[Resolvido!] VIRUS 1RFW8HJR

[esdrasyave 0]

Bem é cm ja disse no titulo..esse MALDITO virus ta atacando meu PC..ja executei o MSNFix e o Log é esse:

 

 

MSNFix 1.736

 

C:\Documents and Settings\lan-04\Desktop\MSNFix

Fix lançado dia 2008-07-29 - 14:50:10.03 By lan-04

modo normal

 

************************ Procurando os arquivos presentes

 

... C:\autorun.inf

... C:\Autorun.inf

 

************************ Procurando as pastas presentes

 

Nenhuma pasta encontrada

 

 

 

 

************************ Apagando os arquivos

 

.. OK ... C:\autorun.inf

.. OK ... C:\Autorun.inf

 

 

 

************************ Limpeza do registro

 

 

 

Os arquivos ainda presentes serão apagado no proximo boot

 

 

Nenhum arquivo encontrado

 

 

 

************************ Arquivos suspeitos

 

/!\ Estes arquivos necessitam de uma opiniao de alguem competente antes de qualquer intervencao

 

[C:\eMule0.48a-Installer.exe] D930C6056C47759CBDD749C06B95C866

[C:\install_flash_player.exe] FF1E48435164F3709E9492CE71FF3925

[C:\OrbitDownloaderSetup.exe] 78789B5FAA6B064FC3EFFC728BB33A38

[C:\Setup_FreeConverter.exe] 688DCD321AE29C8359CDD3C6762D21EE

 

==> Por favor não esqueça de mandar o arquivo C:\DOCUME~1\lan-04\Desktop\Upload_Me.zip no http://upload.changelog.fr

 

 

 

Os arquivos e as chaves do registro apagados foram salvos no arquivo 2008-07-29_145950.98.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

------------------------------------------------------------------------

Autor : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

[esdrasyave 0]

E aki o Log do HjackThis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:06, on 2008-07-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Rar$EX00.031\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb127\SearchSettings.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb127\SearchSettings.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073108 serial=dr12wex-1504397-kty lang=BP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 200.223.0.84 200.223.0.83

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[PedroN 1]

Baixe o Combofix e salve no seu desktop.

 

Feche todas as janelas e programas

Dê um duplo-clique no combofix e tecle "1" em seguida enter para prosseguir com o fix. Vai durar uma média de 10 minutos (seja paciente). O combofix reiniciará o PC automaticamente para completar o processo de remoção.

 

Quando acabar, será gerado um log, que vai estar em C:\ComboFix.txt.

 

Atenção:

Não clique na Janela do ComboFix, nem o feche clicando no X, enquanto estiver rodando, pois senão irá parar e seu desktop ficará em branco.

 

Para parar ou sair do ComboFix, tecle "2" e Enter.

 

Depois gere um novo log com o HijackThis e poste, juntamente com o ComboFix.txt.

[esdrasyave 0]

PRONTO..eu fiz td isso, e o Log do ComboFix se segue abaixo...

 

 

 

ComboFix 08-07-28.6 - lan-04 2008-07-29 19:49:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.256 [GMT -3:00]

Executando de: C:\Documents and Settings\lan-04\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\packet.dll

D:\Autorun.inf

F:\Autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-29 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 19:36 . 2008-07-25 11:28 392,833,024 --a------ C:\Metallica - The Unforgiven.mpg

2008-07-29 19:34 . 2008-07-24 23:54 315,510,784 --a------ C:\Metallica - One (Jammin' Version).mpg

2008-07-29 19:32 . 2008-07-25 11:17 287,123,456 --a------ C:\Metallica - Hero Of The Day.mpg

2008-07-29 19:30 . 2008-07-25 11:10 285,280,256 --a------ C:\Metallica - Fuel.mpg

2008-07-29 19:29 . 2008-07-24 22:02 254,320,640 --a------ C:\Within Temptation - Angels.mpg

2008-07-29 19:27 . 2008-07-22 20:53 293,148,672 --a------ C:\Oasis - Wonderwall.mpg

2008-07-29 19:22 . 2008-07-11 19:21 254,015,488 --a------ C:\Nightwish - Amaranth (Live).VOB

2008-07-29 19:16 . 2008-07-21 18:20 285,808,640 --a------ C:\Epica - The Phantom Agony.mpg

2008-07-29 19:14 . 2008-07-20 22:39 258,154,496 --a------ C:\Epica - Solitary Ground.mpg

2008-07-29 19:13 . 2008-07-16 23:11 299,325,440 --a------ C:\Epica - Memory.mpg

2008-07-29 19:11 . 2008-07-20 22:30 274,313,216 --a------ C:\Epica - Feint.mpg

2008-07-29 19:09 . 2008-07-18 11:33 259,366,912 --a------ C:\After Forever - Digital Deceit.mpg

2008-07-29 19:07 . 2008-07-18 11:20 341,753,856 --a------ C:\Aerosmith - Hole In My Soul.mpg

2008-07-29 19:05 . 2008-07-18 11:07 314,195,968 --a------ C:\ACDC - Thunderstruck.mpg

2008-07-29 19:03 . 2008-07-17 09:43 285,132,800 --a------ C:\Skid Row - In A Darkened Room.mpg

2008-07-29 19:02 . 2008-07-16 22:06 264,837,120 --a------ C:\Nightwish - Bye Bye Beautiful.mpg

2008-07-29 18:57 . 2008-07-13 22:47 367,521,792 --a------ C:\Manowar - Warriors Of The World United.mpg

2008-07-29 18:54 . 2008-06-29 13:21 161,329,152 --a------ C:\Twisted Sister - You Can't Stop Rock'N'Roll.VOB

2008-07-29 18:52 . 2008-06-29 13:22 225,863,680 --a------ C:\Twisted Sister - We're Not Gonna Take It.VOB

2008-07-29 18:52 . 2008-06-29 13:24 129,101,824 --a------ C:\Twisted Sister - The Prince.VOB

2008-07-29 18:50 . 2008-06-29 13:39 260,853,760 --a------ C:\Twisted Sister - Oh Come All Ye Faithful.VOB

2008-07-29 18:49 . 2008-06-29 13:24 127,014,912 --a------ C:\Twisted Sister - Leader Of The Pack.VOB

2008-07-29 18:48 . 2008-06-29 13:23 153,878,528 --a------ C:\Twisted Sister - I Wanna Rock.VOB

2008-07-29 18:47 . 2008-06-29 13:25 142,538,752 --a------ C:\Twisted Sister - Hot Love.VOB

2008-07-29 18:46 . 2008-06-29 13:25 202,205,184 --a------ C:\Twisted Sister - Be Chrool To Your Scuel.VOB

2008-07-29 18:44 . 2008-07-08 20:44 176,750,592 --a------ C:\Avril Lavigne - Knocking On Heaven's Door.mpg

2008-07-29 18:42 . 2008-07-08 11:08 254,623,744 --a------ C:\The Pussycat Dolls - When I Grow Up.mpg

2008-07-29 18:15 . 2008-07-06 10:50 406,472,704 --a------ C:\Metallica - Nothing Else Matters.mpg

2008-07-29 18:13 . 2008-07-06 12:56 349,646,848 --a------ C:\Deep Purple - Highway Star.mpg

2008-07-29 18:11 . 2008-07-06 12:41 317,800,448 --a------ C:\Backstreet Boys - Everybody.mpg

2008-07-29 18:09 . 2008-07-04 22:54 203,505,664 --a------ C:\Aerosmith - Fly Away From Here.mpg

2008-07-29 18:08 . 2008-07-04 10:16 178,352,128 --a------ C:\Survivor - Eye Of The Tiger.mpg

2008-07-29 18:07 . 2008-07-04 22:43 161,216,512 --a------ C:\Stratovarius - Eagleheart.mpg

2008-07-29 18:05 . 2008-07-06 11:29 298,115,072 --a------ C:\Radiohead - There There.mpg

2008-07-29 18:04 . 2008-07-05 23:18 247,035,904 --a------ C:\Radiohead - Creep.mpg

2008-07-29 18:02 . 2008-07-06 11:06 249,077,760 --a------ C:\n' sync - bye, bye, bye.mpg

2008-07-29 13:23 . 2008-07-06 11:47 322,062,336 --a------ C:\Twisted Sister - Heavy Metal Christmas.mpg

2008-07-29 13:21 . 2008-07-06 10:05 336,633,856 --a------ C:\Manowar - Return Of The Warlord.mpg

2008-07-29 13:19 . 2008-07-06 12:07 233,500,672 --a------ C:\Lacuna Coil - Within Me.mpg

2008-07-29 13:16 . 2008-07-08 00:59 457,345,024 --a------ C:\Guns N' Roses - Paradise City (Gods Of Metal 2006).mpg

2008-07-29 13:13 . 2008-07-07 11:32 589,674,496 --a------ C:\Guns N' Roses - Estranged.mpg

2008-07-29 13:11 . 2008-07-07 11:41 278,452,224 --a------ C:\Guns N' Roses - Dead Horses.mpg

2008-07-29 13:09 . 2008-07-09 10:56 311,044,096 --a------ C:\Europe - Final Countdown.mpg

2008-07-29 13:07 . 2008-07-06 23:38 258,078,720 --a------ C:\Arch Enemy - Ravenous.mpg

2008-07-29 13:06 . 2008-07-07 09:51 249,612,288 --a------ C:\Arch Enemy - Nemesis.mpg

2008-07-29 13:04 . 2008-07-09 10:44 248,223,744 --a------ C:\Van Halen - Jump.mpg

2008-07-28 20:16 . 2008-07-28 20:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-28 20:16 . 2008-07-28 20:16 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-28 19:29 . 2008-07-28 19:29 1,409 --a------ C:\WINDOWS\system32\tmp75034.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmpECDA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmpC8BA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmp8CEA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmp4FCA2.FOT

2008-07-27 20:58 . 2008-07-22 02:22 <DIR> d-------- C:\Adilson.Silva.-.2008.-.Deus.Soberano

2008-07-27 17:47 . 2008-01-03 15:37 <DIR> d-------- C:\Tarja Turunen - My Winter Storm (2007)

2008-07-27 10:19 . 2008-07-29 13:42 <DIR> d-------- C:\Downloads

2008-07-27 10:19 . 2008-07-29 15:00 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Orbit

2008-07-27 10:19 . 2008-07-29 13:42 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-26 23:59 . 2008-07-29 13:42 <DIR> d-------- C:\Nightwish-Dark_Passion_Play-2CD-Retail-2007-COS

2008-07-26 23:58 . 2008-07-29 13:42 <DIR> d-------- C:\Nightwish-Amaranth-2CD-CDS-2007-MAN

2008-07-26 23:57 . 2008-07-26 23:57 <DIR> d-------- C:\Tarja Turunen

2008-07-26 23:57 . 2008-07-27 00:03 <DIR> d-------- C:\Celta

2008-07-24 16:23 . 2008-07-24 16:23 13,824 --ahs---- C:\Thumbs.db

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpFCAD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpE0BD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpA9BD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpA19D0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmp8EBD0.FOT

2008-07-21 19:31 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\eMule Acceleration Patch

2008-07-21 19:30 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Any Video Converter

2008-07-21 19:30 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\Any Video Converter

2008-07-19 13:31 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\AdVantage

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\BSplayer Pro

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\BSplayer

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-07-19 09:39 . 2008-07-19 09:50 2,759,868 --a------ C:\IJF - ENTREVISTA DEDÉ.WMV

2008-07-18 18:25 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\AVIConverter

2008-07-17 14:20 . 2008-07-17 14:20 24,576 --a------ C:\HORARIO.doc

2008-07-16 15:41 . 2008-07-16 15:41 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Corel

2008-07-16 15:11 . 2008-07-16 15:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-16 15:10 . 2008-07-16 15:10 <DIR> d-------- C:\Arquivos de programas\Corel

2008-07-15 18:10 . 2008-07-15 18:10 <DIR> d-------- C:\Arquivos de programas\Runtime Software

2008-07-15 17:59 . 2008-07-15 18:10 <DIR> d-------- C:\Programas

2008-07-15 17:09 . 2008-07-15 18:05 5,218,995 --a------ C:\Getdataback.For.Fat.And.Ntfs.3.03.by.Leo_Neiva.rar

2008-07-15 11:40 . 2008-07-15 11:40 <DIR> d-------- C:\Documents and Settings\lan-04\AdRotator

2008-07-14 22:56 . 2008-07-14 22:56 <DIR> d-------- C:\Arquivos de programas\TouchStoneSoftware

2008-07-10 20:40 . 2008-07-29 13:44 <DIR> d--h----- C:\WINDOWS\zzz

2008-07-10 17:54 . 2008-07-23 14:02 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Image Zone Express

2008-07-09 18:48 . 2008-07-26 13:47 <DIR> d-------- C:\FOTOS CASA ZACA

2008-07-07 19:26 . 2008-07-07 19:26 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2008-07-05 22:35 . 2008-07-20 14:33 34 --a------ C:\WINDOWS\cdplayer.ini

2008-07-03 01:16 . 2008-07-03 01:16 <DIR> d-------- C:\Arquivos de programas\BestPractice

2008-06-30 09:16 . 2008-04-24 10:28 1,495,112 --a------ C:\install_flash_player.exe

2008-06-30 00:49 . 2008-04-23 04:14 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-30 00:49 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-30 00:49 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-30 00:49 . 2008-04-23 04:14 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-30 00:49 . 2008-04-23 04:14 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-30 00:49 . 2008-04-23 04:14 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-30 00:49 . 2008-04-23 04:14 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-30 00:49 . 2008-04-23 04:14 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-30 00:49 . 2008-04-22 04:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-29 22:40 . 2008-06-29 22:41 25,600 --a------ C:\Especies Heliconia CE.doc

2008-06-29 22:28 . 2008-06-29 22:28 31,190 --a------ C:\Heliconia psittacorum CE.pdf

2008-06-29 21:44 . 2008-07-29 15:01 6,144 --ahs---- C:\WINDOWS\Thumbs.db

2008-06-29 10:29 . 2004-08-04 00:45 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-06-29 10:24 . 2008-06-29 10:29 <DIR> d-------- C:\WINDOWS\VistaMizer

2008-06-29 10:23 . 2008-06-29 10:23 <DIR> d-------- C:\Arquivos de programas\Softland

2008-06-29 10:23 . 2007-08-10 13:14 21,656 --a------ C:\WINDOWS\system32\dopdfmn5.dll

2008-06-29 10:23 . 2007-08-10 13:14 17,048 --a------ C:\WINDOWS\system32\dopdfmi5.dll

2008-06-29 10:23 . 2007-07-20 17:22 5,269 --a------ C:\WINDOWS\system32\dopdf5.ctm

2008-06-29 10:22 . 2008-06-29 10:22 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Media Player Classic

2008-06-29 10:22 . 2008-06-29 10:22 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-06-29 02:09 . 2008-06-30 17:31 <DIR> d-------- C:\WINDOWS\system32\pt-br

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 16:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-29 16:43 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-07-26 17:14 --------- d-----w C:\Arquivos de programas\eMule

2008-07-23 12:25 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Nero

2008-07-16 18:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-16 18:11 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-02 17:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-29 13:29 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-06-29 04:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-06-29 04:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-06-28 16:39 --------- d-----w C:\Arquivos de programas\AskTBar

2008-06-28 16:01 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-28 00:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-27 22:19 874 ----a-w C:\Registro do Nero Ultra Edition 8-3-2-1 PT-BR.zip

2008-06-27 20:16 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-06-27 19:29 --------- d-----w C:\Arquivos de programas\Serif

2008-06-26 21:41 --------- d-----w C:\Arquivos de programas\Nero

2008-06-23 22:43 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\HP

2008-06-23 22:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-06-23 22:33 --------- d-----w C:\Arquivos de programas\HP

2008-06-23 22:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-06-23 22:30 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-06-23 22:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-06-23 17:46 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\AdobeUM

2008-06-21 15:35 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-06-21 13:13 --------- d-----w C:\Arquivos de programas\Windows Live

2008-06-21 13:12 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-06-21 13:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-20 18:47 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Search Settings

2008-06-20 18:46 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio

2008-06-20 18:46 --------- d-----w C:\Arquivos de programas\Search Settings

2008-06-20 18:46 --------- d-----w C:\Arquivos de programas\Dealio

2008-06-20 18:33 --------- d-----w C:\Arquivos de programas\Free Audio Pack

2008-06-20 18:17 6,361,100 ----a-w C:\Setup_FreeConverter.exe

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-06-20 17:24 --------- d-----w C:\Arquivos de programas\mobile PhoneTools

2008-06-20 17:24 --------- d-----w C:\Arquivos de programas\LiveUpdate

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 22:40 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Simple Star

2008-06-19 20:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Simple Star Shared

2008-06-19 20:56 4,450,382 ----a-w C:\Arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:43 --------- d-----w C:\Arquivos de programas\Picasa2

2008-06-19 20:42 6,104,632 ----a-w C:\Arquivos de programas\picasaweb-current-setup.exe

2008-06-19 20:33 805,376 ----a-w C:\WINDOWS\Nero Burning Rom Screensaver.scr

2008-06-19 17:38 --------- d-----w C:\Arquivos de programas\Motorola

2008-06-19 17:16 --------- d-----w C:\Arquivos de programas\Google

2008-06-19 17:11 --------- d--h--w C:\Arquivos de programas\Realtek

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 18:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2008-06-08 18:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia Shared

2008-06-08 18:03 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-06 14:40 --------- d-----w C:\Arquivos de programas\Realtek Sound Manager

2008-06-06 14:22 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-06-06 13:56 --------- d-----w C:\Arquivos de programas\Faronics

2008-06-06 13:04 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-06-06 12:59 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-06 12:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-07 05:15 1,536,512 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

------- Sigcheck -------

 

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 00:40 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2qfe\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 00:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2qfe\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

 

2007-06-13 10:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

2007-06-13 10:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\VistaMizer\old\explorer.exe

 

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 25088]

"Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 16:52 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 11:38 78008]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 10:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 10:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 10:10 94208]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-01 17:33 7110656]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-01 17:33 86016]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26 729088]

"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-12-15 14:04 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

"C-Media Mixer"="Mixer.exe" [2006-04-01 17:32 1581056 C:\WINDOWS\mixer.exe]

"nwiz"="nwiz.exe" [2006-04-01 17:33 1495040 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-27 10:19:41 1674440]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]

--a------ 2008-05-26 19:50 595296 C:\Arquivos de programas\Dealio\DealioAU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-09-20 15:35 202024 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

--a------ 2008-07-21 19:31 1888 C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-12-15 11:18 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 13:24 1825792 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 09:51 1836328 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-05-10 16:52 249856 C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

--a------ 2008-06-12 16:57 991584 C:\Arquivos de programas\Search Settings\SearchSettings.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-10-09 21:43 729088 C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Counter-Strike 1.6\\hl.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a40c8be-3e60-11dd-a482-000000000010}]

\Shell\AutoRun\command - 1rfw8hjr.com

\Shell\explore\Command - 1rfw8hjr.com

\Shell\open\Command - 1rfw8hjr.com

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

MSConfigStartUp-AdVantage - C:\Arquivos de programas\AdVantage\AdVantage.exe

 

 

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 -: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 200.223.0.84 200.223.0.83

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-29 19:51:43

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-29 19:54:25

ComboFix-quarantined-files.txt 2008-07-29 22:54:10

 

Pre-Run: 17 pasta(s) 33,361,424,384 bytes disponíveis

Post-Run: 21 pasta(s) 34,188,152,832 bytes disponíveis

 

359 --- E O F --- 2008-07-18 15:19:38

[esdrasyave 0]

Abaixo se segue o Log do HjackThis

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:01:54, on 29/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Rar$EX00.891\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=073108 serial=dr12wex-1504397-kty lang=BP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 200.223.0.84 200.223.0.83

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[PedroN 1]

Opa esdrasyave,

 

<!> Antes de qualquer medida, faça a instalação do RC!

---------------------------------------

• Vá ao site da Microsoft: < Link >

 

• Selecione o download, que seja adequado, ao seu Sistema Operacional!

 

 

• Faça o download, do arquivo, e salve-o no seu desktop.

• Feche todos os programas, que estejam abertos!

• Feche, também, seus programas de proteção! ( Antivírus,Antispywares e Firewall )

• Arraste o setup, baixado do site da Microsoft, para o interior do ComboFix.exe

• Veja, abaixo, a demonstração!

 

 

• Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

• Aceite o contrato da Microsoft, para instalar o "Console de Recuperação da Microsoft".

• Na próxima mensagem, clique em "Yes", para realizar um scan com o ComboFix.

 

 

• Terminando, poste os relatórios:

 

• C:\ComboFix.txt mais o log do HijackThis, atualizado.

 

Abraços

[esdrasyave 0]

O q é RC ???

[PedroN 1]

O q é RC ???

 

Console de recuperação

[esdrasyave 0]

Cm faço pra instalá-lo? Seria isso criar um Ponto de Restauração do Sistema?

[PedroN 1]

Cm faço pra instalá-lo? Seria isso criar um Ponto de Restauração do Sistema?

 

Vamos dizer que sim, para instalar siga todos os procedimentos do Post #6

 

:)

[esdrasyave 0]

PRONTO fiz td isso..Ai segue-se o Log do ComboFix..

 

 

ComboFix 08-07-28.6 - lan-04 2008-07-31 13:50:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.249 [GMT -3:00]

Executando de: C:\Documents and Settings\lan-04\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\lan-04\Desktop\WinXP_BR_PRO_BF.EXE

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

D:\Autorun.inf

F:\Autorun.inf

 

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 19:07 . 2008-07-18 11:20 341,753,856 --a------ C:\Aerosmith - Hole In My Soul.mpg

2008-07-29 18:54 . 2008-06-29 13:21 161,329,152 --a------ C:\Twisted Sister - You Can't Stop Rock'N'Roll.VOB

2008-07-29 18:52 . 2008-06-29 13:22 225,863,680 --a------ C:\Twisted Sister - We're Not Gonna Take It.VOB

2008-07-29 18:52 . 2008-06-29 13:24 129,101,824 --a------ C:\Twisted Sister - The Prince.VOB

2008-07-29 18:50 . 2008-06-29 13:39 260,853,760 --a------ C:\Twisted Sister - Oh Come All Ye Faithful.VOB

2008-07-29 18:49 . 2008-06-29 13:24 127,014,912 --a------ C:\Twisted Sister - Leader Of The Pack.VOB

2008-07-29 18:48 . 2008-06-29 13:23 153,878,528 --a------ C:\Twisted Sister - I Wanna Rock.VOB

2008-07-29 18:47 . 2008-06-29 13:25 142,538,752 --a------ C:\Twisted Sister - Hot Love.VOB

2008-07-29 18:46 . 2008-06-29 13:25 202,205,184 --a------ C:\Twisted Sister - Be Chrool To Your Scuel.VOB

2008-07-29 18:44 . 2008-07-08 20:44 176,750,592 --a------ C:\Avril Lavigne - Knocking On Heaven's Door.mpg

2008-07-29 18:42 . 2008-07-08 11:08 254,623,744 --a------ C:\The Pussycat Dolls - When I Grow Up.mpg

2008-07-29 18:13 . 2008-07-06 12:56 349,646,848 --a------ C:\Deep Purple - Highway Star.mpg

2008-07-29 18:11 . 2008-07-06 12:41 317,800,448 --a------ C:\Backstreet Boys - Everybody.mpg

2008-07-29 18:09 . 2008-07-04 22:54 203,505,664 --a------ C:\Aerosmith - Fly Away From Here.mpg

2008-07-29 18:02 . 2008-07-06 11:06 249,077,760 --a------ C:\n' sync - bye, bye, bye.mpg

2008-07-29 15:00 . 2008-07-29 15:00 14,268,103 --a------ C:\Upload_Me.zip

2008-07-29 14:47 . 2008-07-29 15:00 <DIR> d-------- C:\MSNFix

2008-07-29 14:37 . 2008-07-29 14:39 447,421 --a------ C:\MSNFix.zip

2008-07-29 13:54 . 2008-07-29 13:56 212,849 --a------ C:\hijackthis.zip

2008-07-29 13:50 . 2008-07-29 14:01 2,665,962 --a------ C:\ComboFix.exe

2008-07-29 13:23 . 2008-07-06 11:47 322,062,336 --a------ C:\Twisted Sister - Heavy Metal Christmas.mpg

2008-07-29 13:04 . 2008-07-09 10:44 248,223,744 --a------ C:\Van Halen - Jump.mpg

2008-07-28 20:16 . 2008-07-28 20:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-28 20:16 . 2008-07-28 20:16 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-28 19:29 . 2008-07-28 19:29 1,409 --a------ C:\WINDOWS\system32\tmp75034.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmpECDA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmpC8BA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmp8CEA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmp4FCA2.FOT

2008-07-27 20:58 . 2008-07-22 02:22 <DIR> d-------- C:\Adilson.Silva.-.2008.-.Deus.Soberano

2008-07-27 17:47 . 2008-01-03 15:37 <DIR> d-------- C:\Tarja Turunen - My Winter Storm (2007)

2008-07-27 10:19 . 2008-07-29 13:42 <DIR> d-------- C:\Downloads

2008-07-27 10:19 . 2008-07-31 13:47 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Orbit

2008-07-27 10:19 . 2008-07-29 13:42 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-26 23:59 . 2008-07-29 13:42 <DIR> d-------- C:\Nightwish-Dark_Passion_Play-2CD-Retail-2007-COS

2008-07-26 23:58 . 2008-07-29 13:42 <DIR> d-------- C:\Nightwish-Amaranth-2CD-CDS-2007-MAN

2008-07-26 23:57 . 2008-07-26 23:57 <DIR> d-------- C:\Tarja Turunen

2008-07-26 23:57 . 2008-07-27 00:03 <DIR> d-------- C:\Celta

2008-07-24 16:23 . 2008-07-24 16:23 13,824 --ahs---- C:\Thumbs.db

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpFCAD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpE0BD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpA9BD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpA19D0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmp8EBD0.FOT

2008-07-21 19:31 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\eMule Acceleration Patch

2008-07-21 19:30 . 2008-07-21 19:30 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Any Video Converter

2008-07-21 19:30 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\Any Video Converter

2008-07-19 13:31 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\AdVantage

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\BSplayer Pro

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\BSplayer

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-07-19 09:39 . 2008-07-19 09:50 2,759,868 --a------ C:\IJF - ENTREVISTA DEDÉ.WMV

2008-07-18 18:25 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\AVIConverter

2008-07-17 14:20 . 2008-07-17 14:20 24,576 --a------ C:\HORARIO.doc

2008-07-16 15:41 . 2008-07-16 15:41 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Corel

2008-07-16 15:11 . 2008-07-16 15:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-16 15:10 . 2008-07-16 15:10 <DIR> d-------- C:\Arquivos de programas\Corel

2008-07-15 18:10 . 2008-07-15 18:10 <DIR> d-------- C:\Arquivos de programas\Runtime Software

2008-07-15 17:59 . 2008-07-15 18:10 <DIR> d-------- C:\Programas

2008-07-15 17:09 . 2008-07-15 18:05 5,218,995 --a------ C:\Getdataback.For.Fat.And.Ntfs.3.03.by.Leo_Neiva.rar

2008-07-15 11:40 . 2008-07-15 11:40 <DIR> d-------- C:\Documents and Settings\lan-04\AdRotator

2008-07-14 22:56 . 2008-07-14 22:56 <DIR> d-------- C:\Arquivos de programas\TouchStoneSoftware

2008-07-10 20:40 . 2008-07-29 20:10 <DIR> d--h----- C:\WINDOWS\zzz

2008-07-10 17:54 . 2008-07-23 14:02 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Image Zone Express

2008-07-09 18:48 . 2008-07-26 13:47 <DIR> d-------- C:\FOTOS CASA ZACA

2008-07-07 19:26 . 2008-07-07 19:26 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2008-07-05 22:35 . 2008-07-20 14:33 34 --a------ C:\WINDOWS\cdplayer.ini

2008-07-03 01:16 . 2008-07-03 01:16 <DIR> d-------- C:\Arquivos de programas\BestPractice

2008-06-30 09:16 . 2008-04-24 10:28 1,495,112 --a------ C:\install_flash_player.exe

2008-06-30 00:49 . 2008-04-23 04:14 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-30 00:49 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-30 00:49 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-30 00:49 . 2008-04-23 04:14 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-30 00:49 . 2008-04-23 04:14 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-30 00:49 . 2008-04-23 04:14 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-30 00:49 . 2008-04-23 04:14 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-30 00:49 . 2008-04-23 04:14 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-30 00:49 . 2008-04-22 04:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-29 22:40 . 2008-06-29 22:41 25,600 --a------ C:\Especies Heliconia CE.doc

2008-06-29 22:28 . 2008-06-29 22:28 31,190 --a------ C:\Heliconia psittacorum CE.pdf

2008-06-29 21:44 . 2008-07-29 19:57 6,144 --ahs---- C:\WINDOWS\Thumbs.db

2008-06-29 10:29 . 2004-08-04 00:45 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-06-29 10:24 . 2008-06-29 10:29 <DIR> d-------- C:\WINDOWS\VistaMizer

2008-06-29 10:23 . 2008-06-29 10:23 <DIR> d-------- C:\Arquivos de programas\Softland

2008-06-29 10:23 . 2007-08-10 13:14 21,656 --a------ C:\WINDOWS\system32\dopdfmn5.dll

2008-06-29 10:23 . 2007-08-10 13:14 17,048 --a------ C:\WINDOWS\system32\dopdfmi5.dll

2008-06-29 10:23 . 2007-07-20 17:22 5,269 --a------ C:\WINDOWS\system32\dopdf5.ctm

2008-06-29 10:22 . 2008-06-29 10:22 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Media Player Classic

2008-06-29 10:22 . 2008-06-29 10:22 <DIR> d-------- C:\Arquivos de programas\LimeWire

2008-06-29 02:09 . 2008-06-30 17:31 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-06-28 13:39 . 2008-06-28 13:39 <DIR> d-------- C:\Arquivos de programas\AskTBar

2008-06-28 13:01 . 2008-06-28 13:01 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2008-06-28 12:58 . 2008-06-28 12:58 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-06-28 12:58 . 2008-06-28 12:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-06-28 12:47 . 2008-07-29 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-06-28 12:46 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-06-27 20:42 . 2008-06-27 20:42 <DIR> dr-h----- C:\MSOCache

2008-06-27 19:19 . 2008-06-27 19:19 874 --a------ C:\Registro do Nero Ultra Edition 8-3-2-1 PT-BR.zip

2008-06-27 19:12 . 2008-06-27 19:16 1,042,953 --a------ C:\Registro_xp.rar

2008-06-27 18:41 . 2008-06-27 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-27 17:16 . 2008-06-27 17:16 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-06-27 16:26 . 2008-06-27 16:29 <DIR> d-------- C:\Arquivos de programas\Serif

2008-06-27 16:26 . 1998-12-08 19:53 212,480 --a------ C:\WINDOWS\pcdlib32.dll

2008-06-27 15:24 . 2008-06-27 15:24 16,384 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-06-27 00:15 . 2008-06-27 00:15 1,192 --a------ C:\WINDOWS\mozver.dat

2008-06-26 23:23 . 2008-06-26 23:23 1,115,543 --a------ C:\Manual_do_Nero_Burning_Rom_8_Ptb.PDF

2008-06-26 22:16 . 2008-06-26 22:16 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-26 18:41 . 2008-06-29 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-06-26 18:41 . 2008-06-29 01:14 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Nero

2008-06-23 19:43 . 2008-06-23 19:43 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\HP

2008-06-23 19:33 . 2008-06-23 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-06-23 19:33 . 2008-06-23 19:33 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\HP

2008-06-23 19:30 . 2008-06-23 19:30 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard

2008-06-23 19:29 . 2008-06-23 19:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-06-23 19:29 . 2005-10-27 21:24 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-06-23 19:29 . 2005-10-27 21:24 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-06-23 19:28 . 2008-06-23 19:28 <DIR> d-------- C:\Program Files

2008-06-23 19:28 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-06-23 19:28 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-06-23 19:28 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-06-23 19:28 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-06-23 19:28 . 2005-03-14 12:05 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-06-23 19:28 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-06-23 19:28 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-06-23 19:28 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-29 13:29 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 17:16 --------- d-----w C:\Arquivos de programas\Google

2008-06-08 18:03 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-06 12:59 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-06 12:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-07 05:15 1,536,512 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

------- Sigcheck -------

 

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 00:40 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2qfe\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 00:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2qfe\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

 

2007-06-13 10:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

2007-06-13 10:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\VistaMizer\old\explorer.exe

 

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-29_19.53.56.82 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-31 15:25:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 25088]

"Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 16:52 249856]

"kamsoft"="C:\WINDOWS\system32\ckvo.exe" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 11:38 78008]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 10:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 10:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 10:10 94208]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-01 17:33 7110656]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-01 17:33 86016]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26 729088]

"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-12-15 14:04 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

"C-Media Mixer"="Mixer.exe" [2006-04-01 17:32 1581056 C:\WINDOWS\mixer.exe]

"nwiz"="nwiz.exe" [2006-04-01 17:33 1495040 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-27 10:19:41 1674440]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]

--a------ 2008-05-26 19:50 595296 C:\Arquivos de programas\Dealio\DealioAU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-09-20 15:35 202024 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

--a------ 2008-07-21 19:31 1888 C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-12-15 11:18 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 13:24 1825792 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 09:51 1836328 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-05-10 16:52 249856 C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

--a------ 2008-06-12 16:57 991584 C:\Arquivos de programas\Search Settings\SearchSettings.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-10-09 21:43 729088 C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Counter-Strike 1.6\\hl.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d59f048-5510-11dd-a4f2-000000000010}]

\Shell\AutoRun\command - G:\1rfw8hjr.com

\Shell\explore\Command - G:\1rfw8hjr.com

\Shell\open\Command - G:\1rfw8hjr.com

.

.

------- Ccan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.com.br/

R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 -: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 -: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 -: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 -: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 200.223.0.84 200.223.0.83

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 13:51:18

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-31 13:54:04

ComboFix-quarantined-files.txt 2008-07-31 16:53:47

ComboFix2.txt 2008-07-29 22:54:26

 

Pre-Run: 18 pasta(s) 42,833,780,736 bytes disponíveis

Post-Run: 23 pasta(s) 42,806,980,608 bytes disponíveis

 

WinXP_BR_PRO_BF.EXE

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

330 --- E O F --- 2008-07-18 15:19:38

[esdrasyave 0]

E agora o do HjackThis..

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:54:34, on 31/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Rar$EX00.141\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081508 serial=dr12wex-1504397-kty lang=BP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 200.223.0.84 200.223.0.83

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[PedroN 1]

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

 

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\Arquivos de programas\AdVantage

G:\1rfw8hjr.com

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"kamsoft"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d59f048-5510-11dd-a4f2-000000000010}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[esdrasyave 0]

PRONTO..tai o Log do ComboFix

 

 

ComboFix 08-07-28.6 - lan-04 2008-07-31 22:26:44.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.130 [GMT -3:00]

Executando de: C:\Documents and Settings\lan-04\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\lan-04\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

FILE ::

C:\Arquivos de programas\AdVantage

G:\1rfw8hjr.com

.

 

((((((((((((((((((((((( Ficheiros criados de 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))))

.

 

2008-07-29 19:07 . 2008-07-18 11:20 341,753,856 --a------ C:\Aerosmith - Hole In My Soul.mpg

2008-07-29 18:54 . 2008-06-29 13:21 161,329,152 --a------ C:\Twisted Sister - You Can't Stop Rock'N'Roll.VOB

2008-07-29 18:52 . 2008-06-29 13:22 225,863,680 --a------ C:\Twisted Sister - We're Not Gonna Take It.VOB

2008-07-29 18:52 . 2008-06-29 13:24 129,101,824 --a------ C:\Twisted Sister - The Prince.VOB

2008-07-29 18:50 . 2008-06-29 13:39 260,853,760 --a------ C:\Twisted Sister - Oh Come All Ye Faithful.VOB

2008-07-29 18:49 . 2008-06-29 13:24 127,014,912 --a------ C:\Twisted Sister - Leader Of The Pack.VOB

2008-07-29 18:48 . 2008-06-29 13:23 153,878,528 --a------ C:\Twisted Sister - I Wanna Rock.VOB

2008-07-29 18:47 . 2008-06-29 13:25 142,538,752 --a------ C:\Twisted Sister - Hot Love.VOB

2008-07-29 18:46 . 2008-06-29 13:25 202,205,184 --a------ C:\Twisted Sister - Be Chrool To Your Scuel.VOB

2008-07-29 18:44 . 2008-07-08 20:44 176,750,592 --a------ C:\Avril Lavigne - Knocking On Heaven's Door.mpg

2008-07-29 18:42 . 2008-07-08 11:08 254,623,744 --a------ C:\The Pussycat Dolls - When I Grow Up.mpg

2008-07-29 18:13 . 2008-07-06 12:56 349,646,848 --a------ C:\Deep Purple - Highway Star.mpg

2008-07-29 18:11 . 2008-07-06 12:41 317,800,448 --a------ C:\Backstreet Boys - Everybody.mpg

2008-07-29 18:09 . 2008-07-04 22:54 203,505,664 --a------ C:\Aerosmith - Fly Away From Here.mpg

2008-07-29 18:02 . 2008-07-06 11:06 249,077,760 --a------ C:\n' sync - bye, bye, bye.mpg

2008-07-29 15:00 . 2008-07-29 15:00 14,268,103 --a------ C:\Upload_Me.zip

2008-07-29 14:47 . 2008-07-29 15:00 <DIR> d-------- C:\MSNFix

2008-07-29 14:37 . 2008-07-29 14:39 447,421 --a------ C:\MSNFix.zip

2008-07-29 13:54 . 2008-07-29 13:56 212,849 --a------ C:\hijackthis.zip

2008-07-29 13:50 . 2008-07-29 14:01 2,665,962 --a------ C:\ComboFix.exe

2008-07-29 13:23 . 2008-07-06 11:47 322,062,336 --a------ C:\Twisted Sister - Heavy Metal Christmas.mpg

2008-07-29 13:04 . 2008-07-09 10:44 248,223,744 --a------ C:\Van Halen - Jump.mpg

2008-07-28 20:16 . 2008-07-28 20:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-28 20:16 . 2008-07-28 20:16 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-28 19:29 . 2008-07-28 19:29 1,409 --a------ C:\WINDOWS\system32\tmp75034.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmpECDA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmpC8BA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmp8CEA2.FOT

2008-07-28 19:28 . 2008-07-28 19:28 1,409 --a------ C:\WINDOWS\system32\tmp4FCA2.FOT

2008-07-27 20:58 . 2008-07-22 02:22 <DIR> d-------- C:\Adilson.Silva.-.2008.-.Deus.Soberano

2008-07-27 17:47 . 2008-01-03 15:37 <DIR> d-------- C:\Tarja Turunen - My Winter Storm (2007)

2008-07-27 10:19 . 2008-07-29 13:42 <DIR> d-------- C:\Downloads

2008-07-27 10:19 . 2008-07-31 22:16 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Orbit

2008-07-27 10:19 . 2008-07-29 13:42 <DIR> d-------- C:\Arquivos de programas\Orbitdownloader

2008-07-26 23:59 . 2008-07-29 13:42 <DIR> d-------- C:\Nightwish-Dark_Passion_Play-2CD-Retail-2007-COS

2008-07-26 23:58 . 2008-07-29 13:42 <DIR> d-------- C:\Nightwish-Amaranth-2CD-CDS-2007-MAN

2008-07-26 23:57 . 2008-07-26 23:57 <DIR> d-------- C:\Tarja Turunen

2008-07-26 23:57 . 2008-07-27 00:03 <DIR> d-------- C:\Celta

2008-07-24 16:23 . 2008-07-24 16:23 13,824 --ahs---- C:\Thumbs.db

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpFCAD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpE0BD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpA9BD0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmpA19D0.FOT

2008-07-23 18:03 . 2008-07-23 18:03 1,409 --a------ C:\WINDOWS\system32\tmp8EBD0.FOT

2008-07-21 19:31 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\eMule Acceleration Patch

2008-07-21 19:30 . 2008-07-31 15:13 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Any Video Converter

2008-07-21 19:30 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\Any Video Converter

2008-07-19 13:31 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\AdVantage

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\BSplayer Pro

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\BSplayer

2008-07-19 09:51 . 2008-07-19 09:51 <DIR> d-------- C:\Arquivos de programas\Webteh

2008-07-19 09:39 . 2008-07-19 09:50 2,759,868 --a------ C:\IJF - ENTREVISTA DEDÉ.WMV

2008-07-18 18:25 . 2008-07-29 13:43 <DIR> d-------- C:\Arquivos de programas\AVIConverter

2008-07-17 14:20 . 2008-07-17 14:20 24,576 --a------ C:\HORARIO.doc

2008-07-16 15:41 . 2008-07-16 15:41 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Corel

2008-07-16 15:11 . 2008-07-16 15:11 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Corel

2008-07-16 15:10 . 2008-07-16 15:10 <DIR> d-------- C:\Arquivos de programas\Corel

2008-07-15 18:10 . 2008-07-15 18:10 <DIR> d-------- C:\Arquivos de programas\Runtime Software

2008-07-15 17:59 . 2008-07-15 18:10 <DIR> d-------- C:\Programas

2008-07-15 17:09 . 2008-07-15 18:05 5,218,995 --a------ C:\Getdataback.For.Fat.And.Ntfs.3.03.by.Leo_Neiva.rar

2008-07-15 11:40 . 2008-07-15 11:40 <DIR> d-------- C:\Documents and Settings\lan-04\AdRotator

2008-07-14 22:56 . 2008-07-14 22:56 <DIR> d-------- C:\Arquivos de programas\TouchStoneSoftware

2008-07-10 20:40 . 2008-07-31 14:50 <DIR> d--h----- C:\WINDOWS\zzz

2008-07-10 17:54 . 2008-07-31 22:16 <DIR> d-------- C:\Documents and Settings\lan-04\Dados de aplicativos\Image Zone Express

2008-07-09 18:48 . 2008-07-26 13:47 <DIR> d-------- C:\FOTOS CASA ZACA

2008-07-07 19:26 . 2008-07-07 19:26 <DIR> d-------- C:\Arquivos de programas\Guitar Pro 5

2008-07-05 22:35 . 2008-07-20 14:33 34 --a------ C:\WINDOWS\cdplayer.ini

2008-07-03 01:16 . 2008-07-03 01:16 <DIR> d-------- C:\Arquivos de programas\BestPractice

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-29 16:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-07-29 16:43 --------- d-----w C:\Arquivos de programas\K-Lite Codec Pack

2008-07-26 17:14 --------- d-----w C:\Arquivos de programas\eMule

2008-07-23 12:25 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Nero

2008-07-16 18:13 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-16 18:11 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-07-02 17:27 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-06-29 13:29 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-06-29 13:23 --------- d-----w C:\Arquivos de programas\Softland

2008-06-29 13:22 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Media Player Classic

2008-06-29 13:22 --------- d-----w C:\Arquivos de programas\LimeWire

2008-06-29 04:14 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-06-29 04:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-06-28 16:39 --------- d-----w C:\Arquivos de programas\AskTBar

2008-06-28 16:01 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-06-28 00:09 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-06-27 22:19 874 ----a-w C:\Registro do Nero Ultra Edition 8-3-2-1 PT-BR.zip

2008-06-27 20:16 --------- d-----w C:\Arquivos de programas\MSXML 4.0

2008-06-27 19:29 --------- d-----w C:\Arquivos de programas\Serif

2008-06-26 21:41 --------- d-----w C:\Arquivos de programas\Nero

2008-06-23 22:43 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\HP

2008-06-23 22:33 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\HP

2008-06-23 22:33 --------- d-----w C:\Arquivos de programas\HP

2008-06-23 22:33 --------- d-----w C:\Arquivos de programas\Arquivos comuns\HP

2008-06-23 22:30 --------- d-----w C:\Arquivos de programas\Hewlett-Packard

2008-06-23 22:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

2008-06-23 17:46 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\AdobeUM

2008-06-21 15:35 --------- d-----w C:\Arquivos de programas\Oi Internet

2008-06-21 13:13 --------- d-----w C:\Arquivos de programas\Windows Live

2008-06-21 13:12 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-06-21 13:12 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-06-20 18:47 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Search Settings

2008-06-20 18:46 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio

2008-06-20 18:46 --------- d-----w C:\Arquivos de programas\Search Settings

2008-06-20 18:46 --------- d-----w C:\Arquivos de programas\Dealio

2008-06-20 18:33 --------- d-----w C:\Arquivos de programas\Free Audio Pack

2008-06-20 18:17 6,361,100 ----a-w C:\Setup_FreeConverter.exe

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

2008-06-20 17:24 --------- d-----w C:\Arquivos de programas\mobile PhoneTools

2008-06-20 17:24 --------- d-----w C:\Arquivos de programas\LiveUpdate

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 22:40 --------- d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Simple Star

2008-06-19 20:57 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Simple Star Shared

2008-06-19 20:56 4,450,382 ----a-w C:\Arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:43 --------- d-----w C:\Arquivos de programas\Picasa2

2008-06-19 20:42 6,104,632 ----a-w C:\Arquivos de programas\picasaweb-current-setup.exe

2008-06-19 20:33 805,376 ----a-w C:\WINDOWS\Nero Burning Rom Screensaver.scr

2008-06-19 17:38 --------- d-----w C:\Arquivos de programas\Motorola

2008-06-19 17:16 --------- d-----w C:\Arquivos de programas\Google

2008-06-19 17:11 --------- d--h--w C:\Arquivos de programas\Realtek

2008-06-14 17:59 272,384 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 18:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Macrovision

2008-06-08 18:17 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Macromedia Shared

2008-06-08 18:03 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-06-06 14:40 --------- d-----w C:\Arquivos de programas\Realtek Sound Manager

2008-06-06 14:22 --------- d-----w C:\Arquivos de programas\Alwil Software

2008-06-06 13:56 --------- d-----w C:\Arquivos de programas\Faronics

2008-06-06 13:04 --------- d-----w C:\Arquivos de programas\microsoft frontpage

2008-06-06 12:59 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-06-06 12:58 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-05-07 05:15 1,536,512 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

------- Sigcheck -------

 

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\winlogon.exe

2004-08-04 00:45 543744 3550bfe59972a67ac2f7781041d28ea7 C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 00:45 504320 6f7bde7a1126debf0cc359a54953efc1 C:\WINDOWS\VistaMizer\old\winlogon.exe

 

2005-03-02 15:13 2061184 aed7b3aa86ad031cf39c6e4bba37e818 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

2007-02-28 13:08 2063616 d027f0097b8f099c09369b8cc97d7c32 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

2004-08-04 00:40 2019328 31dfe96b6b6fa4c9ca098ceaf21b29a5 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe

2005-03-02 15:08 2019328 98c8c29bb2bd2427819674062604668c C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe

2007-02-28 13:02 2061824 1683af18422f7de34575ee95be882ad1 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2qfe\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntkrnlpa.exe

2004-08-04 00:40 2061056 c9bae5544b8aa39454c50d8ff83ae5a8 C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 13:02 2276864 7872ca54be9c292bb5c90acd31c6e389 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 13:02 2019840 1f433c0f544a74459f035b71121a4569 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

 

2005-03-02 15:13 2183808 6e3ab4241e058b248cb7cdc5157449c3 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

2007-02-28 13:08 2186368 bfb4c8761976cce0b544d557b4c70825 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

2004-08-04 00:40 2152448 91448d27f6dfaf50dd1d5fd3d8c1f3bd C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe

2005-03-02 15:08 2139648 7c9e84463bf6228660898395851464e0 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe

2007-02-28 13:02 2184576 986c40660057a2bac752ed4f97cf4a10 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\2716e94267154b4722838e28362d23d0\backup\sp2qfe\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2gdr\ntoskrnl.exe

2004-08-04 00:40 2185216 3b72a63f230dfb276fc96a99173a81be C:\WINDOWS\SoftwareDistribution\Download\667c63a16ca897f3f0ce788125fbbf9f\backup\sp2qfe\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\ntoskrnl.exe

2007-02-28 13:02 2397184 0ab1dbe470bc386feee7747be4178091 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-02-28 13:02 2140160 7aacd829f2a9bb4dace70cbfc6046934 C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

 

2007-06-13 10:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 00:45 1034240 fa61a19050ae14bec1a26de82390dd65 C:\WINDOWS\SoftwareDistribution\Download\d094751ab7cc9d40619043e81a5f79c0\backup\sp2gdr\explorer.exe

2007-06-13 10:21 1553920 7062d4a59c277fb6f4447460dbf0ca73 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\VistaMizer\old\explorer.exe

 

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 25088 a3f0971dbba9657034c303b39464ea5b C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\VistaMizer\old\ctfmon.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 25088]

"Nero PhotoShow Media Manager"="C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 16:52 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 11:38 78008]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 10:11 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 10:13 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 10:10 94208]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-01 17:33 7110656]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-01 17:33 86016]

"CorelDRAW Graphics Suite 11b"="C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe" [2003-11-28 01:26 729088]

"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2006-12-15 14:04 176128 C:\WINDOWS\system32\VTTrayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 04:28 16126464 C:\WINDOWS\RTHDCPL.exe]

"C-Media Mixer"="Mixer.exe" [2006-04-01 17:32 1581056 C:\WINDOWS\mixer.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 25088]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-07-27 10:19:41 1674440]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]

--a------ 2008-05-26 19:50 595296 C:\Arquivos de programas\Dealio\DealioAU.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-09-20 15:35 202024 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

--a------ 2008-07-21 19:31 1888 C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-12-15 11:18 49152 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 13:24 1825792 C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 09:51 1836328 C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-05-10 16:52 249856 C:\ARQUIV~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2008-02-25 22:23 443968 C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

--a------ 2008-06-12 16:57 991584 C:\Arquivos de programas\Search Settings\SearchSettings.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2006-10-09 21:43 729088 C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Counter-Strike 1.6\\hl.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"C:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 11:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 11:37]

S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-20 23:44]

.

- - - - ORFAOS REMOVIDOS - - - -

 

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-31 22:28:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

Varredura completada com sucesso

Ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-07-31 22:31:16

ComboFix-quarantined-files.txt 2008-08-01 01:31:00

 

Pre-Run: 19 pasta(s) 42,702,118,912 bytes disponíveis

Post-Run: 22 pasta(s) 42,691,301,376 bytes disponíveis

 

291 --- E O F --- 2008-07-18 15:19:38

[esdrasyave 0]

E agora o do HjackThis..

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:35:36, on 31/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Rar$EX00.188\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081508 serial=dr12wex-1504397-kty lang=BP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[PedroN 1]

- Reinicie o computador em Modo Seguro (fique pressionando a tecla F8, ou F5 em alguns casos, durante a inicialização).

 

Rode o hijackthis.

 

Clique em Do a System Scan Only. Marque a(s) caixinha(s) referente(s) à(s) entrada(s) relacionada(s) abaixo(s) na caixa cinza.

 

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

 

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

 

Ao final da seleção, clique em Fix Checked

 

- Reinicie em modo normal.

 

- Copie o(s) log(s) do Hijack (atualizado) e cole-o(s) na sequência.

[esdrasyave 0]

PRONTO..gerei um novo Log do Hjack..

 

Logfile of HijackThis v1.99.1

Scan saved at 13:29:56, on 1/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\Mixer.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Rar$EX00.750\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Arquivos de programas\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081508 serial=dr12wex-1504397-kty lang=BP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 200.223.0.84 200.223.0.83

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[PedroN 1]

Ok, o log estar limpo :)

 

Para finalizar, Visite o Windows Update e atualize o seu sistema, baixando o Service Pack 3

 

Ou, se preferir, baixe e instale o pacote completo (+- 300 Mb):

http://www.microsoft.com/downloads/details...splayLang=pt-br

 

- Digite no Executar combofix /u e clique em Ok e aguarde a remoção do combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

• Abra o programa e clique em Executar Limpeza;

• Após isto, clique em Registro > Procurar erros > Corrigir Erros

 

- Desative e ative novamente a Restauração do Sistema

 

Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

 

Caso não tenha mais nenhum problema relacionado a malware, volte e responda esse tópico informando.

 

Abraços

 

:)

[esdrasyave 0]

PRONTO..valeu brother sei nem cm agradecer..recentemente perdi tds meu arquivos por causa de um maldito virus..e lá se foi um HD entupido de 80GB de fotos de mts momentos bons, videos e mp3..infelizmente as fotos nunca mais eu vou ter mas é isso ae... e esse ja tava me atormentando agora vlw pela ajuda..

[PedroN 1]

PROBLEMA RESOLVIDO