{4B53D441-C868-4907-BADA-9D4C18537F2C} - C:\WINDOWS\system32\tuvTjHWp.dll

MSConfigStartUp-BM6f78b3f4 - C:\WINDOWS\system32\lbbpnaau.dll

 

 

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\wbsjqf0m.default\

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-09 18:32:44

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

.

--------------------- DLLs Carregadas Sob os Processos em Execu‡ao ---------------------

 

PROCESSOS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\byXPGYQi.dll

 

PROCESSOS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\yayaXRHY.dll

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\GbPlugin\gbpsv.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-09 18:42:14 - Maquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2008-08-09 21:41:05

ComboFix2.txt 2008-07-30 04:07:51

 

Pre-Run: 14 pasta(s) 21,763,493,888 bytes disponíveis

Post-Run: 17 pasta(s) 22,034,976,768 bytes dispon¡veis

 

301 --- E O F --- 2008-08-09 08:01:25

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:34:49, on 9/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\HijackThis.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\imapi.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214328035968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WinLogon

C:\sqmnoopt05.sqm

C:\sqmdata05.sqm

E:\autorun.exe

G:\Start.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f68b20f-3ef2-11dd-b478-000feaab79fe}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

645i642ef2.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-08-11.01 - Administrador 2008-08-12 9:24:31.13 - NTFSx86 MINIMAL

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt..txt

 

FILE ::

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\WinLogon

E:\autorun.exe

E:\AutoRun.exe

G:\Start.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\sqmdata05.sqm

C:\sqmnoopt05.sqm

C:\WINDOWS\BM6f78b3f4.txt

C:\WINDOWS\system32\byXPGYQi.dll

C:\WINDOWS\system32\qgigdnpd.dll

C:\WINDOWS\system32\yayaXRHY.dll

C:\WINDOWS\system32\YHRXayay.ini

C:\WINDOWS\system32\YHRXayay.ini2

E:\AutoRun.exe . . . . falha na exclusão

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))

.

 

2008-08-12 01:36 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys

2008-08-12 01:36 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys

2008-08-12 01:35 . 2008-08-12 01:35 <DIR> d-------- C:\Arquivos de programas\D-Tools

2008-08-12 01:34 . 2008-08-12 01:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-08-11 20:27 . 2008-08-11 20:27 <DIR> d-------- C:\Housexy Ibiza 2008 by Heike

2008-08-11 17:21 . 2008-08-11 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-08-11 17:20 . 2008-08-11 17:26 <DIR> d-------- C:\Arquivos de programas\Super Internet TV

2008-08-11 12:42 . 2008-08-11 12:42 <DIR> d-------- C:\Arquivos de programas\Campground Master

2008-08-11 12:12 . 2008-08-11 21:55 2,678 --a------ C:\WINDOWS\GH.INI

2008-08-11 12:11 . 2001-05-10 21:00 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-08-11 12:11 . 2008-08-11 21:29 13,030 --a------ C:\PDOXUSRS.NET

2008-08-11 12:10 . 2008-08-11 21:35 <DIR> d-------- C:\GH

2008-08-11 12:10 . 2008-08-11 12:10 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2008-08-11 12:07 . 2008-08-11 12:07 <DIR> d-------- C:\HS

2008-08-11 12:07 . 2006-01-17 02:05 356,439 --a------ C:\WINDOWS\system32\FBCLIENT.dll

2008-08-11 12:07 . 2006-01-17 02:05 356,439 --a------ C:\WINDOWS\system\FBCLIENT.dll

2008-08-10 22:40 . 2008-08-10 22:40 <DIR> d-------- C:\Arquivos de programas\Google

2008-08-09 21:29 . 2008-08-09 21:29 <DIR> d-------- C:\WINDOWS\Sun

2008-08-09 21:28 . 2008-08-09 21:28 <DIR> d-------- C:\Arquivos de programas\Sun

2008-08-09 21:28 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-09 21:26 . 2008-08-09 21:28 <DIR> d-------- C:\Arquivos de programas\Java

2008-08-09 21:24 . 2008-08-09 21:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-08-09 20:46 . 2008-08-09 20:46 <DIR> d-------- C:\Arquivos de programas\Discador Globo.com

2008-08-09 20:46 . 2008-08-09 20:46 76 --a------ C:\WINDOWS\GDINST.INI

2008-08-09 18:42 . 2008-08-09 18:42 <DIR> d-------- C:\Documents and Settings\LocalService\Configurações locais

2008-07-30 20:41 . 2008-07-30 20:41 <DIR> d-------- C:\WINDOWS\peernet

2008-07-30 20:20 . 2008-07-30 20:20 <DIR> d-------- C:\WinLogon

2008-07-30 20:20 . 2008-07-30 22:31 <DIR> d-------- C:\Muestras

2008-07-30 12:39 . 2008-07-30 12:39 283,136 --a------ C:\WINDOWS\system32\TUVTJHWP.DLL.VIR

2008-07-27 22:33 . 2008-07-27 22:33 47,616 --a------ C:\7d871b16211c1f0.bup

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\WINDOWS\srchasst

2008-07-24 13:20 . 2008-07-24 13:20 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-07-23 23:49 . 2008-08-09 18:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configurações locais

2008-07-23 23:49 . 2008-08-09 18:42 <DIR> d-------- C:\Documents and Settings\NetworkService\Configurações locais

2008-07-23 23:49 . 2008-08-09 18:42 <DIR> d-------- C:\Documents and Settings\Administrador\Configurações locais

2008-07-23 18:00 . 2008-07-23 18:00 218,112 --a------ C:\HijackThis.exe

2008-07-23 13:07 . 2008-07-24 17:39 <DIR> d-------- C:\Arquivos de programas\Winpooch

2008-07-23 13:07 . 2006-07-16 18:48 1,073,152 --a------ C:\WINDOWS\system32\FreeImage.dll

2008-07-23 13:07 . 2007-04-21 00:38 516,096 --a------ C:\WINDOWS\system32\libclamav.dll

2008-07-23 01:40 . 2008-07-23 01:40 <DIR> d-------- C:\Arquivos de programas\EA Sports

2008-07-22 14:23 . 2008-07-27 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-07-19 22:33 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-07-13 13:36 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-13 13:36 . 2008-06-12 20:37 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm

 

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-09 21:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-31 16:58 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-07-30 23:22 --------- d-----w C:\Arquivos de programas\AvRack

2008-07-22 17:59 --------- d-----w C:\Arquivos de programas\ESET

2008-07-17 01:05 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-07-12 00:16 --------- d-----w C:\Arquivos de programas\OnGame

2008-07-11 23:08 157,939,821 ----a-w C:\GunBound_Brasil_Season2.exe

2008-07-09 02:55 --------- d--h--r C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-07-09 01:56 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-09 01:56 --------- d-----w C:\Arquivos de programas\Sierra

2008-07-03 21:06 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-07-03 04:43 --------- d-----w C:\Arquivos de programas\QuickTime

2008-07-03 04:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-03 04:35 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-07-03 04:35 --------- d-----w C:\Arquivos de programas\Apple Software Update

2008-07-02 21:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\xing shared

2008-07-02 21:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Real

2008-07-02 21:25 --------- d-----w C:\Arquivos de programas\Real

2008-07-01 18:29 --------- d-----w C:\Arquivos de programas\SourceTec

2008-07-01 17:31 --------- d-----w C:\Arquivos de programas\MediaCoder

2008-07-01 16:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SRSLabs

2008-07-01 16:06 --------- d-----w C:\Arquivos de programas\SRSLabs

2008-07-01 16:06 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRS

2008-06-30 19:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

2008-06-30 19:32 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink

2008-06-30 00:00 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-06-29 22:50 --------- d-----w C:\Arquivos de programas\NeXus RV10 & MKV Filtres

2008-06-26 13:23 --------- d-----w C:\Arquivos de programas\Infogrames

2008-06-26 12:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ATI

2008-06-26 11:54 --------- d-----w C:\Arquivos de programas\ATI Technologies

2008-06-26 11:54 --------- d-----w C:\Arquivos de programas\ATI

2008-06-24 17:41 --------- d-----w C:\Arquivos de programas\IObit

2008-06-24 15:21 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-06-22 15:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

2008-06-20 18:53 --------- d-----w C:\Arquivos de programas\VIA

2008-06-20 18:52 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-06-20 18:45 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\ATI

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\Realtek Sound Manager

2008-06-20 18:35 --------- d-----w C:\Arquivos de programas\Realtek AC97

2008-06-20 18:26 --------- d-----w C:\Arquivos de programas\Realtek

2008-06-20 18:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-20 18:22 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-06-20 18:21 --------- d-----w C:\Arquivos de programas\MSBuild

2008-06-20 18:19 --------- d-----w C:\Arquivos de programas\Microsoft.NET

2008-06-20 18:17 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2008-06-20 18:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

2008-06-20 18:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Ahead

2008-06-20 18:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-06-20 18:09 --------- d-----w C:\Arquivos de programas\Nero

2008-06-20 18:06 --------- d-----w C:\Arquivos de programas\CyberLink

2008-06-20 18:03 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-06-20 18:02 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-20 17:51 --------- d-----w C:\Arquivos de programas\MSN Messenger

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VisualTaskTips

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VistaDrives

2008-06-20 17:47 --------- d-----w C:\Arquivos de programas\VAIOXP

2008-06-20 17:42 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-20 17:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Windows Sidebar

2008-06-20 17:37 --------- d-----w C:\Arquivos de programas\Foxit Software

2008-06-20 17:34 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]

"msnmsgr"="C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-03 21:45 159744]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Arquivos de programas\Windows Sidebar\sidebar.exe" [2007-01-29 23:21 1230848]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 15:12 366664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

"VIDC.YV12"= yv12vfw.dll

"msacm.avis"= ff_acm.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Vundo9 REG_SZ C:\WINDOWS\SYSTEM32\TUVTJHWP.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKLM\~\startupfolder\^ntuser.dat]

path=\ntuser.dat

backup=C:\WINDOWS\pss\ntuser.datCommon Startup

 

[HKLM\~\startupfolder\^NTUSER.DAT.LOG]

path=\NTUSER.DAT.LOG

backup=C:\WINDOWS\pss\NTUSER.DAT.LOGCommon Startup

 

[HKLM\~\startupfolder\^ntuser.ini]

path=\ntuser.ini

backup=C:\WINDOWS\pss\ntuser.iniCommon Startup

 

[HKLM\~\startupfolder\^services.exe]

path=\services.exe

backup=C:\WINDOWS\pss\services.exeCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

--a------ 2007-10-04 18:38 307200 C:\Arquivos de programas\ATI\ATICustomerCare\ATICustomerCare.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2004-08-25 12:52 339968 C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-03 21:45 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-05-15 15:55 1057328 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

--a------ 2006-12-05 22:55 54832 C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 12:54 5674352 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2006-11-23 15:10 56928 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-05-15 15:55 1628208 C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2008-01-21 12:17 61440 C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-02 18:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]

--a------ 2006-07-30 03:37 121089 C:\Arquivos de programas\VistaDrives\vsdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winpooch]

--a------ 2007-04-23 19:12 388096 C:\Arquivos de programas\Winpooch\Winpooch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Infogrames\\Grand Prix 4\\GP4.exe"=

"C:\\Arquivos de programas\\OnGame\\GunBoundWC\\GunBound.gme"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36]

R1 Winpooch;Winpooch kernel spy;C:\Arquivos de programas\Winpooch\Winpooch.sys [2007-04-23 19:12]

S3 S3chipid;S3chipid;C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

C:\WINDOWS\system32\hidec /W "C:\Arquivos de programas\VAIOXP\Tools\regtlib.exe" "C:\Arquivos de programas\Windows Sidebar\sidebar.exe"

.

Conte£do da pasta 'Tarefas Agendadas'

 

2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-12 09:34:00

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

C:\WINDOWS\explorer.exe [520] 0x8643A228

 

Procurando entradas auto inicializ veis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GbpSv]

"ImagePath"="C:\ARQUIV~1\GbPlugin\GbpSv.exe"

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\GbPlugin\gbpsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-12 9:41:22 - Maquina reiniciou [Administrador]

ComboFix-quarantined-files.txt 2008-08-12 12:40:18

 

Pre-Run: 17 pasta(s) 16,578,764,800 bytes disponíveis

Post-Run: 20 pasta(s) 16,655,122,432 bytes dispon¡veis

 

263 --- E O F --- 2008-08-12 08:01:47

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 09:47:19, on 12/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214328035968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o log estar limpo :)

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Cuidados ao navegar na net para maiores informações sobre como evitar infecções.

 

:)

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.