[Arquivado] Erro ao iniciar o Windows (gbiehbsb.dll)

[mickimaster 0]

Alguém poderia me ajudar a resolver esse erro?

 

gbiehbsb.dll

 

Ja ta dando esse erro tem um tempinho e eu não sei como remover

 

Segue abaixo o log do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 20:57:36, on 8/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\arquivos de programas\Realteck\realteck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\arquivos de programas\Realteck\pRee1.exe

C:\arquivos de programas\Realteck\pRee2.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads by Orbit\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://br.rd.yahoo.com/customize/yco...search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/yco.....;//br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/yco.....;//br.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.585 8\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [krn] C:\arquivos de programas\Realteck\realteck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HOME\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/.....;/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.....;/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Conexant Systems, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

 

 

--------------------------------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 20:59:40, on 8/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\arquivos de programas\Realteck\realteck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\arquivos de programas\Realteck\pRee1.exe

C:\arquivos de programas\Realteck\pRee2.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads by Orbit\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://br.rd.yahoo.com/customize/yco...search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/yco.....;//br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/yco.....;//br.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.615.585 8\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [krn] C:\arquivos de programas\Realteck\realteck.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HOME\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/.....;/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.....;/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Conexant Systems, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

 

--------------------------------------------------------------------------

 

Eu fiz 2 tipos de scan no HijackThis

 

Grato pela atenção

[Laurentino Mello 1]

Movido: Microsoft Windows :seta: Segurança e Malwares

[PedroN 1]

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

 

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrirá a janela Auto Scan. Aguarde!

- Digite a opção para continuar! >> Enter

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste o relatório: C:\ComboFix.txt

[mickimaster 0]

Ta ai o resultado do COMBO.FIX

 

ComboFix 08-10-12.01 - HOME 2008-10-13 20:26:46.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1584 [GMT -2:00]

Executando de: C:\Documents and Settings\HOME\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Arquivos de programas\ADSTechnology

C:\Arquivos de programas\ADSTechnology\ADSTechnology.dll

C:\Arquivos de programas\ADSTechnology\Uninstall.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

C:\WINDOWS\services.exe

C:\WINDOWS\system32\skandisk.dll

C:\WINDOWS\url.ini

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-13 to 2008-10-13 ))))))))))))))))))))))))))))

.

 

2008-10-13 15:04 . 2008-10-13 15:04 <DIR> d-------- C:\WINDOWS\system32\bits

2008-10-13 15:04 . 2008-10-13 15:04 <DIR> d-------- C:\WINDOWS\l2schemas

2008-10-13 14:57 . 2008-10-13 14:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-10-12 18:51 . 2008-10-12 18:51 1,296,212 --a------ C:\Mega_Man_X_3_(U).zip

2008-10-12 00:11 . 2008-10-12 11:40 78,053 --a------ C:\Super_Bomberman_3_(E).001

2008-10-08 01:34 . 2008-10-08 01:34 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2008-10-03 16:11 . 2008-10-11 11:10 8,192 --a------ C:\chrono_www.i16games.com.srm

2008-10-03 16:02 . 2008-10-04 13:14 127,130 --a------ C:\chrono_www.i16games.com.000

2008-10-03 15:07 . 2008-10-03 15:07 3,082,883 --a------ C:\chrono_www.i16games.com.zip

2008-09-30 14:01 . 2008-10-03 14:47 78,187 --a------ C:\Super_Bomberman_5_(J).000

2008-09-29 23:59 . 2008-09-30 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-09-28 20:14 . 2008-10-11 20:07 8,192 --a------ C:\Super_Bomberman_5_(J).srm

2008-09-28 20:08 . 2008-09-28 20:08 1,183,158 --a------ C:\Super_Bomberman_5_(J).zip

2008-09-28 12:27 . 2008-10-04 13:15 62,192 --a------ C:\Super_Bomberman_4_(J).000

2008-09-28 12:23 . 2008-09-28 12:24 914,339 --a------ C:\Super_Bomberman_4_(J).zip

2008-09-27 18:11 . 2008-10-12 11:39 102,791 --a------ C:\Super_Bomberman_3_(E).000

2008-09-27 17:40 . 2008-09-27 17:40 846,583 --a------ C:\Super_Bomberman_3_(E).zip

2008-09-26 22:57 . 2008-07-12 09:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll

2008-09-26 22:57 . 2008-07-12 09:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll

2008-09-26 22:57 . 2008-07-31 11:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll

2008-09-26 22:57 . 2008-07-12 09:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll

2008-09-26 22:57 . 2008-07-31 11:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll

2008-09-26 22:57 . 2008-07-31 11:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll

2008-09-25 02:58 . 2008-09-23 21:31 73,216 --a------ C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe

2008-09-25 02:58 . 2008-09-23 19:33 4,736 --a------ C:\Documents and Settings\HOME\Dados de aplicativos\msnone.sys

2008-09-24 01:30 . 2008-09-24 01:30 <DIR> d-------- C:\Arquivos de programas\ImTOO

2008-09-19 23:36 . 2008-09-19 23:36 <DIR> d-------- C:\Documents and Settings\HOME\Dados de aplicativos\SPORE

2008-09-19 23:28 . 2008-09-19 23:28 <DIR> d-------- C:\ProgramData

2008-09-19 23:28 . 2008-09-19 23:28 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-09-19 23:27 . 2008-09-19 23:27 1,158 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

2008-09-19 00:08 . 2007-10-09 10:09 1,640,960 --a------ C:\WINDOWS\lhelp.exe

2008-09-19 00:03 . 2008-10-13 20:11 <DIR> d-------- C:\Arquivos de programas\Intelbras

2008-09-18 01:18 . 2004-08-04 01:36 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-13 22:29 905,760 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-13 22:29 31,144,992 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-13 22:14 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\BitTorrent

2008-10-13 22:13 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-10-13 22:12 88,784 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-13 22:12 420,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-11 18:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-10-08 03:43 --------- d-----w C:\Arquivos de programas\Xvid

2008-09-23 21:29 --------- d-----w C:\Arquivos de programas\BitTorrent

2008-09-22 11:46 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\Orbit

2008-09-21 21:00 --------- d-----w C:\Arquivos de programas\Norton Security Scan

2008-09-20 01:28 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-19 02:16 --------- d-----w C:\Arquivos de programas\Kaneva

2008-09-15 02:53 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\BSplayer

2008-09-09 00:06 --------- d-----w C:\Arquivos de programas\CCleaner

2008-09-03 21:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-09-03 20:09 --------- d-----w C:\Arquivos de programas\mozilla.org

2008-09-03 19:47 --------- d--h--w C:\Arquivos de programas\Realteck

2008-08-16 13:40 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\Stellarium

2008-08-15 17:35 --------- d-----w C:\Arquivos de programas\ShaagChess

2008-08-15 17:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-08-15 04:01 --------- d-----w C:\Arquivos de programas\Zylom Games

2008-08-15 03:00 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\Zylom

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-05-08 17:13 0 ----a-w C:\Arquivos de programas\temp01

2008-01-30 02:42 22,328 ----a-w C:\Documents and Settings\HOME\Dados de aplicativos\PnkBstrK.sys

2008-06-10 15:53 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2008-03-26 587568]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 8429568]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 500224]

"Microsoft Genuine Advantage"="C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe" [2008-09-23 73216]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Microsoft Genuine Advantage"="C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe" [2008-09-23 73216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^IMVU.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\IMVU.lnk

backup=C:\WINDOWS\pss\IMVU.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\MagicDisc.lnk

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^Registration Assassin's Creed.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\Registration Assassin's Creed.lnk

backup=C:\WINDOWS\pss\Registration Assassin's Creed.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

--a------ 2007-03-01 00:06 2321600 C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2007-03-09 21:50 200768 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-27 19:03 152872 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2008-03-26 15:07 587568 C:\Arquivos de programas\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2007-10-18 19:44 286016 C:\Arquivos de programas\BitTorrent_DNA\dna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 00:20 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-01-17 14:51 486856 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

--a------ 2008-07-21 15:07 2752512 C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

-ra------ 2006-11-22 01:50 704512 C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-10-23 19:51 233472 C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 11:24 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2005-07-23 00:33 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-12 13:44 8429568 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-12 13:44 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 18:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-10-19 15:03 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 18:20 866584 C:\Arquivos de programas\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-12 13:44 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 22:33 180224 C:\WINDOWS\system32\pctspk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

-ra------ 2006-07-10 16:33 176128 C:\WINDOWS\system32\S3Trayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-06-20 11:42 77824 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2006-08-03 04:53 53248 C:\WINDOWS\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"F:\\Arquivos de programas\\Need For Speed Underground\\Speed.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2004-01-29 180224]

S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]

S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-14 654848]

S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]

S3 XDva182;XDva182;C:\WINDOWS\system32\XDva182.sys [ ]

S3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys [ ]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dcf3242-aceb-11d7-a792-806d6172696f}]

\Shell\AutoRun\command - D:\Setupx.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45c69520-6845-11dc-abe9-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f447a416-3642-11dd-ba9b-001a4dae71e6}]

\Shell\AutoRun\command - 8ng8w.com

\Shell\explore\Command - 8ng8w.com

\Shell\open\Command - 8ng8w.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f939e801-1d4c-11d7-9992-806d6172696f}]

\Shell\AutoRun\command - D:\Setup.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f939e803-1d4c-11d7-9992-82929bebbe0f}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(&0)\command - Recycled\ctfmon.exe

 

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-13 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

 

2008-10-12 C:\WINDOWS\Tasks\Norton Security Scan.job

- C:\Arquivos de programas\Norton Security Scan\Nss.exe [2008-01-09 05:08]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-Discador Intelbras - (no file)

HKLM-Explorer_Run-gbieh.1 - C:\WINDOWS\gbiehbsb.dll

MSConfigStartUp-AdVantage - C:\Arquivos de programas\AdVantage\AdVantage.exe

MSConfigStartUp-avast! - C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

MSConfigStartUp-AVG7_CC - C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe

MSConfigStartUp-DAEMON Tools - C:\Arquivos de programas\DAEMON Tools\daemon.exe

MSConfigStartUp-services - C:\WINDOWS\services.exe

MSConfigStartUp-Steam - C:\Arquivos de programas\Steam\Steam.exe

MSConfigStartUp-winserver - C:\WINDOWS\winserver.exe

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\2jqu1pvc.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.br/

FF -: plugin - C:\Arquivos de programas\BitTorrent_DNA\npbtdna.dll

FF -: plugin - C:\Arquivos de programas\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF -: plugin - C:\Arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-13 20:29:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

 

C:\DOCUME~1\HOME\CONFIG~1\Temp\RGI4.tmp

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

 

**************************************************************************

.

Tempo para conclusão: 2008-10-13 20:30:30

ComboFix-quarantined-files.txt 2008-10-13 22:30:02

 

Pré-execução: 14 pasta(s) 35.529.613.312 bytes disponíveis

Pós execução: 20 pasta(s) 35,709,206,528 bytes disponíveis

 

261 --- E O F --- 2008-10-13 17:15:44

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\WINDOWS\lhelp.exe

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dcf3242-aceb-11d7-a792-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45c69520-6845-11dc-abe9-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f447a416-3642-11dd-ba9b-001a4dae71e6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f939e801-1d4c-11d7-9992-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f939e803-1d4c-11d7-9992-82929bebbe0f}]

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Poste-o junto com o novo log do hijackthis

[mickimaster 0]

ComboFix 08-10-12.01 - HOME 2008-10-15 19:40:15.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1536 [GMT -3:00]

Executando de: C:\Documents and Settings\HOME\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\HOME\Desktop\CFScript.txt

* Criado um novo ponto de restauro

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

C:\WINDOWS\lhelp.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\lhelp.exe

C:\WINDOWS\system32\skandisk.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-15 to 2008-10-15 ))))))))))))))))))))))))))))

.

 

2008-10-15 10:51 . 2008-08-14 10:24 2,193,408 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 10:51 . 2008-08-14 10:24 2,149,376 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 10:51 . 2008-08-14 10:24 2,070,272 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 10:51 . 2008-08-14 10:24 2,028,032 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 10:51 . 2008-09-15 12:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 02:05 . 2008-09-08 07:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 22:18 . 2008-10-14 22:18 2,048 --a------ C:\Donkey_Kong_Country_3.srm

2008-10-14 07:49 . 2008-10-15 16:20 1,393 --a------ C:\WINDOWS\imsins.BAK

2008-10-14 07:25 . 2008-05-09 07:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll

2008-10-14 07:25 . 2008-05-09 07:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll

2008-10-14 07:25 . 2008-05-09 07:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-10-14 07:25 . 2008-05-09 07:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-10-14 07:25 . 2008-05-08 08:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe

2008-10-14 07:25 . 2008-05-09 05:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe

2008-10-14 07:25 . 2008-05-09 07:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll

2008-10-14 00:35 . 2008-10-14 00:35 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4

2008-10-13 23:40 . 2008-10-13 23:45 211 --a------ C:\WINDOWS\ACTIVEJP.INI

2008-10-13 14:04 . 2008-10-13 14:04 <DIR> d-------- C:\WINDOWS\system32\bits

2008-10-13 14:04 . 2008-10-13 14:04 <DIR> d-------- C:\WINDOWS\l2schemas

2008-10-13 13:57 . 2008-10-13 13:57 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-10-08 00:34 . 2008-10-08 00:34 <DIR> d-------- C:\Arquivos de programas\DsNET Corp

2008-09-29 22:59 . 2008-09-29 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground

2008-09-26 21:57 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll

2008-09-26 21:57 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll

2008-09-26 21:57 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll

2008-09-26 21:57 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll

2008-09-26 21:57 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll

2008-09-26 21:57 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll

2008-09-25 01:58 . 2008-09-23 20:31 73,216 --a------ C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe

2008-09-24 00:30 . 2008-09-24 00:30 <DIR> d-------- C:\Arquivos de programas\ImTOO

2008-09-19 22:36 . 2008-09-19 22:36 <DIR> d-------- C:\Documents and Settings\HOME\Dados de aplicativos\SPORE

2008-09-19 22:28 . 2008-09-19 22:28 <DIR> d-------- C:\ProgramData

2008-09-19 22:28 . 2008-09-19 22:28 <DIR> d-------- C:\Arquivos de programas\Electronic Arts

2008-09-19 22:27 . 2008-09-19 22:27 1,158 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

2008-09-18 23:03 . 2008-10-13 19:11 <DIR> d-------- C:\Arquivos de programas\Intelbras

2008-09-18 00:18 . 2004-08-04 00:36 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-15 22:42 950,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-15 22:42 31,994,400 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-15 22:28 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\BitTorrent

2008-10-15 21:00 --------- d-----w C:\Arquivos de programas\Norton Security Scan

2008-10-15 20:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-10-15 19:21 92,864 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-15 19:21 429,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-14 21:56 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-10-08 03:43 --------- d-----w C:\Arquivos de programas\Xvid

2008-09-23 21:29 --------- d-----w C:\Arquivos de programas\BitTorrent

2008-09-22 11:46 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\Orbit

2008-09-20 01:28 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-19 02:16 --------- d-----w C:\Arquivos de programas\Kaneva

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-15 02:53 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\BSplayer

2008-09-09 00:06 --------- d-----w C:\Arquivos de programas\CCleaner

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-03 21:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2008-09-03 20:09 --------- d-----w C:\Arquivos de programas\mozilla.org

2008-09-03 19:47 --------- d--h--w C:\Arquivos de programas\Realteck

2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-16 13:40 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\Stellarium

2008-08-15 17:35 --------- d-----w C:\Arquivos de programas\ShaagChess

2008-08-15 17:02 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SWF Studio

2008-08-15 04:01 --------- d-----w C:\Arquivos de programas\Zylom Games

2008-08-15 03:00 --------- d-----w C:\Documents and Settings\HOME\Dados de aplicativos\Zylom

2008-08-14 13:24 2,193,408 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,070,272 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-05-08 17:13 0 ----a-w C:\Arquivos de programas\temp01

2008-01-30 02:42 22,328 ----a-w C:\Documents and Settings\HOME\Dados de aplicativos\PnkBstrK.sys

2008-06-10 15:53 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-10-13_20.29.40,24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-14 13:24:43 2,149,376 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:24:46 2,070,272 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:24:42 2,028,032 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:24:45 2,193,408 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

- 2005-10-20 22:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE

+ 2008-06-23 16:29:40 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll

+ 2008-06-23 16:29:40 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll

+ 2008-06-23 16:29:40 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll

+ 2008-06-23 16:29:40 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll

+ 2008-06-23 16:29:40 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll

+ 2008-06-23 09:24:09 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe

+ 2008-06-23 16:29:41 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll

+ 2008-06-23 16:29:41 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll

+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll

+ 2008-06-23 16:29:41 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll

+ 2008-06-23 16:29:41 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll

+ 2008-06-23 16:29:42 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll

+ 2008-06-23 16:29:42 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll

+ 2008-06-23 16:29:43 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll

+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe

+ 2008-06-23 09:24:22 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe

+ 2008-06-23 16:29:43 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll

+ 2008-06-23 16:29:43 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll

+ 2008-06-23 16:29:43 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll

+ 2008-06-24 13:29:46 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll

+ 2008-06-23 16:29:44 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll

+ 2008-06-23 16:29:44 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll

+ 2008-06-23 16:29:45 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll

+ 2008-06-23 16:29:45 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll

+ 2008-06-23 16:29:45 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll

+ 2008-06-23 16:29:45 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll

+ 2008-06-23 16:29:46 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll

+ 2008-06-23 16:29:46 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll

+ 2008-06-23 16:29:46 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll

- 2008-09-10 21:51:57 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-10-15 19:20:59 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-09-10 21:51:57 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-15 19:20:59 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-09-10 21:51:57 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-15 19:20:59 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-09-10 21:51:57 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-15 19:20:59 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-09-10 21:51:57 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-15 19:20:59 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-09-10 21:51:58 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-15 19:20:59 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-09-10 21:51:58 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-10-15 19:20:59 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-09-10 21:51:58 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-15 19:20:59 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-09-10 21:51:57 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-15 19:20:59 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-09-10 21:51:57 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-15 19:20:59 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-09-10 21:51:58 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-15 19:20:59 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-09-10 21:51:57 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-10-15 19:20:59 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-09-10 21:51:57 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-15 19:20:59 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-09-10 21:52:11 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2008-10-15 19:19:38 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2000-08-31 10:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe

+ 2000-08-31 11:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe

- 2000-08-31 10:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

+ 2000-08-31 11:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe

- 2008-06-23 16:29:40 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-08-26 08:11:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2008-04-14 02:20:53 139,264 ----a-w C:\WINDOWS\system32\cscript.exe

+ 2008-05-09 08:45:51 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

- 2008-06-23 16:29:40 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-08-26 08:11:45 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-06-23 16:29:40 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-08-26 08:11:45 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-06-23 16:29:40 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-08-26 08:11:45 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-06-23 16:29:40 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-08-26 08:11:45 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-06-23 16:29:40 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-08-26 08:11:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-06-23 09:24:09 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-08-25 08:42:17 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-06-23 16:29:41 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-08-26 08:11:45 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-06-23 16:29:41 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-08-26 08:11:45 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-06-23 16:29:41 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-08-26 08:11:46 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-06-23 16:29:41 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-08-26 08:11:46 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-06-23 16:29:42 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-10-03 17:26:01 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-06-23 16:29:42 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-08-26 08:11:48 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-06-23 16:29:43 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-08-26 08:11:48 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-06-23 09:24:22 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-06-23 16:29:43 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-08-26 08:11:49 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2008-06-23 16:29:43 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-08-26 08:11:49 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-06-23 16:29:43 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-08-26 08:11:49 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-06-24 13:29:46 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-08-27 09:11:54 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-06-23 16:29:44 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-08-26 08:11:52 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-06-23 16:29:44 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-08-26 08:11:52 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-06-23 16:29:45 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-08-26 08:11:53 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

- 2008-06-23 16:29:45 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-08-26 08:11:53 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-06-23 16:29:45 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-08-26 08:11:53 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2008-06-23 16:29:45 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-08-26 08:11:53 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2008-06-23 16:29:46 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-26 08:11:53 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-06-23 16:29:46 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-08-26 08:11:54 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-06-23 16:29:46 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-26 08:11:54 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

- 2008-06-23 16:29:40 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-08-26 08:11:45 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-06-23 16:29:40 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-08-26 08:11:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2008-06-23 16:29:40 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-08-26 08:11:45 133,120 ------w C:\WINDOWS\system32\extmgr.dll

- 2008-10-13 18:06:13 1,558,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-15 20:01:50 1,558,264 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-06-23 16:29:40 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-08-26 08:11:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-06-23 09:24:09 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-08-25 08:42:17 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

- 2008-06-23 16:29:41 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

+ 2008-08-26 08:11:45 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

- 2008-06-23 16:29:41 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

+ 2008-08-26 08:11:45 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll

+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll

- 2008-06-23 16:29:41 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-08-26 08:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-06-23 16:29:41 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-08-26 08:11:46 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

- 2008-06-23 16:29:42 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-10-03 17:26:01 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-06-23 16:29:42 44,544 ------w C:\WINDOWS\system32\iernonce.dll

+ 2008-08-26 08:11:48 44,544 ------w C:\WINDOWS\system32\iernonce.dll

- 2008-06-23 16:29:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-08-26 08:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-04-14 02:20:29 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2008-05-09 10:55:05 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

- 2008-06-23 16:29:43 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

+ 2008-08-26 08:11:49 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-06-23 16:29:43 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-08-26 08:11:49 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-06-23 16:29:43 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-08-26 08:11:49 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-06-24 13:29:46 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-27 09:11:54 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-06-23 16:29:44 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-08-26 08:11:52 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-06-23 16:29:44 193,024 ------w C:\WINDOWS\system32\msrating.dll

+ 2008-08-26 08:11:52 193,024 ------w C:\WINDOWS\system32\msrating.dll

- 2008-06-23 16:29:45 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2008-08-26 08:11:53 671,232 ------w C:\WINDOWS\system32\mstime.dll

- 2008-06-23 16:29:45 102,912 ------w C:\WINDOWS\system32\occache.dll

+ 2008-08-26 08:11:53 102,912 ------w C:\WINDOWS\system32\occache.dll

- 2008-10-13 18:07:32 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-10-14 10:20:29 60,760 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-10-13 18:07:32 69,592 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-10-14 10:20:30 69,592 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-10-13 18:07:32 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-10-14 10:20:30 400,600 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-10-13 18:07:32 433,604 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-10-14 10:20:30 433,604 ----a-w C:\WINDOWS\system32\perfh016.dat

- 2008-06-23 16:29:45 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-08-26 08:11:53 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2008-04-14 02:20:40 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

+ 2008-05-09 10:55:05 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

- 2008-04-14 02:20:40 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

+ 2008-05-09 10:55:05 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

- 2008-06-23 16:29:45 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-08-26 08:11:53 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-06-23 16:29:46 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-26 08:11:53 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-04-14 02:20:40 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll

+ 2008-05-09 10:55:06 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

- 2008-06-23 16:29:46 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-08-26 08:11:54 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2008-04-14 02:21:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

- 2008-04-14 02:20:44 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

+ 2008-05-09 10:55:06 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

"BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2008-09-26 634672]

"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 8429568]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-03-30 500224]

"Microsoft Genuine Advantage"="C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe" [2008-09-23 73216]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Microsoft Genuine Advantage"="C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe" [2008-09-23 73216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^IMVU.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\IMVU.lnk

backup=C:\WINDOWS\pss\IMVU.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^MagicDisc.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\MagicDisc.lnk

backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^Registration Assassin's Creed.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\Registration Assassin's Creed.lnk

backup=C:\WINDOWS\pss\Registration Assassin's Creed.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Menu Iniciar^Programas^Inicializar^Stardock ObjectDock.lnk]

path=C:\Documents and Settings\HOME\Menu Iniciar\Programas\Inicializar\Stardock ObjectDock.lnk

backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

--a------ 2007-02-28 23:06 2321600 C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2007-03-09 20:50 200768 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-27 18:03 152872 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2008-09-26 20:44 634672 C:\Arquivos de programas\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2007-10-18 18:44 286016 C:\Arquivos de programas\BitTorrent_DNA\dna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-13 23:20 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-01-17 13:51 486856 C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

--a------ 2008-07-21 14:07 2752512 C:\Arquivos de programas\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

-ra------ 2006-11-22 00:50 704512 C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

--a------ 2003-10-23 18:51 233472 C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2003-06-25 10:24 49152 C:\Arquivos de programas\Hewlett-Packard\HP Software Update\hpwuSchd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

--a------ 2005-07-22 23:33 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2007-04-12 12:44 8429568 C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-04-12 12:44 81920 C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2003-12-08 17:35 32768 C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-10-19 14:03 68856 C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 17:20 866584 C:\Arquivos de programas\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2007-04-12 12:44 1626112 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

-ra------ 2004-01-29 21:33 180224 C:\WINDOWS\system32\pctspk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]

-ra------ 2006-07-10 15:33 176128 C:\WINDOWS\system32\S3Trayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-06-20 10:42 77824 C:\WINDOWS\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

-ra------ 2006-08-03 03:53 53248 C:\WINDOWS\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Electronic Arts\\EADM\\Core.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"F:\\Arquivos de programas\\Need For Speed Underground\\Speed.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11264]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-09 31232]

S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2004-01-29 180224]

S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]

S3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-08-13 654848]

S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]

S3 XDva182;XDva182;C:\WINDOWS\system32\XDva182.sys [ ]

S3 XDva190;XDva190;C:\WINDOWS\system32\XDva190.sys [ ]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-15 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

 

2008-10-15 C:\WINDOWS\Tasks\Norton Security Scan.job

- C:\Arquivos de programas\Norton Security Scan\Nss.exe [2008-01-09 04:08]

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-15 19:42:26

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-15 19:43:43

ComboFix-quarantined-files.txt 2008-10-15 22:43:17

ComboFix2.txt 2008-10-13 22:30:31

 

Pré-execução: 14 pasta(s) 28.101.070.848 bytes disponíveis

Pós execução: 19 pasta(s) 28,095,602,688 bytes disponíveis

 

442 --- E O F --- 2008-10-15 19:21:25

 

 

Ta ae o LOG

[PedroN 1]

- Poste um novo log do hijackthis;

[mickimaster 0]

Vou postar aqui os 2 log Hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 22:42:50, on 22/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads by Orbit\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 198.173.96.172 caixa.gov.br

O1 - Hosts: 198.173.96.172 www.caixa.gov.br

O1 - Hosts: 198.173.96.172 caixa.com.br

O1 - Hosts: 198.173.96.172 www.caixa.com.br

O1 - Hosts: 198.173.96.172 cef.gov.br

O1 - Hosts: 198.173.96.172 www.cef.gov.br

O1 - Hosts: 198.173.96.172 www.cef.com.br

O1 - Hosts: 198.173.96.172 www.caixaeconomica.com.br

O1 - Hosts: 198.173.96.172 www.caixaeconomicafederal.com.br

O1 - Hosts: 199.237.207.63 bb.com.br

O1 - Hosts: 199.237.207.63 www.bb.com.br

O1 - Hosts: 199.237.207.63 bancodobrasil.com.br

O1 - Hosts: 199.237.207.63 www.bancodobrasil.com.br

O1 - Hosts: 199.237.207.63 bancobrasil.com.br

O1 - Hosts: 199.237.207.63 www.bancobrasil.com.br

O1 - Hosts: 199.237.207.63 itau.com.br

O1 - Hosts: 199.237.207.63 www.itau.com.br

O1 - Hosts: 199.237.207.63 itaupersonnalite.com.br

O1 - Hosts: 199.237.207.63 www.itaupersonnalite.com.br

O1 - Hosts: 199.237.207.63 www.itauprivatebank.com.br

O1 - Hosts: 199.237.207.63 itauprivatebank.com.br

O1 - Hosts: 69.65.38.198 bradesco.com.br

O1 - Hosts: 69.65.38.198 www.bradesco.com.br

O1 - Hosts: 69.65.38.198 santander.com.br

O1 - Hosts: 69.65.38.198 www.santander.com.br

O1 - Hosts: 69.65.38.198 www.banespa.com.br

O1 - Hosts: 69.65.38.198 banespa.com.br

O1 - Hosts: 69.65.38.198 www.credicardciti.com.br

O1 - Hosts: 199.237.207.63 www.credicarditau.com.br

O1 - Hosts: 199.237.207.63 banrisul.com.br

O1 - Hosts: 199.237.207.63 www.banrisul.com.br

O1 - Hosts: 199.237.207.63 unibanco.com.br

O1 - Hosts: 199.237.207.63 www.unibanco.com

O1 - Hosts: 199.237.207.63 www.unibanco.com.br

O1 - Hosts: 199.237.207.63 nossacaixa.com.br

O1 - Hosts: 199.237.207.63 www.nossacaixa.com.br

O1 - Hosts: 69.65.38.198 real.com.br

O1 - Hosts: 69.65.38.198 www.real.com.br

O1 - Hosts: 69.65.38.198 bancoreal.com.br

O1 - Hosts: 69.65.38.198 www.bancoreal.com.br

O1 - Hosts: 199.237.207.63 www.visanet.com.br

O1 - Hosts: 199.237.207.63 www.cartaobndes.gov.br

O1 - Hosts: 199.237.207.63 infoseg.gov.br

O1 - Hosts: 199.237.207.63 www.infoseg.gov.br

O1 - Hosts: 199.237.207.63 www2.infoseg.gov.br

O1 - Hosts: 199.237.207.63 www.equifax.com.br

O1 - Hosts: 199.237.207.63 www.sci.com.br

O1 - Hosts: 199.237.207.63 serasa.com

O1 - Hosts: 199.237.207.63 www.serasa.com

O1 - Hosts: 199.237.207.63 serasa.com.br

O1 - Hosts: 199.237.207.63 www.serasa.com.br

O1 - Hosts: 199.237.207.63 www.checkcheck.com.br

O1 - Hosts: 199.237.207.63 www.spc.org.br

O1 - Hosts: 199.237.207.63 checktudo.com

O1 - Hosts: 199.237.207.63 www.checktudo.com

O1 - Hosts: 199.237.207.63 checktudo.com.br

O1 - Hosts: 199.237.207.63 www.checktudo.com.br

O1 - Hosts: 199.237.207.63 credd.com.br

O1 - Hosts: 199.237.207.63 www.credd.com.br

O1 - Hosts: 199.237.207.63 infobusca.informarketing.com

O1 - Hosts: 199.237.207.63 www.megadata.com.br

O1 - Hosts: 199.237.207.63 www.gravames.com.br

O1 - Hosts: 199.237.207.63 paypal.com

O1 - Hosts: 199.237.207.63 www.paypal.com

O1 - Hosts: 199.237.207.63 e-tim.timbrasil.com.br

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Microsoft Genuine Advantage] C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HOME\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Conexant Systems, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Segundo log

 

Logfile of HijackThis v1.99.1

Scan saved at 22:43:58, on 22/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads by Orbit\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 198.173.96.172 caixa.gov.br

O1 - Hosts: 198.173.96.172 www.caixa.gov.br

O1 - Hosts: 198.173.96.172 caixa.com.br

O1 - Hosts: 198.173.96.172 www.caixa.com.br

O1 - Hosts: 198.173.96.172 cef.gov.br

O1 - Hosts: 198.173.96.172 www.cef.gov.br

O1 - Hosts: 198.173.96.172 www.cef.com.br

O1 - Hosts: 198.173.96.172 www.caixaeconomica.com.br

O1 - Hosts: 198.173.96.172 www.caixaeconomicafederal.com.br

O1 - Hosts: 199.237.207.63 bb.com.br

O1 - Hosts: 199.237.207.63 www.bb.com.br

O1 - Hosts: 199.237.207.63 bancodobrasil.com.br

O1 - Hosts: 199.237.207.63 www.bancodobrasil.com.br

O1 - Hosts: 199.237.207.63 bancobrasil.com.br

O1 - Hosts: 199.237.207.63 www.bancobrasil.com.br

O1 - Hosts: 199.237.207.63 itau.com.br

O1 - Hosts: 199.237.207.63 www.itau.com.br

O1 - Hosts: 199.237.207.63 itaupersonnalite.com.br

O1 - Hosts: 199.237.207.63 www.itaupersonnalite.com.br

O1 - Hosts: 199.237.207.63 www.itauprivatebank.com.br

O1 - Hosts: 199.237.207.63 itauprivatebank.com.br

O1 - Hosts: 69.65.38.198 bradesco.com.br

O1 - Hosts: 69.65.38.198 www.bradesco.com.br

O1 - Hosts: 69.65.38.198 santander.com.br

O1 - Hosts: 69.65.38.198 www.santander.com.br

O1 - Hosts: 69.65.38.198 www.banespa.com.br

O1 - Hosts: 69.65.38.198 banespa.com.br

O1 - Hosts: 69.65.38.198 www.credicardciti.com.br

O1 - Hosts: 199.237.207.63 www.credicarditau.com.br

O1 - Hosts: 199.237.207.63 banrisul.com.br

O1 - Hosts: 199.237.207.63 www.banrisul.com.br

O1 - Hosts: 199.237.207.63 unibanco.com.br

O1 - Hosts: 199.237.207.63 www.unibanco.com

O1 - Hosts: 199.237.207.63 www.unibanco.com.br

O1 - Hosts: 199.237.207.63 nossacaixa.com.br

O1 - Hosts: 199.237.207.63 www.nossacaixa.com.br

O1 - Hosts: 69.65.38.198 real.com.br

O1 - Hosts: 69.65.38.198 www.real.com.br

O1 - Hosts: 69.65.38.198 bancoreal.com.br

O1 - Hosts: 69.65.38.198 www.bancoreal.com.br

O1 - Hosts: 199.237.207.63 www.visanet.com.br

O1 - Hosts: 199.237.207.63 www.cartaobndes.gov.br

O1 - Hosts: 199.237.207.63 infoseg.gov.br

O1 - Hosts: 199.237.207.63 www.infoseg.gov.br

O1 - Hosts: 199.237.207.63 www2.infoseg.gov.br

O1 - Hosts: 199.237.207.63 www.equifax.com.br

O1 - Hosts: 199.237.207.63 www.sci.com.br

O1 - Hosts: 199.237.207.63 serasa.com

O1 - Hosts: 199.237.207.63 www.serasa.com

O1 - Hosts: 199.237.207.63 serasa.com.br

O1 - Hosts: 199.237.207.63 www.serasa.com.br

O1 - Hosts: 199.237.207.63 www.checkcheck.com.br

O1 - Hosts: 199.237.207.63 www.spc.org.br

O1 - Hosts: 199.237.207.63 checktudo.com

O1 - Hosts: 199.237.207.63 www.checktudo.com

O1 - Hosts: 199.237.207.63 checktudo.com.br

O1 - Hosts: 199.237.207.63 www.checktudo.com.br

O1 - Hosts: 199.237.207.63 credd.com.br

O1 - Hosts: 199.237.207.63 www.credd.com.br

O1 - Hosts: 199.237.207.63 infobusca.informarketing.com

O1 - Hosts: 199.237.207.63 www.megadata.com.br

O1 - Hosts: 199.237.207.63 www.gravames.com.br

O1 - Hosts: 199.237.207.63 paypal.com

O1 - Hosts: 199.237.207.63 www.paypal.com

O1 - Hosts: 199.237.207.63 e-tim.timbrasil.com.br

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Microsoft Genuine Advantage] C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HOME\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Conexant Systems, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

[PedroN 1]

Olá amigo um log de cada vez, assim torna uma grande confusão. Escolha um log para ser análisado primeiro

[mickimaster 0]

Ta ae o log que voce pediu =)

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:42:50, on 22/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe

C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Downloads by Orbit\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/def...://br.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 198.173.96.172 caixa.gov.br

O1 - Hosts: 198.173.96.172 www.caixa.gov.br

O1 - Hosts: 198.173.96.172 caixa.com.br

O1 - Hosts: 198.173.96.172 www.caixa.com.br

O1 - Hosts: 198.173.96.172 cef.gov.br

O1 - Hosts: 198.173.96.172 www.cef.gov.br

O1 - Hosts: 198.173.96.172 www.cef.com.br

O1 - Hosts: 198.173.96.172 www.caixaeconomica.com.br

O1 - Hosts: 198.173.96.172 www.caixaeconomicafederal.com.br

O1 - Hosts: 199.237.207.63 bb.com.br

O1 - Hosts: 199.237.207.63 www.bb.com.br

O1 - Hosts: 199.237.207.63 bancodobrasil.com.br

O1 - Hosts: 199.237.207.63 www.bancodobrasil.com.br

O1 - Hosts: 199.237.207.63 bancobrasil.com.br

O1 - Hosts: 199.237.207.63 www.bancobrasil.com.br

O1 - Hosts: 199.237.207.63 itau.com.br

O1 - Hosts: 199.237.207.63 www.itau.com.br

O1 - Hosts: 199.237.207.63 itaupersonnalite.com.br

O1 - Hosts: 199.237.207.63 www.itaupersonnalite.com.br

O1 - Hosts: 199.237.207.63 www.itauprivatebank.com.br

O1 - Hosts: 199.237.207.63 itauprivatebank.com.br

O1 - Hosts: 69.65.38.198 bradesco.com.br

O1 - Hosts: 69.65.38.198 www.bradesco.com.br

O1 - Hosts: 69.65.38.198 santander.com.br

O1 - Hosts: 69.65.38.198 www.santander.com.br

O1 - Hosts: 69.65.38.198 www.banespa.com.br

O1 - Hosts: 69.65.38.198 banespa.com.br

O1 - Hosts: 69.65.38.198 www.credicardciti.com.br

O1 - Hosts: 199.237.207.63 www.credicarditau.com.br

O1 - Hosts: 199.237.207.63 banrisul.com.br

O1 - Hosts: 199.237.207.63 www.banrisul.com.br

O1 - Hosts: 199.237.207.63 unibanco.com.br

O1 - Hosts: 199.237.207.63 www.unibanco.com

O1 - Hosts: 199.237.207.63 www.unibanco.com.br

O1 - Hosts: 199.237.207.63 nossacaixa.com.br

O1 - Hosts: 199.237.207.63 www.nossacaixa.com.br

O1 - Hosts: 69.65.38.198 real.com.br

O1 - Hosts: 69.65.38.198 www.real.com.br

O1 - Hosts: 69.65.38.198 bancoreal.com.br

O1 - Hosts: 69.65.38.198 www.bancoreal.com.br

O1 - Hosts: 199.237.207.63 www.visanet.com.br

O1 - Hosts: 199.237.207.63 www.cartaobndes.gov.br

O1 - Hosts: 199.237.207.63 infoseg.gov.br

O1 - Hosts: 199.237.207.63 www.infoseg.gov.br

O1 - Hosts: 199.237.207.63 www2.infoseg.gov.br

O1 - Hosts: 199.237.207.63 www.equifax.com.br

O1 - Hosts: 199.237.207.63 www.sci.com.br

O1 - Hosts: 199.237.207.63 serasa.com

O1 - Hosts: 199.237.207.63 www.serasa.com

O1 - Hosts: 199.237.207.63 serasa.com.br

O1 - Hosts: 199.237.207.63 www.serasa.com.br

O1 - Hosts: 199.237.207.63 www.checkcheck.com.br

O1 - Hosts: 199.237.207.63 www.spc.org.br

O1 - Hosts: 199.237.207.63 checktudo.com

O1 - Hosts: 199.237.207.63 www.checktudo.com

O1 - Hosts: 199.237.207.63 checktudo.com.br

O1 - Hosts: 199.237.207.63 www.checktudo.com.br

O1 - Hosts: 199.237.207.63 credd.com.br

O1 - Hosts: 199.237.207.63 www.credd.com.br

O1 - Hosts: 199.237.207.63 infobusca.informarketing.com

O1 - Hosts: 199.237.207.63 www.megadata.com.br

O1 - Hosts: 199.237.207.63 www.gravames.com.br

O1 - Hosts: 199.237.207.63 paypal.com

O1 - Hosts: 199.237.207.63 www.paypal.com

O1 - Hosts: 199.237.207.63 e-tim.timbrasil.com.br

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [Microsoft Genuine Advantage] C:\Documents and Settings\HOME\Dados de aplicativos\MicrosoftGenuine.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HOME\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0FF588E0-0913-4CBC-BEC6-422A2D96B7FB} (AuditionWebCtrl Class) - http://www.audition.com.br/activex/AuditionWeb.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Arquivos de programas\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - Conexant Systems, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

[PedroN 1]

1)

 

Faça o download do HostsXpert

http://www.linhadefensiva.org/dl/hoster

 

Abra o programa. Clique em Restore Microsoft's Hosts File[/]. Clique em OK, feche o programa.

 

2)

 

- Baixe: < ComboFix.exe >

- Salve-o no Desktop!

- Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

- Feche todas as janelas e execute a ferramenta!

- Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

-- Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

- Abrir-se-á a janela Auto Scan. --> Aguarde!

- Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

- Aguarde a conclusão!

- Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

- Para parar ou sair do ComboFix,tecle "N".

----------------------

- Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.