[Resolvido!] Virus enviado para pen drive e troca de letras na d

[Marcos Vinícius 0]

Boa noite pessoal,

 

Há alguns dias eu copiei uma foto que estava em meu computador para um pen drive e levei na casa de um amigo. Quando ele colocou o pen drive, o anti virus dele acusou um vírus. Eu uso o Avira e passei o anti virus no meu computador e ele não pegou nada. Eu andei lendo algo a respeito de um virus que vai para o pen drive qdo este é usado.

 

Outro problema aconteceu hoje. Eu estava vendo umas planilhas excel que baixeu da net e quando fui salvar uma delas, aconteceu algo estranho. Qdo eu parava o mouse em cima do box pra confirmar o salvamento, a opção começou a se movimentar. Explicando melhor. Eu parei o mouse em cima de "sim" e ele ficou marcado como sempre. Mas essa marca começou a mudar para o "não" e "cancelar", rodando entre eles. Então, tentei acessar o fórum para baixar o hijackthis. Ao tentar digitar o endereço do forum no browser, as letras começaram a trocar de lugar. Assim, qdo eu digitava 'fo' de forum, o endereço mudava para of e a cada letra digitada, o endereço ficava mais embaralhado.

 

Fiz a restauração do sistema e parece que o problema foi resolvido. Mas, achei melhor postar o log aqui pra vcs darem uma olhada, especialmente por conta do problema no pen drive.

 

Agradeço a ajuda dos colegas e aproveito para convidá-los para dar uma passeada na área de fotografia :rolleyes:

 

 

 

Log do HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:51:30, on 06/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.as...;l=pt&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornecido por Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B047B6-E434-47DC-9A5B-15830A3B3112}: NameServer = 192.168.0.1

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9601 bytes

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

[Marcos Vinícius 0]

Executei o Combofix. No entanto, as instruções foram diferentes da que você passou. Abriu uma janela do tipo DOS e não tive opção nenhuma. Ele foi fazendo tudo sozinho. Inclusive reiniciou o computador, abriu o log e fechou sozinho.

 

Só que agora não consigo conectar a net pelo wireless (eu uso notebook). Só conectando cabo.

 

LOG

 

ComboFix 08-10-08.05 - Marcos Vinícius 2008-10-09 13:20:47.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2767 [GMT -3:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Marcos Vinícius\AppData\Roaming\inst.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_GbpSv

 

 

((((((((((((((((((((((( Ficheiros criados de 2008-09-09 to 2008-10-09 ))))))))))))))))))))))))))))))))

.

 

2008-10-06 20:48 . 2008-10-06 20:51 <DIR> d-------- C:\Hijack

2008-10-04 11:42 . 2008-10-04 11:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 20:00 . 2008-10-07 22:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 12:58 . 2008-07-12 08:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 12:57 . 2008-08-17 07:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-23 23:50 . 2008-09-23 23:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-23 23:50 . 2008-09-23 23:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-23 23:50 . 2008-09-23 23:50 <DIR> d-------- C:\Program Files\Common Files\COWON

2008-09-11 13:28 . 2008-09-11 13:30 <DIR> d-------- C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-11 00:23 . 2008-07-30 22:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-11 00:23 . 2008-07-31 00:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-10 21:34 . 2008-09-13 16:30 <DIR> d-------- C:\Program Files\Microsoft Money 2007

2008-09-10 20:30 . 2008-06-26 00:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 20:12 . 2008-08-01 22:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 20:12 . 2008-06-26 00:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 20:12 . 2008-05-08 16:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 20:12 . 2008-05-19 23:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 20:12 . 2008-06-26 00:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 20:12 . 2008-08-02 00:26 36,864 --a------ C:\Windows\System32\cdd.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-09 16:30 3,145,728 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-09 16:30 3,145,728 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-08 21:20 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-06 23:33 --------- d-----w C:\Program Files\GbPlugin

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-21 20:38 --------- d-----w C:\ProgramData\DVD Shrink

2008-09-11 21:07 --------- d-----w C:\ProgramData\GbPlugin

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-28 13:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 21:57 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Publish Providers

2008-08-15 21:57 --------- d-----w C:\Program Files\VSTplugins

2008-08-15 21:56 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Sony

2008-08-15 21:51 --------- d-----w C:\Program Files\Sony

2008-08-15 21:33 --------- d-----w C:\Program Files\Sony Setup

2008-08-15 21:09 --------- d-----w C:\Program Files\WinDentify

2008-08-13 22:21 --------- d-----w C:\Program Files\Windows Mail

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-19 01:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-18 23:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-06-09 00:52 28,095 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-24 21:55 174 --sha-w C:\Program Files\desktop.ini

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Program Files\GbPlugin\gbiehcef.dll" [2008-09-01 374856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

S3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

S3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

\shell\AutoRun\command - n6j6pc0.com

\shell\explore\Command - n6j6pc0.com

\shell\open\Command - n6j6pc0.com

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-08 C:\Windows\Tasks\User_Feed_Synchronization-{33E43AC5-0C46-4B94-B79F-C29C356437C1}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 04:33]

.

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Users\Marcos Vinícius\AppData\Roaming\Mozilla\Firefox\Profiles\0t7zgz86.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uol.com.br

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-09 13:31:33

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros ocultos ...

 

 

C:\Windows\TEMP\TMP00000006440126ED4F3D8F64

 

Varredura completada com sucesso

Ficheiros ocultos: 1

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\wlanext.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Windows\System32\dllhost.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-09 13:36:24 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-10-09 16:35:19

 

Pré-execução: 33.273.946.112 bytes disponíveis

Pós execução: 35,041,705,984 bytes disponíveis

 

207 --- E O F --- 2008-10-04 02:20:13

[Marcos Vinícius 0]

O problema do wireless só consegui resolver restaurando o computador no ponto de restauração criado pelo Combofix!!!

[Mário Monteiro 179]

Este topico pode ser considerado resolvido?

[Marcos Vinícius 0]

Este topico pode ser considerado resolvido?

 

Depois do log do Combofix e do problema da conexão wireless ninguém disse se ele tava limpo ou não. Especialmente porque eu tive que restaurar o computador no ponto que o Combofix criou, pra poder conectar o wireless novamente. Se o Combofix tirou algum vírus (que eu não sei pois não sei ler esse log), com a restauração não deve ter voltado o problema novamente?

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Rootkit::

C:\Windows\TEMP\TMP00000006440126ED4F3D8F64

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[Marcos Vinícius 0]

Sr. Perfect,

 

Isso que você me passou aí não deu certo não. Tentei 2 vezes. Só que depois das 50 etapas, na hora de reiniciar, aparece a tela azul e não consegue mais reiniciar. Depois de um tempo tentando, ele consegue restaurar pra um ponto anterior e reinicia. Aconteceu as duas vezes.

 

Achei estranho o fato dessas linhas se referirem à Microsoft. Tem certeza disso?

[PedroN 1]

Refaça os procedimentos acima, mais dessa vez em modo segurança.

[Marcos Vinícius 0]

Durante a análise do Combofix, por duas vezes ele abriu uma caixa sobre algo a respeito de ser um administrador e parou. Cliquei em OK e ele continuou e foi até o fim.

 

LOG COMBOFIX

 

ComboFix 08-10-14.07 - Marcos Vinícius 2008-10-16 18:49:50.1 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.3395 [GMT -2:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

Comandos utilizados :: C:\Users\Marcos Vinícius\Desktop\CFScript.txt

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Marcos Vinícius\AppData\Roaming\inst.exe

C:\Users\MARCOS~1\AppData\Roaming\inst.exe

.

---- Previous Run -------

.

C:\Users\Marcos Vinícius\AppData\Roaming\inst.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_GbpSv

-------\Service_GbpSv

-------\Service_GbpSv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-16 to 2008-10-16 ))))))))))))))))))))))))))))

.

 

2008-10-15 21:52 . 2008-10-15 23:03 <DIR> d-------- C:\ComboFix1

2008-10-14 23:24 . 2008-10-15 22:03 320,323,197 --a------ C:\Windows\MEMORY.DMP

2008-10-11 19:05 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.003

2008-10-11 19:05 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.002

2008-10-11 19:03 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.001

2008-10-11 19:03 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.000

2008-10-11 18:59 . 1998-04-30 15:56 129,024 --a------ C:\Windows\UNWISE.EXE

2008-10-11 18:59 . 1996-08-12 11:59 24,576 --a------ C:\Windows\System32\Wavlbsys.dll

2008-10-11 18:58 . 1998-05-06 18:44 24,576 --a------ C:\Windows\System32\Hyperman.dll

2008-10-06 21:48 . 2008-10-06 21:51 <DIR> d-------- C:\Hijack

2008-10-04 12:42 . 2008-10-04 12:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 21:00 . 2008-10-07 23:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 13:58 . 2008-07-12 09:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 13:57 . 2008-08-17 08:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\MARCOS~1\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Common Files\COWON

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-16 20:59 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-16 20:59 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-16 01:03 --------- d-----w C:\Program Files\GbPlugin

2008-10-12 13:34 90,313 ----a-w C:\Users\MARCOS~1\AppData\Roaming\nvModes.dat

2008-10-12 13:34 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-11 20:57 --------- d-----w C:\Program Files\Sony

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-21 20:38 --------- d-----w C:\PROGRA~2\DVD Shrink

2008-09-13 19:30 --------- d-----w C:\Program Files\Microsoft Money 2007

2008-09-11 21:07 --------- d-----w C:\PROGRA~2\GbPlugin

2008-09-11 16:30 --------- d-----w C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\MARCOS~1\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-06-25 00:12 47,360 ----a-w C:\Users\MARCOS~1\AppData\Roaming\pcouffin.sys

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-24 21:55 174 --sha-w C:\Program Files\desktop.ini

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Program Files\GbPlugin\gbiehcef.dll" [2008-09-01 374856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-16 18:58:38

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Windows\System32\wlanext.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\stacsv.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\wercon.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\pmxmiced.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-16 19:09:52 - Máquina reiniciou [Marcos Vinícius]

ComboFix-quarantined-files.txt 2008-10-16 21:09:42

ComboFix2.txt 2008-10-09 16:36:25

 

Pré-execução: O sistema não pode encontrar o texto correspondente à mensagem de número 0x2379 no arquivo de mensagens para Application.

Pós execução: 29,445,525,504 bytes disponíveis

 

183 --- E O F --- 2008-10-04 02:20:13

 

 

 

 

LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:19:40, on 16/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\Pmxmiced.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B047B6-E434-47DC-9A5B-15830A3B3112}: NameServer = 192.168.0.1

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9016 bytes

[PedroN 1]

1)

 

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\Program Files\desktop.ini

Folder::

C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 1 (0x0)

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

2)

 

- Faça o download do Malwarebytes Anti-Malware

http://www.besttechie.net/tools/mbam-setup.exe

 

◘ Faça a instalação dando um duplo clique em "mbam-setup.exe";

◘ Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;

◘ Marque "Verificação Rápida" e depois clique em Verificar;

◘ Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

◘ Se algo for detectado, veja se tudo está marcado e clique em "Remover";

◘ O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

◘ Copie e cole o conteúdo desse log na sua próxima resposta.

 

- Na sua proxima resposta, poste o(s) log(s) do(s) programas(s) Hijackthis, Combofix e Malwarebytes Anti-Malware

[Marcos Vinícius 0]

Sr. Perfect, tô impressionado!!! Eu cuido muito e tenho anti-vírus e windows sempre bem atualizado. Tinha 4 vírus. Fora aqueles procedimentos que foram feitos antes. Obrigado pela ajuda. Espero que agora esteja limpo. Seguem os logs.

 

HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:25:23, on 17/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B047B6-E434-47DC-9A5B-15830A3B3112}: NameServer = 192.168.0.1

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8850 bytes

 

 

COMBOFIX

 

ComboFix 08-10-16.08 - Marcos Vinícius 2008-10-17 20:58:26.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2847 [GMT -2:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

Comandos utilizados :: C:\Users\Marcos Vinícius\Desktop\CFScript.txt

 

FILE ::

C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\desktop.ini

C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT\

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-17 to 2008-10-17 ))))))))))))))))))))))))))))

.

 

2008-10-16 22:49 . 2008-10-01 23:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-16 22:49 . 2008-10-02 01:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-16 22:43 . 2008-08-05 07:49 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-10-16 22:43 . 2008-08-05 07:49 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-10-16 22:43 . 2008-08-05 07:48 217,088 --a------ C:\Windows\System32\psisrndr.ax

2008-10-16 22:43 . 2008-08-05 07:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax

2008-10-16 22:43 . 2008-08-05 07:48 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-10-16 20:58 . 2008-10-16 20:58 <DIR> d-------- C:\Program Files\DCETools

2008-10-15 21:52 . 2008-10-15 23:03 <DIR> d-------- C:\ComboFix1

2008-10-15 21:29 . 2008-09-18 00:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-15 21:29 . 2008-08-26 23:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 21:28 . 2008-09-18 03:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 21:28 . 2008-09-18 03:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-14 23:24 . 2008-10-15 22:03 320,323,197 --a------ C:\Windows\MEMORY.DMP

2008-10-11 19:05 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.003

2008-10-11 19:05 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.002

2008-10-11 19:03 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.001

2008-10-11 19:03 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.000

2008-10-11 18:59 . 1998-04-30 15:56 129,024 --a------ C:\Windows\UNWISE.EXE

2008-10-11 18:59 . 1996-08-12 11:59 24,576 --a------ C:\Windows\System32\Wavlbsys.dll

2008-10-11 18:58 . 1998-05-06 18:44 24,576 --a------ C:\Windows\System32\Hyperman.dll

2008-10-06 21:48 . 2008-10-16 19:19 <DIR> d-------- C:\Hijack

2008-10-04 12:42 . 2008-10-04 12:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 21:00 . 2008-10-07 23:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 13:58 . 2008-07-12 09:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 13:57 . 2008-08-17 08:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Common Files\COWON

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-17 23:03 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-17 23:03 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-17 21:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-17 21:47 --------- d-----w C:\Program Files\GbPlugin

2008-10-17 00:50 --------- d-----w C:\Program Files\Windows Mail

2008-10-12 13:34 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-11 20:57 --------- d-----w C:\Program Files\Sony

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-21 20:38 --------- d-----w C:\ProgramData\DVD Shrink

2008-09-13 19:30 --------- d-----w C:\Program Files\Microsoft Money 2007

2008-09-11 16:30 --------- d-----w C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-28 13:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-19 01:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-18 23:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-06-09 00:52 28,095 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

((((((((((((((((((((((((((((( snapshot@2008-10-16_19.08.48.35 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe

+ 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe

- 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll

+ 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\assembly\GAC_MSIL\ehshell\6.0.6000.0__31bf3856ad364e35\ehshell.dll

- 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

+ 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.MediaCenter.UI\6.0.6000.0__31bf3856ad364e35\Microsoft.MediaCenter.UI.dll

- 2008-04-23 04:42:33 373,248 ----a-w C:\Windows\ehome\ehglid.dll

+ 2008-08-05 09:49:54 373,248 ----a-w C:\Windows\ehome\ehglid.dll

- 2008-04-23 04:42:33 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll

+ 2008-08-05 09:49:54 105,472 ----a-w C:\Windows\ehome\ehPresenter.dll

- 2008-04-23 04:42:33 254,464 ----a-w C:\Windows\ehome\ehReplay.dll

+ 2008-08-05 09:49:54 254,464 ----a-w C:\Windows\ehome\ehReplay.dll

- 2008-04-23 04:44:14 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll

+ 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\ehome\ehshell.dll

- 2008-04-23 05:11:36 18,944 ----a-w C:\Windows\ehome\ehtrace.dll

+ 2008-08-06 03:18:12 18,944 ----a-w C:\Windows\ehome\ehtrace.dll

- 2008-04-23 04:42:33 522,240 ----a-w C:\Windows\ehome\ehui.dll

+ 2008-08-05 09:49:54 522,240 ----a-w C:\Windows\ehome\ehui.dll

- 2008-01-19 07:33:22 172,544 ----a-w C:\Windows\ehome\McrMgr.exe

+ 2008-08-05 09:49:28 173,056 ----a-w C:\Windows\ehome\McrMgr.exe

- 2008-04-23 04:44:47 140,288 ----a-w C:\Windows\ehome\mcupdate.exe

+ 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\ehome\mcupdate.exe

- 2008-04-23 04:45:00 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll

+ 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\ehome\Microsoft.MediaCenter.UI.dll

+ 2008-10-17 22:38:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-17 22:38:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-10-16 20:58:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-17 22:40:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-17 22:40:10 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-10-16 20:58:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-17 22:39:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-17 22:39:33 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-10-16 20:58:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-17 22:38:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-16 20:58:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-17 22:38:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-16 20:58:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-10-17 22:38:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-10-16 01:03:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-17 22:57:57 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-09-28 00:16:31 1,720,632 ----a-w C:\Windows\System32\FNTCACHE.DAT

+ 2008-10-17 00:54:24 1,720,632 ----a-w C:\Windows\System32\FNTCACHE.DAT

- 2008-06-27 04:15:23 6,068,736 ----a-w C:\Windows\System32\ieframe.dll

+ 2008-10-02 03:49:14 6,068,736 ----a-w C:\Windows\System32\ieframe.dll

- 2008-01-19 07:34:31 270,336 ----a-w C:\Windows\System32\iertutil.dll

+ 2008-10-02 03:49:14 270,336 ----a-w C:\Windows\System32\iertutil.dll

- 2008-06-27 04:15:24 28,160 ----a-w C:\Windows\System32\jsproxy.dll

+ 2008-10-02 03:49:14 28,160 ----a-w C:\Windows\System32\jsproxy.dll

- 2008-06-27 04:15:28 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll

+ 2008-06-14 06:16:16 64,512 ----a-w C:\Windows\System32\migration\WininetPlugin.dll

- 2008-08-26 20:28:12 16,208,504 ----a-w C:\Windows\System32\mrt.exe

+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\Windows\System32\mrt.exe

- 2008-06-27 04:15:24 3,578,368 ----a-w C:\Windows\System32\mshtml.dll

+ 2008-10-02 03:49:15 3,578,880 ----a-w C:\Windows\System32\mshtml.dll

- 2008-06-27 04:15:25 671,232 ----a-w C:\Windows\System32\mstime.dll

+ 2008-10-02 03:49:16 671,232 ----a-w C:\Windows\System32\mstime.dll

- 2008-10-16 20:54:23 85,368 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-10-17 22:43:16 117,692 ----a-w C:\Windows\System32\perfc009.dat

- 2008-10-16 20:54:23 365,014 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-10-17 22:43:16 398,874 ----a-w C:\Windows\System32\perfh009.dat

- 2008-10-16 20:54:23 121,278 ----a-w C:\Windows\System32\prfc0416.dat

+ 2008-10-17 22:43:16 121,888 ----a-w C:\Windows\System32\prfc0416.dat

- 2008-10-16 20:54:23 633,592 ----a-w C:\Windows\System32\prfh0416.dat

+ 2008-10-17 22:43:16 634,202 ----a-w C:\Windows\System32\prfh0416.dat

- 2008-10-15 01:37:26 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-10-17 01:22:15 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-06-27 04:15:28 1,166,336 ----a-w C:\Windows\System32\urlmon.dll

+ 2008-10-02 03:49:19 1,166,336 ----a-w C:\Windows\System32\urlmon.dll

- 2008-10-16 21:00:08 13,716 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

+ 2008-10-17 21:02:38 13,816 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

- 2008-10-16 21:00:06 65,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-10-17 22:40:36 65,898 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-04 12:18:59 7,896 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat

+ 2008-10-17 00:50:21 6,476 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat

- 2008-10-16 20:59:45 48,380 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-10-17 22:40:34 48,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-10-08 21:26:08 246,212 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-10-17 21:02:21 246,582 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-08-06 03:28:23 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.16724_none_d9ab5d3ed1ce7791\ehepg.dll

+ 2008-08-06 03:22:33 864,256 ----a-w C:\Windows\winsxs\msil_ehepg_31bf3856ad364e35_6.0.6000.20889_none_d9f91bf3eb183db4\ehepg.dll

+ 2008-08-06 03:28:25 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.16724_none_bcf0d9f4c1bddadc\ehexthost.exe

+ 2008-08-06 03:22:34 135,168 ----a-w C:\Windows\winsxs\msil_ehexthost_31bf3856ad364e35_6.0.6000.20889_none_bd3e98a9db07a0ff\ehexthost.exe

+ 2008-08-06 03:28:27 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.16724_none_fbd3e0d909c338d1\ehiExtens.dll

+ 2008-08-06 03:22:36 77,824 ----a-w C:\Windows\winsxs\msil_ehiextens_31bf3856ad364e35_6.0.6000.20889_none_fc219f8e230cfef4\ehiExtens.dll

+ 2008-08-06 03:28:32 4,374,528 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.16724_none_899e787f448205e3\ehshell.dll

+ 2008-08-06 03:22:41 4,382,720 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6000.20889_none_89ec37345dcbcc06\ehshell.dll

+ 2008-08-05 09:51:30 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.18115_none_8b90875b419f943a\ehshell.dll

+ 2008-08-06 04:03:14 4,046,848 ----a-w C:\Windows\winsxs\msil_ehshell_31bf3856ad364e35_6.0.6001.22237_none_8c0684e25acb9e94\ehshell.dll

+ 2008-08-06 03:28:49 1,196,032 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.16724_none_4e9c1

c3698c67c79\Microsoft.MediaCenter.Shell.dll

+ 2008-08-06 03:22:59 1,269,760 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.shell_31bf3856ad364e35_6.0.6000.20889_none_4ee9d

aebb210429c\Microsoft.MediaCenter.Shell.dll

+ 2008-08-06 03:28:50 2,342,912 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.16724_none_312a6ae6

5a1a7993\Microsoft.MediaCenter.UI.dll

+ 2008-08-06 03:23:00 2,351,104 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6000.20889_none_3178299b

73643fb6\Microsoft.MediaCenter.UI.dll

+ 2008-08-05 09:51:56 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.18115_none_331c79c2

573807ea\Microsoft.MediaCenter.UI.dll

+ 2008-08-06 04:03:38 1,957,888 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter.ui_31bf3856ad364e35_6.0.6001.22237_none_33927749

70641244\Microsoft.MediaCenter.UI.dll

+ 2008-08-06 03:28:48 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.16724_none_2385c3d9cf3

2e5a9\Microsoft.MediaCenter.dll

+ 2008-08-06 03:22:59 217,088 ----a-w C:\Windows\winsxs\msil_microsoft.mediacenter_31bf3856ad364e35_6.0.6000.20889_none_23d3828ee87

cabcc\Microsoft.MediaCenter.dll

+ 2008-08-06 03:28:43 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe

+ 2008-08-06 03:22:54 136,704 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe

+ 2008-08-05 09:51:47 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe

+ 2008-08-06 04:03:31 140,288 ----a-w C:\Windows\winsxs\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe

+ 2008-10-02 03:49:01 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16757_none_a9b61b23f5cc373c\advpack.dll

+ 2008-10-02 03:25:49 124,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20927_none_aa6029990ed1805a\advpack.dll

+ 2008-08-06 03:27:39 252,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.16724_none_12bf9ca3a298d741\ehReplay.dll

+ 2008-08-06 03:18:00 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6000.20889_none_130d5b58bbe29d64\ehReplay.dll

+ 2008-08-05 09:49:54 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.18115_none_14b1ab7f9fb66598\ehReplay.dll

+ 2008-08-06 03:56:06 254,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-ehreplay_31bf3856ad364e35_6.0.6001.22237_none_1527a906b8e26ff2\ehReplay.dll

+ 2008-08-06 03:27:40 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.dll

+ 2008-08-06 03:27:11 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.16724_none_32320cf9dce03b9f\McrMgr.exe

+ 2008-08-06 03:19:18 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.dll

+ 2008-08-06 02:50:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6000.20889_none_327fcbaef62a01c2\McrMgr.exe

+ 2008-01-19 07:34:44 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.dll

+ 2008-08-05 09:49:28 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18115_none_34241bd5d9fdc9f6\McrMgr.exe

+ 2008-08-06 03:57:56 6,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.dll

+ 2008-08-06 03:27:54 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.22237_none_349a195cf329d450\McrMgr.exe

+ 2008-08-06 03:27:39 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.16724_none_2de5dbb18528130f\ehdebug.dll

+ 2008-08-06 03:17:56 21,504 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.0.6000.20889_none_2e339a669e71d932\ehdebug.dll

+ 2008-08-06 03:27:39 372,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.16724_none_2d43ff096d0817ea\ehglid.dll

+ 2008-08-06 03:17:58 372,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6000.20889_none_2d91bdbe8651de0d\ehglid.dll

+ 2008-08-05 09:49:54 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.18115_none_2f360de56a25a641\ehglid.dll

+ 2008-08-06 03:56:06 373,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.0.6001.22237_none_2fac0b6c8351b09b\ehglid.dll

+ 2008-08-06 03:27:39 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.16724_none_24d0bc2864e02dde\ehPresenter.dll

+ 2008-08-06 03:17:59 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6000.20889_none_251e7add7e29f401\ehPresenter.dll

+ 2008-08-05 09:49:54 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.18115_none_26c2cb0461fdbc35\ehPresenter.dll

+ 2008-08-06 03:56:06 105,472 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.0.6001.22237_none_2738c88b7b29c68f\ehPresenter.dll

+ 2008-08-06 03:21:59 10,094,080 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.16724_none_50142885535e3590\ehres.dll

+ 2008-08-06 03:18:12 10,103,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehres_31bf3856ad364e35_6.0.6000.20889_none_5061e73a6ca7fbb3\ehres.dll

+ 2008-08-06 03:27:39 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.16724_none_36c4edb116c5f8a5\ehtrace.dll

+ 2008-08-06 03:18:12 18,944 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtrace_31bf3856ad364e35_6.0.6000.20889_none_3712ac66300fbec8\ehtrace.dll

+ 2008-08-06 03:27:39 517,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.16724_none_cccc40dbcc4dcbaa\ehui.dll

+ 2008-08-06 03:18:12 521,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6000.20889_none_cd19ff90e59791cd\ehui.dll

+ 2008-08-05 09:49:54 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.18115_none_cebe4fb7c96b5a01\ehui.dll

+ 2008-08-06 03:56:08 522,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.0.6001.22237_none_cf344d3ee297645b\ehui.dll

+ 2008-08-06 03:27:39 1,497,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.16724_none_3a1333122e23804c\ehuihlp.dll

+ 2008-08-06 03:18:13 1,498,112 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.0.6000.20889_none_3a60f1c7476d466f\ehuihlp.dll

+ 2008-10-02 03:49:05 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16757_none_ebb124d316651d3b\pngfilt.dll

+ 2008-10-02 03:30:07 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20927_none_ec5b33482f6a6659\pngfilt.dll

+ 2008-10-02 03:49:06 1,159,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16757_none_b2cdcd85d9c5949f\urlmon.dll

+ 2008-10-02 03:30:37 1,162,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20927_none_b377dbfaf2caddbd\urlmon.dll

+ 2008-10-02 03:49:19 1,166,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6\urlmon.dll

+ 2008-10-02 03:34:49 1,166,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22278_none_b5290968f0191693\urlmon.dll

+ 2008-10-02 03:49:04 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16757_none_deb05c4e7f6e540e\mstime.dll

+ 2008-10-02 03:28:20 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20927_none_df5a6ac398739d2c\mstime.dll

+ 2008-10-02 03:49:16 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18148_none_e0a26b2a7c8be265\mstime.dll

+ 2008-10-02 03:34:46 671,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22278_none_e10b983195c1d602\mstime.dll

+ 2008-10-02 03:49:02 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\jsproxy.dll

+ 2008-10-02 03:49:06 826,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll

+ 2008-10-02 03:49:06 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\WininetPlugin.dll

+ 2008-10-02 03:27:01 27,648 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\jsproxy.dll

+ 2008-10-02 03:30:45 827,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll

+ 2008-10-02 03:30:45 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\WininetPlugin.dll

+ 2008-10-02 03:49:14 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\jsproxy.dll

+ 2008-10-02 03:49:19 827,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll

+ 2008-06-14 06:16:16 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WininetPlugin.dll

+ 2008-10-02 03:34:46 28,160 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\jsproxy.dll

+ 2008-10-02 03:34:49 827,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll

+ 2008-10-02 03:34:49 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\WininetPlugin.dll

+ 2008-04-07 20:59:13 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dat

+ 2008-10-02 03:49:02 383,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dll

+ 2008-04-07 20:59:13 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dat

+ 2008-10-02 03:26:47 380,928 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dll

+ 2008-10-02 03:49:02 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\dxtmsft.dll

+ 2008-10-02 03:49:02 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16757_none_95b104b9849fbbb3\dxtrans.dll

+ 2008-10-02 03:26:19 347,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\dxtmsft.dll

+ 2008-10-02 03:26:20 214,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20927_none_965b132e9da504d1\dxtrans.dll

+ 2008-10-02 03:49:03 477,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16757_none_46139f1146606e40\mshtmled.dll

+ 2008-10-02 03:27:54 477,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20927_none_46bdad865f65b75e\mshtmled.dll

+ 2008-10-02 03:49:03 3,593,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16757_none_112dc84625252468\mshtml.dll

+ 2008-10-02 03:27:54 3,594,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20927_none_11d7d6bb3e2a6d86\mshtml.dll

+ 2008-10-02 03:49:15 3,578,880 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18148_none_131fd7222242b2bf\mshtml.dll

+ 2008-10-02 03:34:46 3,579,392 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22278_none_138904293b78a65c\mshtml.dll

+ 2008-10-02 03:49:02 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16757_none_588635106739b071\icardie.dll

+ 2008-10-02 03:26:46 63,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20927_none_59304385803ef98f\icardie.dll

+ 2008-10-02 03:48:32 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\ieUnatt.exe

+ 2008-10-02 03:50:01 633,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe

+ 2008-10-02 01:18:42 26,624 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\ieUnatt.exe

+ 2008-10-02 03:32:01 633,632 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe

+ 2008-10-02 03:49:02 267,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\iertutil.dll

+ 2008-10-02 03:49:06 134,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16757_none_458e60038f7fd98f\sqmapi.dll

+ 2008-10-02 03:26:48 267,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\iertutil.dll

+ 2008-10-02 03:30:30 134,144 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20927_none_46386e78a88522ad\sqmapi.dll

+ 2008-10-02 03:49:14 270,336 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\iertutil.dll

+ 2008-01-19 07:36:35 129,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\sqmapi.dll

+ 2008-10-02 03:34:45 270,848 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\iertutil.dll

+ 2008-10-02 03:34:48 129,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22278_none_47e99be6a5d35b83\sqmapi.dll

+ 2008-10-02 03:48:32 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\ie4uinit.exe

+ 2008-10-02 03:49:02 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\iernonce.dll

+ 2008-10-02 03:49:02 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16757_none_c3bb6ace6174f2ba\iesetup.dll

+ 2008-10-02 01:18:33 70,656 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\ie4uinit.exe

+ 2008-10-02 03:26:48 44,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\iernonce.dll

+ 2008-10-02 03:26:48 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20927_none_c46579437a7a3bd8\iesetup.dll

+ 2008-10-02 03:49:02 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16757_none_29e0813e6824c817\iebrshim.dll

+ 2008-10-02 03:26:47 52,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20927_none_2a8a8fb3812a1135\iebrshim.dll

+ 2008-10-02 03:49:02 6,066,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\ieframe.dll

+ 2008-10-02 03:49:02 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16757_none_628d2249b11ab295\ieui.dll

+ 2008-10-02 03:26:48 6,068,224 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\ieframe.dll

+ 2008-10-02 03:26:48 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20927_none_633730beca1ffbb3\ieui.dll

+ 2008-10-02 03:49:14 6,068,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieframe.dll

+ 2008-01-19 07:34:31 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieui.dll

+ 2008-10-02 03:34:45 6,069,760 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\ieframe.dll

+ 2008-10-02 03:34:45 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22278_none_64e85e2cc76e3489\ieui.dll

+ 2008-10-02 03:48:32 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16757_none_e6868ec8949e06cd\ieinstal.exe

+ 2008-10-02 01:18:55 263,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20927_none_e7309d3dada34feb\ieinstal.exe

+ 2008-10-02 03:48:32 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16757_none_0b2ec3e4d718c67f\ieuser.exe

+ 2008-10-02 01:18:56 301,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20927_none_0bd8d259f01e0f9d\ieuser.exe

+ 2008-08-06 03:27:40 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.16724_none_3d328dcd626a3334\mcmde.dll

+ 2008-08-06 03:19:18 1,244,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-m..mediadeliveryengine_31bf3856ad364e35_6.0.6000.20889_none_3d804c827bb3f957\mcmde.dll

+ 2008-09-15 22:29:31 2,413,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16752_none_f06dce5c6e7a7dc0\OESpamFilter.dat

+ 2008-09-15 22:28:34 2,413,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20919_none_f129aec387715c4e\OESpamFilter.dat

+ 2008-09-15 22:29:55 2,413,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18143_none_f25fdd386b980c17\OESpamFilter.dat

+ 2008-09-15 22:27:41 2,413,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22267_none_f2d7db5384c2491f\OESpamFilter.dat

+ 2008-09-18 04:35:05 3,505,208 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntkrnlpa.exe

+ 2008-09-18 04:35:07 3,470,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe

+ 2008-09-18 04:27:45 3,506,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntkrnlpa.exe

+ 2008-09-18 04:27:44 3,472,952 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe

+ 2008-09-18 05:09:10 3,601,464 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntkrnlpa.exe

+ 2008-09-18 05:09:09 3,549,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe

+ 2008-09-18 04:54:44 3,601,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntkrnlpa.exe

+ 2008-09-18 04:54:49 3,549,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe

+ 2008-08-26 01:12:30 290,304 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16738_none_d7f8bf26f95e2296\srv.sys

+ 2008-08-27 00:49:12 290,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.20904_none_d89ecc7412670658\srv.sys

+ 2008-08-27 01:06:25 288,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.18130_none_d9d6fb7cf68be8cf\srv.sys

+ 2008-08-27 00:53:21 288,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6001.22252_none_da4cf9040fb7f329\srv.sys

+ 2008-08-06 03:27:39 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.16724_none_de803b00914caa46\EncDec.dll

+ 2008-08-06 03:18:16 428,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6000.20889_none_decdf9b5aa967069\EncDec.dll

+ 2008-08-05 09:49:58 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.18115_none_e07249dc8e6a389d\EncDec.dll

+ 2008-08-06 04:00:35 428,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tvencdec_31bf3856ad364e35_6.0.6001.22237_none_e0e84763a79642f7\EncDec.dll

+ 2008-08-06 03:27:43 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.16724_none_da055cba59f5adf1\psisdecd.dll

+ 2008-08-06 03:21:05 292,352 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6000.20889_none_da531b6f733f7414\psisdecd.dll

+ 2008-08-05 09:49:58 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\psisdecd.dll

+ 2008-08-06 04:00:45 293,376 ----a-w C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.22237_none_dc6d691d703f46a2\psisdecd.dll

+ 2008-09-18 02:03:07 2,027,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys

+ 2008-09-20 01:13:20 2,029,568 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys

+ 2008-09-18 02:16:28 2,032,640 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys

+ 2008-09-20 01:21:50 2,033,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Program Files\GbPlugin\gbiehcef.dll" [2008-09-01 374856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

S3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

S3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

\shell\AutoRun\command - n6j6pc0.com

\shell\explore\Command - n6j6pc0.com

\shell\open\Command - n6j6pc0.com

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-17 C:\Windows\Tasks\User_Feed_Synchronization-{33E43AC5-0C46-4B94-B79F-C29C356437C1}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 05:33]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-17 21:03:16

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-10-17 21:05:48

ComboFix-quarantined-files.txt 2008-10-17 23:04:46

ComboFix2.txt 2008-10-16 21:10:00

ComboFix3.txt 2008-10-09 16:36:25

 

Pré-execução: 29.221.089.280 bytes disponíveis

Pós execução: 30,046,375,936 bytes disponíveis

 

419 --- E O F --- 2008-10-17 01:00:23

 

 

MALWAREBYTES

 

Malwarebytes' Anti-Malware 1.29

Versão do banco de dados: 1280

Windows 6.0.6001 Service Pack 1

 

17/10/2008 21:22:37

mbam-log-2008-10-17 (21-22-37).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 47200

Tempo decorrido: 2 minute(s), 19 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\Windows\Downloaded Program Files\scpsssh2.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\GbPlugin\gbiehcef.dll (Trojan.BHO) -> Quarantined and deleted successfully.

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\Program Files\GbPlugin

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

[Marcos Vinícius 0]

LOG COMBOFIX

 

ComboFix 08-10-16.08 - Marcos Vinícius 2008-10-18 10:54:56.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2811 [GMT -2:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

Comandos utilizados :: C:\Users\Marcos Vinícius\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\GbPlugin

C:\Program Files\GbPlugin\cef.gpc

C:\Program Files\GbPlugin\gbieh.gmd

C:\Program Files\GbPlugin\gbpdist.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))

.

 

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-17 21:17 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-17 21:17 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-16 22:49 . 2008-10-01 23:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-16 22:49 . 2008-10-02 01:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-16 22:43 . 2008-08-05 07:49 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-10-16 22:43 . 2008-08-05 07:49 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-10-16 22:43 . 2008-08-05 07:48 217,088 --a------ C:\Windows\System32\psisrndr.ax

2008-10-16 22:43 . 2008-08-05 07:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax

2008-10-16 22:43 . 2008-08-05 07:48 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-10-16 20:58 . 2008-10-16 20:58 <DIR> d-------- C:\Program Files\DCETools

2008-10-15 21:52 . 2008-10-15 23:03 <DIR> d-------- C:\ComboFix1

2008-10-15 21:29 . 2008-09-18 00:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-15 21:29 . 2008-08-26 23:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 21:28 . 2008-09-18 03:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 21:28 . 2008-09-18 03:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-14 23:24 . 2008-10-15 22:03 320,323,197 --a------ C:\Windows\MEMORY.DMP

2008-10-11 19:05 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.003

2008-10-11 19:05 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.002

2008-10-11 19:03 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.001

2008-10-11 19:03 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.000

2008-10-11 18:59 . 1998-04-30 15:56 129,024 --a------ C:\Windows\UNWISE.EXE

2008-10-11 18:59 . 1996-08-12 11:59 24,576 --a------ C:\Windows\System32\Wavlbsys.dll

2008-10-11 18:58 . 1998-05-06 18:44 24,576 --a------ C:\Windows\System32\Hyperman.dll

2008-10-06 21:48 . 2008-10-17 21:25 <DIR> d-------- C:\Hijack

2008-10-04 12:42 . 2008-10-04 12:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 21:00 . 2008-10-07 23:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 13:58 . 2008-07-12 09:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 13:57 . 2008-08-17 08:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Common Files\COWON

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-18 12:58 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-18 12:58 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-17 23:17 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-17 00:50 --------- d-----w C:\Program Files\Windows Mail

2008-10-12 13:34 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-11 20:57 --------- d-----w C:\Program Files\Sony

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-21 20:38 --------- d-----w C:\ProgramData\DVD Shrink

2008-09-13 19:30 --------- d-----w C:\Program Files\Microsoft Money 2007

2008-09-11 16:30 --------- d-----w C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-28 13:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-19 01:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-18 23:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-06-09 00:52 28,095 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

((((((((((((((((((((((((((((( snapshot_2008-10-17_21.04.04,87 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-13 22:21:48 1,017,240 ----a-r C:\Windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_dsc.exe

+ 2008-02-13 22:22:00 1,099,040 ----a-r C:\Windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.1.8044\file_tgctlsi.dll

- 2008-10-17 22:38:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-18 12:45:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-10-17 22:38:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-10-18 12:45:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-10-17 22:40:10 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-18 12:47:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-18 12:47:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-10-17 22:39:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-18 12:47:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-18 12:47:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-10-17 22:38:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-18 12:46:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-17 22:38:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-18 12:46:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-17 22:38:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-10-18 12:46:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-10-17 22:57:57 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-18 12:54:39 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-10-17 22:43:16 117,692 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-10-18 12:51:58 122,194 ----a-w C:\Windows\System32\perfc009.dat

- 2008-10-17 22:43:16 398,874 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-10-18 12:51:58 403,568 ----a-w C:\Windows\System32\perfh009.dat

- 2008-10-17 22:43:16 121,888 ----a-w C:\Windows\System32\prfc0416.dat

+ 2008-10-18 12:51:58 121,888 ----a-w C:\Windows\System32\prfc0416.dat

- 2008-10-17 22:43:16 634,202 ----a-w C:\Windows\System32\prfh0416.dat

+ 2008-10-18 12:51:58 634,202 ----a-w C:\Windows\System32\prfh0416.dat

- 2008-10-17 22:40:34 48,412 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-10-18 12:47:46 48,472 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-10-16 38496]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-17 C:\Windows\Tasks\User_Feed_Synchronization-{33E43AC5-0C46-4B94-B79F-C29C356437C1}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 05:33]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll

 

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-18 10:57:57

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

**************************************************************************

.

Tempo para conclusão: 2008-10-18 11:00:11

ComboFix-quarantined-files.txt 2008-10-18 12:59:09

ComboFix2.txt 2008-10-17 23:05:49

ComboFix3.txt 2008-10-16 21:10:00

ComboFix4.txt 2008-10-09 16:36:25

 

Pré-execução: 37.086.924.800 bytes disponíveis

Pós execução: 37,047,255,040 bytes disponíveis

 

219 --- E O F --- 2008-10-17 01:00:23

[PedroN 1]

- Poste um novo log do hijackthis

- Como estar o PC?

[Marcos Vinícius 0]

- Poste um novo log do hijackthis

- Como estar o PC?

 

Parece que tá tudo em ordem. O único porém é que voltou o problema de não conectar o wireless. Vou tentar rodar o wizard da instalação do roteador novamente pra ver se resolve.

 

Editado: Fiz de tudo pra restaurar a conexão wi fi. Mexi em tudo que eu podia. Reinstalei o roteador e não consegui conectar. Será que não foi apagado alguma linha que gerenciava essa conexão?

 

LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:24:52, on 19/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B047B6-E434-47DC-9A5B-15830A3B3112}: NameServer = 192.168.0.1

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8827 bytes

[PedroN 1]

Editado: Fiz de tudo pra restaurar a conexão wi fi. Mexi em tudo que eu podia. Reinstalei o roteador e não consegui conectar. Será que não foi apagado alguma linha que gerenciava essa conexão?

 

Não, se não tinha sido restaurado com a reinstalação.

 

No mais seu log estar limpo.

 

Abraços (y)

[Marcos Vinícius 0]

Valeu Sr. Perfect.

 

Obrigado pela ajuda.

 

Um abraço.

[Marcos Vinícius 0]

LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:20:39, on 20/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wuauclt.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8795 bytes

 

 

 

LOG COMBOFIX

 

ComboFix 08-10-16.08 - Marcos Vinícius 2008-10-20 23:23:27.3 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1046.18.2813 [GMT -2:00]

Executando de: C:\Users\Marcos Vinícius\Desktop\ComboFix.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-21 to 2008-10-21 ))))))))))))))))))))))))))))

.

 

2008-10-20 20:28 . 2007-05-10 17:20 4,952,064 --a------ C:\Windows\System32\stacgui.cpl

2008-10-20 20:28 . 2007-04-10 18:02 1,601,536 --a------ C:\Windows\System32\stlang.dll

2008-10-20 20:28 . 2007-05-06 17:11 144,896 --a------ C:\Windows\System32\staco.dll

2008-10-20 20:28 . 2007-05-06 17:11 94,208 --a------ C:\Windows\System32\stacsv.exe

2008-10-20 20:27 . 2008-10-20 20:27 <DIR> d-------- C:\Program Files\SigmaTel(15)

2008-10-20 20:27 . 2008-10-20 22:53 <DIR> d-------- C:\Program Files\SigmaTel

2008-10-20 20:27 . 2007-05-06 17:11 587,776 --a------ C:\Windows\System32\stapo.dll

2008-10-20 20:27 . 2007-05-06 17:12 326,656 --a------ C:\Windows\System32\drivers\stwrt.sys

2008-10-20 20:27 . 2007-05-06 17:11 326,144 --a------ C:\Windows\System32\stcplx.dll

2008-10-20 20:27 . 2007-05-06 17:10 244,736 --a------ C:\Windows\System32\stapi32.dll

2008-10-20 20:09 . 2008-10-20 22:53 <DIR> d-------- C:\Windows\System32\vmm32

2008-10-19 23:30 . 2008-10-20 22:53 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Creative

2008-10-19 23:28 . 2008-10-19 23:28 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\tmp

2008-10-19 23:28 . 2008-10-19 23:28 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Reallusion

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-17 21:17 . 2008-10-17 21:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-17 21:17 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-17 21:17 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-16 22:49 . 2008-10-01 23:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-16 22:49 . 2008-10-02 01:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-16 22:43 . 2008-08-05 07:49 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-10-16 22:43 . 2008-08-05 07:49 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-10-16 22:43 . 2008-08-05 07:48 217,088 --a------ C:\Windows\System32\psisrndr.ax

2008-10-16 22:43 . 2008-08-05 07:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax

2008-10-16 22:43 . 2008-08-05 07:48 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-10-16 20:58 . 2008-10-16 20:58 <DIR> d-------- C:\Program Files\DCETools

2008-10-15 21:52 . 2008-10-15 23:03 <DIR> d-------- C:\ComboFix1

2008-10-15 21:29 . 2008-09-18 00:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-15 21:29 . 2008-08-26 23:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 21:28 . 2008-09-18 03:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 21:28 . 2008-09-18 03:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-14 23:24 . 2008-10-15 22:03 320,323,197 --a------ C:\Windows\MEMORY.DMP

2008-10-11 19:05 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.003

2008-10-11 19:05 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.002

2008-10-11 19:03 . 2000-12-24 17:38 401,462 --a------ C:\Windows\System32\temp.001

2008-10-11 19:03 . 2000-12-24 17:38 266,293 --a------ C:\Windows\System32\temp.000

2008-10-11 18:59 . 1998-04-30 15:56 129,024 --a------ C:\Windows\UNWISE.EXE

2008-10-11 18:59 . 1996-08-12 11:59 24,576 --a------ C:\Windows\System32\Wavlbsys.dll

2008-10-11 18:58 . 1998-05-06 18:44 24,576 --a------ C:\Windows\System32\Hyperman.dll

2008-10-06 21:48 . 2008-10-20 23:20 <DIR> d-------- C:\Hijack

2008-10-04 12:42 . 2008-10-04 12:42 <DIR> d-------- C:\Program Files\Scpad

2008-09-29 21:00 . 2008-10-07 23:29 190 --a------ C:\Windows\guitar.ini

2008-09-25 13:58 . 2008-07-12 09:18 3,851,784 --a------ C:\Windows\System32\D3DX9_39.dll

2008-09-25 13:57 . 2008-08-17 08:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\JetAudio

2008-09-24 00:50 . 2008-09-24 00:50 <DIR> d-------- C:\Program Files\Common Files\COWON

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-21 01:26 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-21 01:26 3,407,872 --sha-w C:\Users\Marcos Vinícius\ntuser.dat

2008-10-21 00:53 --------- d-s---w C:\Users\Marcos Vinícius\AppData\Roaming\Microsoft

2008-10-21 00:53 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Creative

2008-10-21 00:53 --------- d-----w C:\Program Files\Broadcom

2008-10-20 22:27 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-20 22:09 --------- d-----w C:\Program Files\Dell

2008-10-20 20:39 --------- d-----w C:\ProgramData\DVD Shrink

2008-10-20 01:28 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\tmp

2008-10-20 01:28 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Reallusion

2008-10-19 17:42 90,313 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\nvModes.dat

2008-10-17 23:17 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Malwarebytes

2008-10-17 21:47 --------- d-----w C:\ProgramData\GbPlugin

2008-10-17 00:50 --------- d-----w C:\Program Files\Windows Mail

2008-10-11 20:57 --------- d-----w C:\Program Files\Sony

2008-09-25 15:58 --------- d-----w C:\Program Files\Microsoft Games

2008-09-24 02:50 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\COWON

2008-09-13 19:30 --------- d-----w C:\Program Files\Microsoft Money 2007

2008-09-11 16:30 --------- d-----w C:\Program Files\Inesoft Cash Organizer 2008 Premium

2008-09-08 22:15 --------- d-----w C:\Program Files\DreMule

2008-09-08 21:03 --------- d-----w C:\Users\Marcos Vinícius\AppData\Roaming\Real

2008-09-07 00:49 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-09-07 00:36 --------- d-----w C:\Program Files\Media Player Classic Homecinema

2008-08-31 20:46 103,064 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\GDIPFONTCACHEV1.DAT

2008-08-29 01:30 --------- d-----w C:\Program Files\DivXLand

2008-08-28 13:50 30,720 ----a-w C:\Windows\System32\soundschemes2.exe

2008-08-25 15:57 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-25 00:12 47,360 ----a-w C:\Users\Marcos Vinícius\AppData\Roaming\pcouffin.sys

2008-06-09 00:52 28,095 ----a-w C:\Users\Administrador\AppData\Roaming\nvModes.dat

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-05-21 17:24 56,912 ----a-w C:\Users\Marcos Vinícius\g2mdlhlpx.exe

2008-04-07 13:31 76 --sh--r C:\Windows\CT4CET.bin

.

 

((((((((((((((((((((((((((((( snapshot_2008-10-18_10.58.28,41 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-25 00:08:56 51,200 ----a-w C:\Windows\inf\infpub.dat

+ 2008-10-20 22:28:30 51,200 ----a-w C:\Windows\inf\infpub.dat

- 2008-06-22 22:54:18 86,016 ----a-w C:\Windows\inf\infstor.dat

+ 2008-10-20 22:28:27 86,016 ----a-w C:\Windows\inf\infstor.dat

- 2008-06-25 00:08:56 143,360 ----a-w C:\Windows\inf\infstrng.dat

+ 2008-10-20 22:28:30 143,360 ----a-w C:\Windows\inf\infstrng.dat

+ 2008-10-20 22:25:20 3,262 ----a-r C:\Windows\Installer\{612B9183-67A9-4B44-9877-2F059E35B86A}\ARPPRODUCTICON.exe

- 2007-08-13 09:05:18 614,400 ----a-w C:\Windows\Installer\iProData\iconvrtr.exe

+ 2007-07-25 18:33:00 614,400 ----a-w C:\Windows\Installer\iProData\iconvrtr.exe

- 2007-08-13 09:05:48 151,552 ----a-w C:\Windows\Installer\iProInst.dll

+ 2007-06-01 12:37:00 151,552 ----a-w C:\Windows\Installer\iProInst.dll

- 2007-08-13 09:05:24 600,328 ----a-w C:\Windows\Installer\iProInst.exe

+ 2007-07-17 13:16:00 600,328 ----a-w C:\Windows\Installer\iProInst.exe

- 2008-10-18 12:45:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-21 00:55:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-10-18 12:45:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-10-21 00:55:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-10-18 12:47:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-21 00:57:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-21 00:57:07 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-10-18 12:47:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-21 00:57:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-21 00:57:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-10-18 12:46:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-21 00:55:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-18 12:46:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-21 00:55:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-18 12:46:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-10-21 00:55:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-10-18 12:54:39 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-21 01:23:22 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-21 01:23:22 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

+ 2006-11-02 07:36:49 235,520 ----a-w C:\Windows\System32\drivers\HdAudio.sys

+ 2006-08-24 19:49:34 164,180 ----a-w C:\Windows\System32\drivers\windrvr.sys

+ 2007-03-05 16:05:14 492,544 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\ctapo32.dll

+ 2007-03-05 16:05:16 45,568 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\ctppld.dll

+ 2007-05-06 19:11:02 144,896 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\staco.dll

+ 2007-05-06 19:11:36 94,208 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\stacsv.exe

+ 2007-05-06 19:10:38 244,736 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\stapi32.dll

+ 2007-05-06 19:11:42 587,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\stapo.dll

+ 2007-05-06 19:11:52 326,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\stcplx.dll

+ 2007-04-10 20:02:00 1,601,536 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\stlang.dll

+ 2007-05-06 19:10:44 405,504 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\sttray.exe

+ 2007-05-06 19:12:02 326,656 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\stwrt.sys

+ 2007-05-06 19:10:58 27,648 ----a-w C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_18c20100\suhlp.exe

- 2007-07-25 19:27:44 802,816 ----a-w C:\Windows\System32\IWMSSvc.dll

+ 2007-07-25 18:27:44 802,816 ----a-w C:\Windows\System32\IWMSSvc.dll

- 2008-10-18 12:51:58 122,194 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-10-21 01:03:23 190,922 ----a-w C:\Windows\System32\perfc009.dat

- 2008-10-18 12:51:58 403,568 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-10-21 01:03:23 475,368 ----a-w C:\Windows\System32\perfh009.dat

- 2008-10-18 12:51:58 121,888 ----a-w C:\Windows\System32\prfc0416.dat

+ 2008-10-21 01:03:23 121,888 ----a-w C:\Windows\System32\prfc0416.dat

- 2008-10-18 12:51:58 634,202 ----a-w C:\Windows\System32\prfh0416.dat

+ 2008-10-21 01:03:23 634,202 ----a-w C:\Windows\System32\prfh0416.dat

+ 2006-08-24 14:49:24 176,128 ----a-w C:\Windows\System32\rcdscan.dll

- 2008-10-17 21:02:38 13,816 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

+ 2008-10-21 00:57:47 14,282 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4199523174-1369212746-3190709888-1000_UserData.bin

- 2008-10-17 22:40:36 65,898 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-10-21 00:57:47 66,068 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-10-18 12:47:46 48,472 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-10-20 23:38:50 48,776 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

- 2008-10-17 21:02:21 246,582 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-10-20 23:14:17 247,726 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-12-03 36864]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 81920]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 86016]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"PMX Daemon"="ICO.EXE" [2006-11-08 C:\Windows\System32\ico.exe]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-07 50688]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-04-07 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= divxa32.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{147BD8DA-B218-4F14-ACBD-B11397578B4F}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{F8294EC3-1E81-4714-9C04-A00FA266152C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{04C5ED7D-B434-4326-A3A2-05A5DBAAB25A}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{9D0BF311-1399-4F44-A8FB-6A2A607FC4B7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"TCP Query User{A7495583-C7C0-4FB9-A431-35D99EC214AD}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{6F5FECDB-A8FB-4899-ACD7-648AF98985BE}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"TCP Query User{72E3960A-5C18-4864-B91D-E53AD31BCAA8}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"UDP Query User{346A1E25-05CB-415A-9BCA-EE32160BC9BF}C:\\program files\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\program files\tradezone\tzmetasolution\winros.exe:TZMetaSolution

"TCP Query User{AB1DBCBE-4CC5-42A6-B63C-6737B7403518}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= UDP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"UDP Query User{328FD150-ED78-44E1-BD20-63BC23D31E26}C:\\users\\marcos vinícius\\appdata\\local\\xenocode\\appliancecaches\\phicube analyzer3.exe_v57ebb63a\\native\\stubexe\\@programfiles@\\tradezone\\tzmetasolution\\winros.exe"= TCP:C:\users\marcos vinícius\appdata\local\xenocode\appliancecaches\phicube analyzer3.exe_v57ebb63a\native\stubexe\@programfiles@\tradezone\tzmetasolution\winros.exe:winros.exe

"{2A22203A-A50A-40EA-A602-36F17131B90D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{072EFF09-7F7A-4530-91AD-D6EA08DE473D}C:\\program files\\dremule\\emule.exe"= UDP:C:\program files\dremule\emule.exe:Dreamule

"UDP Query User{C568FBBB-6CC5-493C-9CC9-8CCC98F4ED95}C:\\program files\\dremule\\emule.exe"= TCP:C:\program files\dremule\emule.exe:Dreamule

"{7EDEFB16-2444-479F-9F08-AD5BA5FCEF95}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{CB15837B-C58B-4670-B055-B082220BDBFC}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

 

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]

R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 19008]

S2 scpVista;scpVista;C:\Program Files\Scpad\scpVista.exe [2007-12-12 136448]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]

\shell\AutoRun\command - n6j6pc0.com

\shell\explore\Command - n6j6pc0.com

\shell\open\Command - n6j6pc0.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594b956a-04a4-11dd-8589-806e6f6e6963}]

\shell\AutoRun\command - E:\autoRcd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-20 C:\Windows\Tasks\User_Feed_Synchronization-{33E43AC5-0C46-4B94-B79F-C29C356437C1}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 05:33]

.

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Users\Marcos Vinícius\AppData\Roaming\Mozilla\Firefox\Profiles\0t7zgz86.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uol.com.br

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-20 23:26:43

Windows 6.0.6001 Service Pack 1 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-20 23:28:19

ComboFix-quarantined-files.txt 2008-10-21 01:27:55

ComboFix2.txt 2008-10-18 13:00:12

ComboFix3.txt 2008-10-17 23:05:49

ComboFix4.txt 2008-10-16 21:10:00

ComboFix5.txt 2008-10-21 01:23:10

 

Pré-execução: 30.487.060.480 bytes disponíveis

Pós execução: 30,446,841,856 bytes disponíveis

 

269 --- E O F --- 2008-10-17 01:00:23

[Marcos Vinícius 0]

Segue novos logs conforme orientado na MP.

 

LOG AVENGER

 

//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

 

Platform: Windows NT 6.0 (build 6001, Service Pack 1)

Tue Oct 21 13:18:20 2008

 

13:18:09: Error: Invalid syntax in command:

"[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{118d0bc3-0fad-11dd-b4aa-001c23b622b2}]"

Skipping line. (Registry value deletion mode)

 

 

//////////////////////////////////////////

 

 

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows Vista

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Error: "C:\ProgramData\GbPlugin" is a folder, not a file!

Deletion of file "C:\ProgramData\GbPlugin" failed!

Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)

--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

LOG HIJACKTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:41:02, on 21/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\ico.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\Pmxmiced.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View E&xif... - C:\Users\Marcos Vinícius\Documents\VisualExif\html\VisualExif.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O13 - Gopher Prefix:

O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab

O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553590000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8771 bytes