Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

esdrasyave

[Resolvido!] Meu PC não lê USB

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

esdrasyave    0

esdrasyave
Postado

Não sei o q está acontecendo mas meu pc não está lendo meus pen drives..

Acho q foi dps q eu peguei um crack..e tentei instaçar um arquivo .EXE mas nao aconteceu nada. Me ajudem please..

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Não sei o q está acontecendo mas meu pc não está lendo meus pen drives..

Acho q foi dps q eu peguei um crack..e tentei instaçar um arquivo .EXE mas nao aconteceu nada. Me ajudem please..

<><><><><><><><><>

Opa! esdrasyave

 

 

<!> Poste o log do HijackThis,segundo este Tutorial.

 

< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:02, on 16/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Program Files\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Arquivos de programas\Dealio\kb127\Dealio.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R

O4 - HKLM\..\RunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\lan-04\Dados de aplicativos\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 10426 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! esdrasyave

 

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt )

<><><><><><><><><><>

<@> Baixe: < Autoplay Repair Wizard >

<@> Execute a ferramenta,que fará as devidas correções e,ao final,exibirá um relatório. ( AutoFix[V.x.x.xxxx.xx] )

<@> Utilize o Autoplay Repair Wizard,no reparo de cada unidade,aonde teremos relatórios individualizados.

<@> O êxito na correção,estará assinalado: Result: This AutoPlay setting was successfully fixed

<><><><><><><><><><>

<@> Baixe: < desktopicon.png > ( ...by sUBs )

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. <-- Link!

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : lan-04 ( Administrator )

BOOT : Fail-safe with network boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090416-0] 4.8.1335 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:7 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:19 Go (Free:5 Go)

F:\ (Local Disk) - FAT32 - Total:18 Go (Free:1 Go)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( qui 16/04/2009|19:27 )

C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Arquivos de programas\AskBarDis\bar

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.dat

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.exe

Deletado! - C:\Arquivos de programas\AskSBar\bar

Deletado! - C:\Arquivos de programas\AskTBar\bar

Deletado! - C:\Arquivos de programas\AskTBar\SrchAstt

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio\dinstallhelper.8AACB8EC3EB44DD7AF111D56BE8DEF73.dll

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio\kb127

Deletado! - C:\Arquivos de programas\Dealio\DealioAU.exe

Deletado! - C:\Arquivos de programas\Dealio\kb127

Deletado! - C:\Arquivos de programas\Dealio\SearchSettingsKit.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\Dealio

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Search Settings\kb127

Deletado! - C:\Arquivos de programas\Search Settings\kb127

Deletado! - C:\Arquivos de programas\Search Settings\SearchSettings.exe

Deletado! - C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

Deletado! - C:\Arquivos de programas\AskBarDis

Deletado! - C:\Arquivos de programas\AskSBar

Deletado! - C:\Arquivos de programas\AskTBar

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio

Deletado! - C:\Arquivos de programas\Dealio

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Search Settings

Deletado! - C:\Arquivos de programas\Search Settings

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(lan-04) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload

(lan-04) - {5e594888-3e8e-47da-b2c6-b0b545112f84} => saveimageinfolder

(lan-04) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.orkut.com/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_Search_URL"="http://www.google.com/ie"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\lan-04\Dados de aplicativos\uTorrent\Total Video Converter 3.11+crack.rar.torrent

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 16/04/2009|19:29 - Option : [2]

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

Agora to colocando o log do AutoFix na Unid. C, posteriormente estarei colocando outros

 

AutoFix [V5.2.3790.67]

Time [2009-04-16 19:39:07]

Microsoft Windows Version [5.1 (Service Pack 3) <2600>]

 

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:

Result [AutoStart Setting]: OK

Result [The Shell Hardware Detection service is running.]: Problems

 

Test [Policies] - Instance [C:\, Drive Type: 0]:

Result [HKCU\...\Policies!NoDrives]: OK {Present}

Result [HKCU\...\Policies!NoDriveAutorun]: Problems {Present}

Result [HKCU\...\Policies!NoDriveTypeAutorun]: Problems {Present}

>> Repair << [HKCU\...\Policies!NoDriveAutorun]

Step: Resetting policy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFFFB.

Result: This AutoPlay setting was successfully fixed.

>> Repair << [HKCU\...\Policies!NoDriveTypeAutorun]

Step: Resetting policy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutorun to 0x00000142.

Result: This AutoPlay setting was successfully fixed.

 

>> Required action: The user must log off and log on again

 

Fiz log off e log on c/ msm usuario.. e fiz um novo log do Autofix..P.S.: nao to conseguindo fazer das outras unidades

 

AutoFix [V5.2.3790.67]

Time [2009-04-16 19:45:35]

Microsoft Windows Version [5.1 (Service Pack 3) <2600>]

 

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:

Result [AutoStart Setting]: OK

Result [The Shell Hardware Detection service is running.]: Problems

>> Repair << [The Shell Hardware Detection service is running.]

Step: Starting the Shell Hardware Detection service.

Result: The wizard ran into problems while trying to start the Shell Hardware Detection service.

 

>> Required action: The wizard found problems but cannot fix them -> None

 

ComboFix 09-04-17.01 - lan-04 16/04/2009 19:58.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.510.203 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090416-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\lan-04\Dados de aplicativos\Microsoft\SystemCertificates\Request

c:\windows\system32\_000023_.tmp.dll

c:\windows\system32\_000024_.tmp.dll

c:\windows\system32\_000025_.tmp.dll

c:\windows\system32\_000026_.tmp.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-17 to 2009-04-17 ))))))))))))))))))))))))))))

.

 

2009-04-16 22:55 . 2009-04-16 22:55 150 ----a-w c:\windows\system32\spupdsvc.inf

2009-04-16 22:55 . 2009-04-16 22:55 -------- d-----w c:\windows\LastGood

2009-04-16 22:26 . 2009-04-16 22:29 -------- d-----w C:\ToolBar SD

2009-04-16 22:21 . 2009-04-16 22:21 343017 ----a-w C:\ToolBarSD.exe

2009-04-16 21:34 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-16 21:34 . 2009-03-06 14:20 286208 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-16 21:34 . 2009-03-06 14:20 286208 ----a-w c:\windows\system32\SET21.tmp

2009-04-16 21:34 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-16 21:34 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-16 21:34 . 2009-02-09 10:53 401408 ----a-w c:\windows\system32\SET20.tmp

2009-04-16 21:34 . 2009-02-09 10:53 683520 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-16 21:34 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-16 21:34 . 2009-02-09 10:53 731648 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-16 21:34 . 2009-02-09 10:53 730624 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-16 21:34 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-16 21:23 . 2009-04-16 21:23 118 ----a-w c:\windows\system32\MRT.INI

2009-04-16 21:11 . 2009-04-16 21:27 1374 ----a-w c:\windows\imsins.BAK

2009-04-16 17:50 . 2008-04-21 21:15 216064 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-16 01:42 . 2009-04-16 01:42 -------- d--h--w C:\mug

2009-04-14 02:38 . 2009-04-14 02:53 3211264 ----a-w C:\Angra - The Temple Of Hate Live 2004.flv

2009-04-14 02:32 . 2009-04-14 02:38 22663087 ----a-w C:\Angra - live in piaui pop 2005 - carolina IV.flv

2009-04-14 02:26 . 2009-04-14 02:32 19907281 ----a-w C:\Angra - Never Understand.flv

2009-04-13 02:05 . 2009-04-13 02:09 8033600 ----a-w C:\U2 Natal - I Believe In Father Christmas - Legendado.flv

2009-04-13 02:01 . 2009-04-13 02:01 34 ---ha-w c:\windows\system32\DVDRippper_sysquict.dat

2009-04-13 02:01 . 2009-04-13 02:04 -------- d-----w c:\arquivos de programas\Abcc Free Youtube FLV Video Downloader&Converter

2009-04-11 19:12 . 2009-04-16 22:53 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2009-04-11 19:12 . 2009-04-11 19:12 -------- d-----w c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\DNA

2009-04-11 19:12 . 2009-04-16 23:01 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\DNA

2009-04-11 19:12 . 2009-04-16 22:51 -------- d-----w c:\arquivos de programas\DNA

2009-04-11 19:12 . 2009-04-11 20:09 -------- d-----w c:\arquivos de programas\BitTorrent

2009-04-11 01:31 . 2007-05-17 20:30 318976 ----a-w c:\windows\system32\avisynth.dll

2009-04-11 01:31 . 2004-02-22 13:11 719872 ----a-w c:\windows\system32\devil.dll

2009-04-11 01:31 . 2005-07-14 15:31 27648 ----a-w c:\windows\system32\AVSredirect.dll

2009-04-11 01:31 . 2005-02-12 23:00 67584 --sh--r c:\windows\system32\RLTheoraDec.ax

2009-04-11 01:31 . 2005-02-12 23:00 51712 --sh--r c:\windows\system32\RLSpeexDec.ax

2009-04-11 01:31 . 2005-02-12 23:00 186880 --sh--r c:\windows\system32\RLOgg.ax

2009-04-11 01:31 . 2005-02-05 23:00 92672 --sh--r c:\windows\system32\RLVorbisDec.ax

2009-04-11 01:31 . 2005-02-22 16:55 81920 --sh--r c:\windows\system32\aac_parser.ax

2009-04-11 01:31 . 2005-01-17 23:26 179200 --sh--r c:\windows\system32\DiracSplitter.ax

2009-04-01 15:31 . 2009-04-08 01:40 -------- d-----w c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2009-03-29 23:24 . 2009-03-29 23:25 -------- d--h--w c:\windows\mug

2009-03-29 23:22 . 2009-03-29 23:22 -------- d-----w C:\Dr Lair Ribeiro

2009-03-29 09:48 . 2009-03-29 09:48 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Lavasoft

2009-03-28 08:39 . 2009-03-23 18:12 152576 ----a-w C:\Planilha das Heliconias.xls

2009-03-26 21:55 . 2009-03-26 23:51 -------- d--h--w c:\documents and settings\Administrador\Modelos

2009-03-26 21:55 . 2009-03-26 23:51 -------- d-----w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft

2009-03-26 21:55 . 2009-03-26 23:51 -------- d-----w c:\documents and settings\Administrador

2009-03-22 17:07 . 2009-03-22 17:07 3250 ----a-w C:\MOV03619.THM

2009-03-22 17:01 . 2009-03-22 17:07 115558906 ----a-w C:\MOV03619.AVI

2009-03-22 17:01 . 2009-03-22 17:01 3603 ----a-w C:\MOV03618.THM

2009-03-22 17:01 . 2009-03-22 17:01 1319904 ----a-w C:\MOV03618.AVI

2009-03-21 14:08 . 2009-03-21 14:08 1028608 -c----w c:\windows\system32\dllcache\kernel32.dll

2009-03-21 12:33 . 2009-03-21 18:50 -------- d-----w C:\Temp

2009-03-21 12:32 . 2005-11-21 05:48 45056 ----a-w c:\windows\system32\WNASPI32.DLL

2009-03-21 12:32 . 2005-11-21 05:48 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS

2009-03-21 12:31 . 2009-03-21 12:31 -------- d-----w c:\arquivos de programas\ImTOO

2009-03-21 00:59 . 2009-03-21 00:59 -------- d-----w c:\arquivos de programas\Foxit Software

2009-03-19 21:34 . 2009-03-19 21:34 -------- d-----w C:\PSFONTS

2009-03-19 21:32 . 2009-03-20 11:37 -------- d-----w c:\arquivos de programas\Finale Reader

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-16 22:53 . 2008-07-27 13:19 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2009-04-16 22:29 . 2009-04-16 22:27 3735 ----a-w C:\TB.txt

2009-04-16 01:20 . 2009-03-14 20:23 -------- d-----w c:\arquivos de programas\a-squared Free

2009-04-16 00:31 . 2009-03-03 23:12 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2009-04-16 00:13 . 2008-12-26 21:14 -------- d-----w c:\arquivos de programas\CleanCenter

2009-04-15 23:40 . 2009-03-03 23:06 -------- d-----w c:\arquivos de programas\SolidDocuments

2009-04-15 19:45 . 2008-07-10 20:54 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\Image Zone Express

2009-04-14 03:43 . 2008-11-10 23:38 -------- d-----w c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-04-12 18:46 . 2009-01-13 14:08 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\uTorrent

2009-04-06 18:32 . 2008-11-10 23:38 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32 . 2008-11-10 23:38 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-05 17:23 . 2009-01-14 23:23 -------- d-----w c:\arquivos de programas\Megacubo

2009-04-05 17:12 . 2009-01-14 23:24 -------- d-----w c:\arquivos de programas\SopCast

2009-04-03 04:49 . 2009-01-13 14:08 -------- d-----w c:\arquivos de programas\uTorrent

2009-03-31 22:33 . 2001-10-28 12:07 98846 ----a-w c:\windows\system32\perfc016.dat

2009-03-31 22:33 . 2001-10-28 12:07 551248 ----a-w c:\windows\system32\perfh016.dat

2009-03-29 10:07 . 2009-03-14 18:50 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Avira

2009-03-27 19:22 . 2008-06-20 19:47 -------- d-----w c:\arquivos de programas\eMule

2009-03-27 00:05 . 2009-03-27 00:05 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\dvdcss

2009-03-27 00:04 . 2009-03-07 02:48 -------- d-----w c:\arquivos de programas\Total Video Converter

2009-03-27 00:04 . 2009-03-27 00:04 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\Foxit

2009-03-21 12:32 . 2009-03-21 12:32 216 ----a-w C:\temp.txt

2009-03-20 11:42 . 2008-06-06 15:08 62816 ----a-w c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-19 15:09 . 2008-12-21 21:20 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-19 15:09 . 2008-09-05 15:59 -------- d-----w c:\arquivos de programas\Java

2009-03-15 15:25 . 2009-03-15 15:23 -------- d-----w c:\arquivos de programas\TVUPlayer

2009-03-15 15:23 . 2009-03-15 15:23 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\TVU Networks

2009-03-15 15:23 . 2009-03-15 15:23 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\TVU Networks

2009-03-14 04:54 . 2009-03-14 04:54 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-03-14 04:50 . 2008-09-01 21:40 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-03-14 04:50 . 2008-09-01 21:40 -------- d-----w c:\arquivos de programas\Kaspersky Lab

2009-03-14 04:47 . 2009-03-14 04:31 -------- d-----w c:\arquivos de programas\Duplicate Cleaner

2009-03-14 04:18 . 2009-03-14 04:09 352288 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-03-14 04:18 . 2009-03-14 04:09 2284 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-03-14 04:18 . 2009-03-14 04:09 1164 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-14 04:18 . 2009-03-14 04:09 10784 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-14 04:02 . 2008-09-01 21:34 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-03-14 03:59 . 2008-10-12 13:31 8217 ----a-w C:\hijackthis.log

2009-03-12 15:22 . 2009-03-12 15:22 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\Thinstall

2009-03-04 22:18 . 2008-07-24 19:23 98304 --sha-w C:\Thumbs.db

2009-03-03 23:04 . 2009-03-03 23:04 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\SolidDocuments

2009-03-03 22:56 . 2009-03-03 22:56 -------- d-----w c:\arquivos de programas\SomePDF

2009-03-03 00:06 . 2004-08-04 03:45 826368 ----a-w c:\windows\system32\wininet.dll

2009-03-01 19:38 . 2009-03-01 19:38 21754 ----a-w C:\Skid+Row+-+Roadkill+-+DVD+PAL.torrent

2009-03-01 19:38 . 2009-03-01 19:38 17622 ----a-w C:\Skid Row (2007) [mininova].torrent

2009-03-01 19:38 . 2009-03-01 19:38 45735 ----a-w C:\Sebastian_Bach_(_Skid_Row_)_Forever_Wild_DVD.3257203.TPB.torrent

2009-03-01 19:19 . 2009-03-01 19:19 20184 ----a-w C:\Skid Row - Monkey Business Live On SNL mpg [www.Fulldls.com].torrent

2009-03-01 16:35 . 2009-03-01 16:35 -------- d-----w c:\arquivos de programas\CMG

2009-03-01 16:32 . 2009-03-01 16:29 -------- d-----w c:\arquivos de programas\Ant Movie Catalog

2009-02-26 14:17 . 2008-07-21 22:30 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\Any Video Converter

2009-02-26 01:41 . 2008-06-23 22:43 -------- d-----w c:\documents and settings\lan-04\Dados de aplicativos\HP

2009-02-25 20:55 . 2009-01-07 14:15 -------- d-----w c:\arquivos de programas\Microsoft Silverlight

2009-02-24 02:07 . 2009-02-24 02:07 -------- d-----w c:\arquivos de programas\MIKSOFT

2009-02-24 01:53 . 2009-02-24 01:53 168582 ----a-w C:\Gravando (3).amr

2009-02-24 01:52 . 2009-02-24 01:52 42982 ----a-w C:\Gravando (4).amr

2009-02-22 20:57 . 2009-02-22 21:04 1288741 ----a-w C:\Clipe(3).3gp

2009-02-21 22:00 . 2009-02-21 21:56 -------- d-----w c:\arquivos de programas\Puxa Rápido

2009-02-21 15:01 . 2009-02-21 15:01 44435 ----a-w C:\DREAM_THEATER-LIVE_AT_BUDOKAN_2004_WS_NTSC_DVDR-DVD2-AMRCMPG.3248289.TPB.torrent

2009-02-20 23:47 . 2009-02-20 23:47 3846 ----a-w C:\Grav000.amr

2009-02-20 20:38 . 2009-02-20 20:38 146827 ----a-w C:\DSC02431.jpg

2009-02-20 20:37 . 2009-02-20 20:37 814356 ----a-w C:\DSC02430.jpg

2009-02-20 20:27 . 2009-02-20 20:27 3206884 ----a-w C:\DSC02426.jpg

2009-02-20 20:27 . 2009-02-20 20:27 2877124 ----a-w C:\DSC02425.jpg

2009-02-20 20:26 . 2009-02-20 20:26 2047728 ----a-w C:\DSC02424.jpg

2009-02-20 20:26 . 2009-02-20 20:26 1312583 ----a-w C:\DSC02423.jpg

2009-02-20 20:26 . 2009-02-20 20:26 834427 ----a-w C:\DSC02422.jpg

2009-02-20 20:26 . 2009-02-20 20:26 879367 ----a-w C:\DSC02421.jpg

2009-02-20 18:13 . 2009-02-22 21:09 1089039 ----a-w C:\Vídeo018.3gp

2009-02-20 17:11 . 2004-08-04 03:45 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-18 23:24 . 2009-02-18 23:24 -------- d-----w c:\arquivos de programas\CCleaner

2009-02-15 02:01 . 2009-02-15 02:01 26935682 ----a-w C:\AULA solo guitarra - Improvisacao iniciante em Pentatonica.avi

2009-02-13 21:50 . 2009-02-13 21:49 84318472 ----a-w C:\Samson_ Zoom and Hartke Winter NAMM 2009 highlights video_.avi

2009-02-09 14:06 . 2004-08-04 03:38 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:25 . 2004-08-04 00:40 2028032 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:25 . 2004-08-04 03:40 2149376 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2004-08-04 03:45 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-04 03:45 731648 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-04 03:45 683520 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2004-08-04 03:45 730624 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 21:45 . 2009-02-06 21:45 45612 ----a-w C:\Sebastian_Bach___Skid_Row___Forever_Wild_DVD.torrent

2009-02-06 21:40 . 2009-02-06 21:40 22610 ----a-w C:\Skid_Row_-_Live_at_the_Budokan_-_Tokyo__Japan_-_1992-10-08_-_Pro.3573987.TPB.torrent

2009-02-06 10:39 . 2001-10-28 12:07 35328 ----a-w c:\windows\system32\sc.exe

2009-02-06 02:36 . 2009-02-06 02:36 45079 ----a-w C:\Nightwish_-_End_Of_Innocence_DVD-R.3266002.TPB.torrent

2009-02-06 02:29 . 2009-02-06 02:29 120568 ----a-w C:\Nightwish_videos_2007-2008_pal[www.btmon.com].torrent

2009-02-03 19:58 . 2004-08-04 03:45 56832 ----a-w c:\windows\system32\secur32.dll

2009-02-02 22:23 . 2009-02-02 22:23 42204592 ----a-w C:\MOV02420.avi

2009-01-31 20:43 . 2009-01-31 20:43 58324074 ----a-w C:\pnl edim.avi

2009-01-31 17:21 . 2009-01-31 17:21 79042 ----a-w C:\all video's released for download festival since 2005-2007 [mininova].torrent

2009-01-31 15:32 . 2009-01-31 15:32 83410 ----a-w C:\Nightwish_Holopainen_2006.3988911.TPB.torrent

2009-01-31 15:32 . 2009-01-31 15:31 16848 ----a-w C:\Nightwish.Amaranth.Metaltown.2008.4286332.TPB.torrent

2009-01-31 14:24 . 2009-01-31 14:24 13736 ----a-w C:\NIGHTWISH [mininova].torrent

2009-01-31 14:23 . 2009-01-31 14:23 28328 ----a-w C:\Nightwish_-_Critical_Testing_-_(Once_Tour_Concert_in_Melbourne_2.3613746.TPB.torrent

2009-01-31 14:23 . 2009-01-31 14:23 17961 ----a-w C:\Nightwish.Highest.Hopes.The.Best.Of.Nightwish.2005.PAL.COMPLETE..3665575.TP

B.torrent

2009-01-31 14:19 . 2009-01-31 14:19 25583 ----a-w C:\NIGHTWISH.AMARANTH.2007.PAL.DVD.SINGLE.MDVDR-T3RR0R1STS.3941117.TPB.torrent

2009-01-31 14:19 . 2009-01-31 14:19 32666 ----a-w C:\Nightwish_klipy.3589584.TPB.torrent

2009-01-31 14:16 . 2009-01-31 14:16 14483 ----a-w C:\Tarja_Turunen_(live_in_Ostrava__video_bootleg).4521888.TPB.torrent

2009-01-31 14:08 . 2009-01-31 14:08 22868 ----a-w C:\Tarja_Turunen_(live_in_Kiev__bootleg__DVD).4519430.TPB.torrent

2009-01-31 14:08 . 2009-01-31 14:08 19860 ----a-w C:\Tarja_Turunen_(live_in_Moscow__video_bootleg__06.11.08).4532506.TPB.torrent

2009-01-31 14:07 . 2009-01-31 14:07 20635 ----a-w C:\Tarja_Turunen_-_WarmUp_concert_in_Kuusankoski__Finland_(08.12.20.4191215.TPB.torrent

2009-01-30 23:57 . 2009-03-03 23:06 13568 ----a-w c:\windows\system32\solidlocalui.dll

2008-10-15 21:08 . 2008-10-15 21:08 32768 -csha-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008101520081016\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-04-16_01.13.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-16 22:51 . 2009-04-16 22:51 16384 c:\windows\temp\Perflib_Perfdata_680.dat

+ 2009-04-16 22:51 . 2009-04-16 22:51 16384 c:\windows\temp\Perflib_Perfdata_194.dat

+ 2008-06-08 18:03 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe

- 2008-06-08 18:03 . 2007-07-27 12:41 26488 c:\windows\system32\spupdsvc.exe

- 2008-06-29 13:20 . 2007-11-30 11:18 18296 c:\windows\system32\spmsg.dll

+ 2008-06-29 13:20 . 2008-07-09 07:34 18296 c:\windows\system32\spmsg.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\pngfilt.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 44544 c:\windows\system32\pngfilt.dll

- 2008-06-06 12:55 . 2008-04-14 02:20 91648 c:\windows\system32\mtxoci.dll

+ 2008-06-06 12:55 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll

- 2004-08-04 03:45 . 2008-04-14 02:20 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-04 03:45 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll

- 2007-08-13 21:54 . 2008-12-20 22:46 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 21:54 . 2009-02-20 17:11 52224 c:\windows\system32\msfeedsbs.dll

+ 2008-06-06 12:55 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll

- 2008-06-06 12:55 . 2008-04-14 02:20 58880 c:\windows\system32\msdtclog.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 27648 c:\windows\system32\jsproxy.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 27648 c:\windows\system32\jsproxy.dll

- 2007-08-13 21:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe

+ 2007-08-13 21:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe

+ 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 44544 c:\windows\system32\iernonce.dll

- 2004-08-04 03:45 . 2008-12-19 09:14 70656 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 03:45 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe

+ 2007-08-13 21:36 . 2009-02-20 17:11 63488 c:\windows\system32\icardie.dll

- 2007-08-13 21:36 . 2008-12-20 22:46 63488 c:\windows\system32\icardie.dll

+ 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2001-10-28 12:07 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe

+ 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll

- 2008-06-30 03:49 . 2008-12-20 22:46 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-06-30 03:49 . 2009-02-20 17:11 52224 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2008-06-30 03:49 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2008-06-30 03:49 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2004-08-04 03:45 . 2009-02-20 17:11 44544 c:\windows\system32\dllcache\iernonce.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2009-02-20 17:11 . 2009-02-20 17:11 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 03:45 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2004-08-04 03:45 . 2008-12-19 09:14 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2008-06-30 03:49 . 2008-12-20 22:46 63488 c:\windows\system32\dllcache\icardie.dll

+ 2008-06-30 03:49 . 2009-02-20 17:11 63488 c:\windows\system32\dllcache\icardie.dll

- 2008-06-06 13:12 . 2009-04-15 23:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-06-06 13:12 . 2009-04-16 22:51 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-01-11 14:45 . 2009-04-16 22:51 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-11 14:45 . 2009-04-15 23:04 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2008-06-06 13:12 . 2009-04-15 23:04 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-06-06 13:12 . 2009-04-16 22:51 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2009-04-16 21:25 . 2008-12-20 22:47 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll

+ 2009-04-16 21:25 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe

+ 2009-04-16 21:25 . 2008-12-20 22:46 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll

+ 2009-04-16 21:25 . 2008-04-14 02:20 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll

+ 2009-04-16 21:25 . 2008-12-19 09:14 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe

+ 2009-04-16 21:25 . 2008-12-20 22:46 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll

+ 2008-05-05 10:24 . 2008-05-05 10:24 3072 c:\windows\system32\xpsp4res.dll

- 2004-08-04 03:45 . 2008-04-14 02:20 354304 c:\windows\system32\winhttp.dll

+ 2004-08-04 03:45 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 233472 c:\windows\system32\webcheck.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 233472 c:\windows\system32\webcheck.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 105984 c:\windows\system32\url.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 105984 c:\windows\system32\url.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 102912 c:\windows\system32\occache.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 102912 c:\windows\system32\occache.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 671232 c:\windows\system32\mstime.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 671232 c:\windows\system32\mstime.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 193024 c:\windows\system32\msrating.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 193024 c:\windows\system32\msrating.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 477696 c:\windows\system32\mshtmled.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 477696 c:\windows\system32\mshtmled.dll

- 2007-08-13 21:54 . 2008-12-20 22:46 459264 c:\windows\system32\msfeeds.dll

+ 2007-08-13 21:54 . 2009-02-20 17:11 459264 c:\windows\system32\msfeeds.dll

+ 2008-06-06 12:55 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll

- 2008-06-06 12:55 . 2008-04-14 02:20 161792 c:\windows\system32\msdtcuiu.dll

- 2008-06-06 12:55 . 2008-04-14 02:20 956928 c:\windows\system32\msdtctm.dll

+ 2008-06-06 12:55 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll

+ 2008-06-06 12:55 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll

+ 2007-08-13 21:34 . 2009-02-20 17:11 268288 c:\windows\system32\iertutil.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 385024 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 15:27 . 2009-02-20 17:11 383488 c:\windows\system32\ieapfltr.dll

- 2007-07-11 15:27 . 2008-12-20 22:46 383488 c:\windows\system32\ieapfltr.dll

- 2001-10-28 12:06 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll

+ 2001-10-28 12:06 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 230400 c:\windows\system32\ieaksie.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 230400 c:\windows\system32\ieaksie.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 153088 c:\windows\system32\ieakeng.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 153088 c:\windows\system32\ieakeng.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 133120 c:\windows\system32\extmgr.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 133120 c:\windows\system32\extmgr.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 214528 c:\windows\system32\dxtrans.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 347136 c:\windows\system32\dxtmsft.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 347136 c:\windows\system32\dxtmsft.dll

+ 2004-08-04 03:45 . 2009-03-03 00:06 826368 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 826368 c:\windows\system32\dllcache\wininet.dll

+ 2008-12-16 12:31 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 233472 c:\windows\system32\dllcache\webcheck.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 102912 c:\windows\system32\dllcache\occache.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 102912 c:\windows\system32\dllcache\occache.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 671232 c:\windows\system32\dllcache\mstime.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 671232 c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 193024 c:\windows\system32\dllcache\msrating.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 193024 c:\windows\system32\dllcache\msrating.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 477696 c:\windows\system32\dllcache\mshtmled.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 477696 c:\windows\system32\dllcache\mshtmled.dll

- 2008-06-30 03:49 . 2008-12-20 22:46 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2008-06-30 03:49 . 2009-02-20 17:11 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2008-06-12 14:22 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll

+ 2008-06-06 12:58 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe

+ 2008-06-30 03:49 . 2009-02-20 17:11 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2008-06-30 03:49 . 2009-02-20 17:11 383488 c:\windows\system32\dllcache\ieapfltr.dll

- 2008-06-30 03:49 . 2008-12-20 22:46 383488 c:\windows\system32\dllcache\ieapfltr.dll

+ 2001-10-28 12:06 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll

- 2001-10-28 12:06 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 153088 c:\windows\system32\dllcache\ieakeng.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 133120 c:\windows\system32\dllcache\extmgr.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 133120 c:\windows\system32\dllcache\extmgr.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 124928 c:\windows\system32\dllcache\advpack.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 124928 c:\windows\system32\dllcache\advpack.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 124928 c:\windows\system32\advpack.dll

- 2004-08-04 03:45 . 2008-12-20 22:46 124928 c:\windows\system32\advpack.dll

+ 2009-04-16 21:25 . 2008-12-20 22:47 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll

+ 2009-04-16 21:25 . 2008-12-20 22:47 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll

+ 2009-04-16 21:25 . 2008-12-20 22:47 105984 c:\windows\ie7updates\KB963027-IE7\url.dll

+ 2009-04-16 21:25 . 2008-07-09 07:35 395128 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll

+ 2009-04-16 21:25 . 2008-07-08 12:58 233336 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe

+ 2009-04-16 21:25 . 2008-12-20 22:47 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll

+ 2009-04-16 21:25 . 2008-12-20 22:47 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll

+ 2009-04-16 21:25 . 2008-12-20 22:47 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll

+ 2009-04-16 21:25 . 2008-12-20 22:47 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll

+ 2009-04-16 21:25 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe

+ 2009-04-16 21:25 . 2008-12-20 22:46 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll

+ 2009-04-16 21:25 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 1160192 c:\windows\system32\urlmon.dll

- 2004-08-04 03:45 . 2008-12-20 22:47 1160192 c:\windows\system32\urlmon.dll

- 2004-08-04 03:45 . 2008-05-07 05:11 1292800 c:\windows\system32\quartz.dll

+ 2004-08-04 03:45 . 2008-12-20 22:14 1292800 c:\windows\system32\quartz.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 3595264 c:\windows\system32\mshtml.dll

- 2004-08-04 03:45 . 2008-04-14 02:20 1028608 c:\windows\system32\kernel32.dll

+ 2004-08-04 03:45 . 2009-03-21 14:08 1028608 c:\windows\system32\kernel32.dll

+ 2007-08-13 21:54 . 2009-02-20 17:11 6066176 c:\windows\system32\ieframe.dll

+ 2007-02-12 19:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat

- 2007-02-12 19:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat

- 2004-08-04 03:45 . 2008-12-20 22:47 1160192 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 03:45 . 2009-02-20 17:11 1160192 c:\windows\system32\dllcache\urlmon.dll

- 2008-05-07 05:11 . 2008-05-07 05:11 1292800 c:\windows\system32\dllcache\quartz.dll

+ 2008-05-07 05:11 . 2008-12-20 22:14 1292800 c:\windows\system32\dllcache\quartz.dll

+ 2008-10-19 13:17 . 2009-02-09 11:25 2193280 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2008-10-19 13:17 . 2009-02-09 11:25 2028032 c:\windows\system32\dllcache\ntkrpamp.exe

- 2008-10-19 13:17 . 2008-08-14 13:24 2028032 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-10-19 13:17 . 2009-02-10 22:07 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2008-10-19 13:17 . 2008-08-14 13:24 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2008-10-19 13:17 . 2009-02-09 11:25 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2008-10-19 13:17 . 2008-08-14 13:24 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2004-08-04 03:45 . 2009-02-20 17:11 3595264 c:\windows\system32\dllcache\mshtml.dll

+ 2008-06-30 03:49 . 2009-02-20 17:11 6066176 c:\windows\system32\dllcache\ieframe.dll

- 2008-06-30 03:49 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat

+ 2008-06-30 03:49 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat

+ 2009-04-16 21:25 . 2008-12-20 22:47 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll

+ 2009-04-16 21:25 . 2009-01-16 23:16 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll

+ 2009-04-16 21:25 . 2008-12-20 22:46 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll

+ 2009-04-16 21:25 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat

+ 2008-10-19 13:17 . 2009-02-09 11:25 2193280 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2008-10-19 13:17 . 2008-08-14 13:24 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-10-19 13:17 . 2009-02-09 11:25 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2008-10-19 13:17 . 2008-08-14 13:24 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-10-19 13:17 . 2009-02-10 22:07 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-19 13:17 . 2008-08-14 13:24 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-10-19 13:17 . 2009-02-09 11:25 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-06-25 20:30 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-04-11 321344]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2009-04-08 637232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7110656]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-01 86016]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]

"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-12-15 176128]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2008-9-26 1711304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"VIDC.FFDS"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-10-18 14:34 5724184 ----a-w c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w c:\arquiv~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

 

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-07-09 26488]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-06-21 29696]

R3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2008-04-13 19072]

R3 getPlus® Helper;getPlus® Helper;c:\arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

R3 ListOpenedFileDrv;System Explorer Opened File Info; [x]

R3 sembbus;SEMC WMC Composite Device driver (WDM); [x]

R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM); [x]

R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter; [x]

R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver; [x]

R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM); [x]

R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS); [x]

R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM); [x]

R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM); [x]

R3 SEMCReserved;SEMC Reserved Interface; [x]

R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader; [x]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c3d672-9966-11dd-a737-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c3d676-9966-11dd-a737-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c3d677-9966-11dd-a737-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43b45bb4-cc6f-11dd-a9a2-000000000010}]

\Shell\AutoRun\command - g:\install\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fa8b336-70a9-11dd-a58b-000000000010}]

\Shell\AutoRun\command - G:\ktnquo.exe

\Shell\explore\Command - G:\ktnquo.exe

\Shell\open\Command - G:\ktnquo.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86429721-0846-11de-aa9c-001a66ad48cd}]

\SHElL\AuTOPlAy\cOMMand - G:\baktgv.exe

\SHElL\AutoRun\command - G:\baktgv.exe

\SHElL\ExPloRe\command - G:\baktgv.exe

\SHElL\opeN\CommANd - G:\baktgv.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaff8e04-10b9-11de-aad7-001a66ad48cd}]

\Shell\AutoRun\command - G:\cb.exe

\Shell\open\Command - G:\cb.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb6aa46-81ca-11dd-a5ef-000000000010}]

\Shell\Auto\command - MSOCache\doWTP_RESTORE.exe -autorun

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb6aa47-81ca-11dd-a5ef-000000000010}]

\Shell\Auto\command - MSOCache\doWTP_RESTORE.exe -autorun

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c2055c-9a0a-11dd-a748-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c2055d-9a0a-11dd-a748-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c2055e-9a0a-11dd-a748-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e197dbcc-9a37-11dd-a750-000000000010}]

\Shell\AutoRun\command - G:\AutoRun.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

 

MSConfigStartUp-au - c:\arquivos de programas\Dealio\DealioAU.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-16 20:02

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet011\Services\ovfsthxlyavtuup]

"imagepath"="\systemroot\system32\drivers\ovfsthxjkjmoewx.sys"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-04-16 20:03

ComboFix-quarantined-files.txt 2009-04-16 23:03

ComboFix2.txt 2009-04-16 01:15

ComboFix3.txt 2009-03-14 03:47

ComboFix4.txt 2008-12-26 18:57

ComboFix5.txt 2009-04-16 22:57

 

Pré-execução: 8.131.096.576 bytes disponíveis

Pós execução: 8.134.152.192 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

559 --- E O F --- 2009-04-16 22:55

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:14:27, on 16/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 9179 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! esdrasyave

 

Insira sua(s) unidade(s) removíveis,caso às possua,na entrada USB. ( pendrive,mp3,mp4,iPods,etc... )

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

File::

g:\install\Setup.exe

G:\AutoRun.exe

G:\ktnquo.exe

G:\baktgv.exe

G:\cb.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c3d672-9966-11dd-a737-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c3d676-9966-11dd-a737-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c3d677-9966-11dd-a737-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43b45bb4-cc6f-11dd-a9a2-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fa8b336-70a9-11dd-a58b-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86429721-0846-11de-aa9c-001a66ad48cd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aaff8e04-10b9-11de-aad7-001a66ad48cd}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb6aa46-81ca-11dd-a5ef-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb6aa47-81ca-11dd-a5ef-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c2055c-9a0a-11dd-a748-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c2055d-9a0a-11dd-a748-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6c2055e-9a0a-11dd-a748-000000000010}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e197dbcc-9a37-11dd-a750-000000000010}]

[HKEY_LOCAL_MACHINE\System\ControlSet011\Services\ovfsthxlyavtuup]

"imagepath"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

Regnull::

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

Rootkit::

c:\windows\system32\drivers\ovfsthxjkjmoewx.sys

Driver::

"ovfsthxlyavtuup"

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

<@> Ps: Repita o procedimento com o Autoplay Repair ...

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

ComboFix 09-04-17.01 - lan-04 16/04/2009 22:22:22.8 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.510.208 [GMT -3:00]

Executando de: C:\Documents and Settings\lan-04\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\lan-04\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090416-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

 

FILE ::

G:\AutoRun.exe

G:\baktgv.exe

G:\cb.exe

g:\install\Setup.exe

G:\ktnquo.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\drivers\ovfsthxjkjmoewx.sys

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-17 to 2009-04-17 ))))))))))))))))))))))))))))

.

 

2009-04-16 22:26:50 . 2009-04-16 22:29:17 0 d-----w C:\ToolBar SD

2009-04-16 22:21:03 . 2009-04-16 22:21:08 343017 ----a-w C:\ToolBarSD.exe

2009-04-16 21:34:52 . 2009-02-06 10:10:02 227840 -c----w C:\WINDOWS\system32\dllcache\wmiprvse.exe

2009-04-16 21:34:49 . 2009-03-06 14:20:30 286208 -c----w C:\WINDOWS\system32\dllcache\pdh.dll

2009-04-16 21:34:49 . 2009-02-09 11:25:05 111104 -c----w C:\WINDOWS\system32\dllcache\services.exe

2009-04-16 21:34:49 . 2009-02-09 10:53:26 401408 -c----w C:\WINDOWS\system32\dllcache\rpcss.dll

2009-04-16 21:34:47 . 2009-02-09 10:53:26 683520 -c----w C:\WINDOWS\system32\dllcache\advapi32.dll

2009-04-16 21:34:47 . 2009-02-09 10:53:26 473600 -c----w C:\WINDOWS\system32\dllcache\fastprox.dll

2009-04-16 21:34:46 . 2009-02-09 10:53:26 731648 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll

2009-04-16 21:34:45 . 2009-02-09 10:53:26 730624 -c----w C:\WINDOWS\system32\dllcache\ntdll.dll

2009-04-16 21:34:45 . 2009-02-09 10:53:25 453120 -c----w C:\WINDOWS\system32\dllcache\wmiprvsd.dll

2009-04-16 21:23:21 . 2009-04-16 21:23:21 118 ----a-w C:\WINDOWS\system32\MRT.INI

2009-04-16 21:11:16 . 2009-04-16 21:27:51 1374 ----a-w C:\WINDOWS\imsins.BAK

2009-04-16 17:50:33 . 2008-04-21 21:15:18 216064 -c----w C:\WINDOWS\system32\dllcache\wordpad.exe

2009-04-16 01:42:39 . 2009-04-16 01:42:39 0 d--h--w C:\mug

2009-04-15 23:05:45 . 2009-04-16 23:06:57 43 ----a-w C:\WINDOWS\system32\ovfsthxoesrfulx.dat

2009-04-15 23:04:43 . 2009-04-17 01:22:28 26194 ----a-w C:\WINDOWS\system32\ovfsthxbrntajbo.dat

2009-04-15 23:04:43 . 2009-04-15 23:04:43 19456 ----a-w C:\WINDOWS\system32\ovfsthxflvygmcc.dll

2009-04-15 23:04:43 . 2009-04-15 23:04:43 19456 ----a-w C:\WINDOWS\system32\ovfsthxaipqrqjb.dll

2009-04-15 23:04:42 . 2009-04-15 23:04:42 61952 ----a-w C:\WINDOWS\system32\ovfsthxbxtodjbt.dll

2009-04-14 02:38:54 . 2009-04-14 02:53:36 3211264 ----a-w C:\Angra - The Temple Of Hate Live 2004.flv

2009-04-14 02:32:44 . 2009-04-14 02:38:30 22663087 ----a-w C:\Angra - live in piaui pop 2005 - carolina IV.flv

2009-04-14 02:26:27 . 2009-04-14 02:32:21 19907281 ----a-w C:\Angra - Never Understand.flv

2009-04-13 02:05:38 . 2009-04-13 02:09:17 8033600 ----a-w C:\U2 Natal - I Believe In Father Christmas - Legendado.flv

2009-04-13 02:01:35 . 2009-04-13 02:01:35 34 ---ha-w C:\WINDOWS\system32\DVDRippper_sysquict.dat

2009-04-13 02:01:09 . 2009-04-13 02:04:39 0 d-----w C:\Arquivos de programas\Abcc Free Youtube FLV Video Downloader&Converter

2009-04-11 19:12:59 . 2009-04-17 01:30:28 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\BitTorrent

2009-04-11 19:12:39 . 2009-04-11 19:12:39 0 d-----w C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\DNA

2009-04-11 19:12:38 . 2009-04-17 01:29:38 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\DNA

2009-04-11 19:12:38 . 2009-04-17 01:29:38 0 d-----w C:\Arquivos de programas\DNA

2009-04-11 19:12:38 . 2009-04-11 20:09:14 0 d-----w C:\Arquivos de programas\BitTorrent

2009-04-11 01:31:49 . 2007-05-17 20:30:48 318976 ----a-w C:\WINDOWS\system32\avisynth.dll

2009-04-11 01:31:49 . 2004-02-22 13:11:08 719872 ----a-w C:\WINDOWS\system32\devil.dll

2009-04-11 01:31:48 . 2005-07-14 15:31:20 27648 ----a-w C:\WINDOWS\system32\AVSredirect.dll

2009-04-11 01:31:16 . 2005-02-12 23:00:00 67584 --sh--r C:\WINDOWS\system32\RLTheoraDec.ax

2009-04-11 01:31:16 . 2005-02-12 23:00:00 51712 --sh--r C:\WINDOWS\system32\RLSpeexDec.ax

2009-04-11 01:31:16 . 2005-02-12 23:00:00 186880 --sh--r C:\WINDOWS\system32\RLOgg.ax

2009-04-11 01:31:16 . 2005-02-05 23:00:00 92672 --sh--r C:\WINDOWS\system32\RLVorbisDec.ax

2009-04-11 01:31:15 . 2005-02-22 16:55:02 81920 --sh--r C:\WINDOWS\system32\aac_parser.ax

2009-04-11 01:31:15 . 2005-01-17 23:26:36 179200 --sh--r C:\WINDOWS\system32\DiracSplitter.ax

2009-04-01 15:31:08 . 2009-04-08 01:40:35 0 d-----w C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2009-03-29 23:24:30 . 2009-03-29 23:25:08 0 d--h--w C:\WINDOWS\mug

2009-03-29 23:22:04 . 2009-03-29 23:22:18 0 d-----w C:\Dr Lair Ribeiro

2009-03-29 09:48:18 . 2009-03-29 09:48:18 0 d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Lavasoft

2009-03-28 08:39:13 . 2009-03-23 18:12:56 152576 ----a-w C:\Planilha das Heliconias.xls

2009-03-26 21:55:06 . 2009-03-26 23:51:14 0 d--h--w C:\Documents and Settings\Administrador\Modelos

2009-03-26 21:55:06 . 2009-03-26 23:51:12 0 d-----w C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft

2009-03-26 21:55:05 . 2009-03-26 23:51:15 0 d-----w C:\Documents and Settings\Administrador

2009-03-22 17:07:24 . 2009-03-22 17:07:24 3250 ----a-w C:\MOV03619.THM

2009-03-22 17:01:58 . 2009-03-22 17:07:24 115558906 ----a-w C:\MOV03619.AVI

2009-03-22 17:01:54 . 2009-03-22 17:01:54 3603 ----a-w C:\MOV03618.THM

2009-03-22 17:01:50 . 2009-03-22 17:01:54 1319904 ----a-w C:\MOV03618.AVI

2009-03-21 14:08:53 . 2009-03-21 14:08:53 1028608 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll

2009-03-21 12:33:34 . 2009-03-21 18:50:30 0 d-----w C:\Temp

2009-03-21 12:32:09 . 2005-11-21 05:48:20 45056 ----a-w C:\WINDOWS\system32\WNASPI32.DLL

2009-03-21 12:32:09 . 2005-11-21 05:48:20 16512 ----a-w C:\WINDOWS\system32\drivers\ASPI32.SYS

2009-03-21 12:31:57 . 2009-03-21 12:31:57 0 d-----w C:\Arquivos de programas\ImTOO

2009-03-21 00:59:38 . 2009-03-21 00:59:38 0 d-----w C:\Arquivos de programas\Foxit Software

2009-03-19 21:34:03 . 2009-03-19 21:34:04 0 d-----w C:\PSFONTS

2009-03-19 21:32:30 . 2009-03-20 11:37:03 0 d-----w C:\Arquivos de programas\Finale Reader

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-17 01:30:42 . 2008-07-27 13:19:43 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Orbit

2009-04-16 22:29:17 . 2009-04-16 22:27:05 3735 ----a-w C:\TB.txt

2009-04-16 01:20:44 . 2009-03-14 20:23:45 0 d-----w C:\Arquivos de programas\a-squared Free

2009-04-16 00:31:49 . 2009-03-03 23:12:30 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\SolidDocuments

2009-04-16 00:13:28 . 2008-12-26 21:14:14 0 d-----w C:\Arquivos de programas\CleanCenter

2009-04-15 23:40:15 . 2009-03-03 23:06:01 0 d-----w C:\Arquivos de programas\SolidDocuments

2009-04-15 19:45:43 . 2008-07-10 20:54:01 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Image Zone Express

2009-04-14 03:43:38 . 2008-11-10 23:38:33 0 d-----w C:\Arquivos de programas\Malwarebytes' Anti-Malware

2009-04-12 18:46:31 . 2009-01-13 14:08:30 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\uTorrent

2009-04-06 18:32:54 . 2008-11-10 23:38:35 38496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-04-06 18:32:46 . 2008-11-10 23:38:38 15504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2009-04-05 17:23:36 . 2009-01-14 23:23:50 0 d-----w C:\Arquivos de programas\Megacubo

2009-04-05 17:12:05 . 2009-01-14 23:24:43 0 d-----w C:\Arquivos de programas\SopCast

2009-04-03 04:49:46 . 2009-01-13 14:08:32 0 d-----w C:\Arquivos de programas\uTorrent

2009-03-31 22:33:05 . 2001-10-28 12:07:18 98846 ----a-w C:\WINDOWS\system32\perfc016.dat

2009-03-31 22:33:05 . 2001-10-28 12:07:18 551248 ----a-w C:\WINDOWS\system32\perfh016.dat

2009-03-29 10:07:55 . 2009-03-14 18:50:43 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avira

2009-03-27 19:22:16 . 2008-06-20 19:47:37 0 d-----w C:\Arquivos de programas\eMule

2009-03-27 00:05:11 . 2009-03-27 00:05:08 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\dvdcss

2009-03-27 00:04:59 . 2009-03-07 02:48:26 0 d-----w C:\Arquivos de programas\Total Video Converter

2009-03-27 00:04:41 . 2009-03-27 00:04:41 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Foxit

2009-03-21 12:32:06 . 2009-03-21 12:32:06 216 ----a-w C:\temp.txt

2009-03-20 11:42:25 . 2008-06-06 15:08:01 62816 ----a-w C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-03-19 15:09:29 . 2008-12-21 21:20:59 410984 ----a-w C:\WINDOWS\system32\deploytk.dll

2009-03-19 15:09:24 . 2008-09-05 15:59:35 0 d-----w C:\Arquivos de programas\Java

2009-03-15 15:25:34 . 2009-03-15 15:23:09 0 d-----w C:\Arquivos de programas\TVUPlayer

2009-03-15 15:23:40 . 2009-03-15 15:23:40 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\TVU Networks

2009-03-15 15:23:40 . 2009-03-15 15:23:40 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TVU Networks

2009-03-14 04:54:06 . 2009-03-14 04:54:06 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2009-03-14 04:50:33 . 2008-09-01 21:40:03 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2009-03-14 04:50:33 . 2008-09-01 21:40:03 0 d-----w C:\Arquivos de programas\Kaspersky Lab

2009-03-14 04:47:05 . 2009-03-14 04:31:59 0 d-----w C:\Arquivos de programas\Duplicate Cleaner

2009-03-14 04:18:30 . 2009-03-14 04:09:35 352288 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2009-03-14 04:18:30 . 2009-03-14 04:09:35 2284 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2009-03-14 04:18:30 . 2009-03-14 04:09:35 1164 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2009-03-14 04:18:30 . 2009-03-14 04:09:35 10784 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2009-03-14 04:02:42 . 2008-09-01 21:34:58 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2009-03-14 03:59:24 . 2008-10-12 13:31:17 8217 ----a-w C:\hijackthis.log

2009-03-12 15:22:39 . 2009-03-12 15:22:39 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Thinstall

2009-03-06 14:20:30 . 2004-08-04 03:45:26 286208 ----a-w C:\WINDOWS\system32\pdh.dll

2009-03-04 22:18:52 . 2008-07-24 19:23:13 98304 --sha-w C:\Thumbs.db

2009-03-03 23:04:59 . 2009-03-03 23:04:59 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SolidDocuments

2009-03-03 22:56:26 . 2009-03-03 22:56:26 0 d-----w C:\Arquivos de programas\SomePDF

2009-03-03 00:06:44 . 2004-08-04 03:45:28 826368 ----a-w C:\WINDOWS\system32\wininet.dll

2009-03-01 19:38:38 . 2009-03-01 19:38:38 21754 ----a-w C:\Skid+Row+-+Roadkill+-+DVD+PAL.torrent

2009-03-01 19:38:32 . 2009-03-01 19:38:32 17622 ----a-w C:\Skid Row (2007) [mininova].torrent

2009-03-01 19:38:22 . 2009-03-01 19:38:21 45735 ----a-w C:\Sebastian_Bach_(_Skid_Row_)_Forever_Wild_DVD.3257203.TPB.torrent

2009-03-01 19:19:09 . 2009-03-01 19:19:00 20184 ----a-w C:\Skid Row - Monkey Business Live On SNL mpg [www.Fulldls.com].torrent

2009-03-01 16:35:05 . 2009-03-01 16:35:05 0 d-----w C:\Arquivos de programas\CMG

2009-03-01 16:32:31 . 2009-03-01 16:29:09 0 d-----w C:\Arquivos de programas\Ant Movie Catalog

2009-02-26 14:17:42 . 2008-07-21 22:30:07 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\Any Video Converter

2009-02-26 01:41:28 . 2008-06-23 22:43:15 0 d-----w C:\Documents and Settings\lan-04\Dados de aplicativos\HP

2009-02-25 20:55:06 . 2009-01-07 14:15:10 0 d-----w C:\Arquivos de programas\Microsoft Silverlight

2009-02-24 02:07:29 . 2009-02-24 02:07:29 0 d-----w C:\Arquivos de programas\MIKSOFT

2009-02-24 01:53:44 . 2009-02-24 01:53:44 168582 ----a-w C:\Gravando (3).amr

2009-02-24 01:52:00 . 2009-02-24 01:52:00 42982 ----a-w C:\Gravando (4).amr

2009-02-22 20:57:26 . 2009-02-22 21:04:01 1288741 ----a-w C:\Clipe(3).3gp

2009-02-21 22:00:55 . 2009-02-21 21:56:54 0 d-----w C:\Arquivos de programas\Puxa Rápido

2009-02-21 15:01:41 . 2009-02-21 15:01:40 44435 ----a-w C:\DREAM_THEATER-LIVE_AT_BUDOKAN_2004_WS_NTSC_DVDR-DVD2-AMRCMPG.3248289.TPB.torrent

2009-02-20 23:47:46 . 2009-02-20 23:47:40 3846 ----a-w C:\Grav000.amr

2009-02-20 20:38:34 . 2009-02-20 20:38:34 146827 ----a-w C:\DSC02431.jpg

2009-02-20 20:37:38 . 2009-02-20 20:37:38 814356 ----a-w C:\DSC02430.jpg

2009-02-20 20:27:12 . 2009-02-20 20:27:12 3206884 ----a-w C:\DSC02426.jpg

2009-02-20 20:27:00 . 2009-02-20 20:27:00 2877124 ----a-w C:\DSC02425.jpg

2009-02-20 20:26:50 . 2009-02-20 20:26:50 2047728 ----a-w C:\DSC02424.jpg

2009-02-20 20:26:40 . 2009-02-20 20:26:40 1312583 ----a-w C:\DSC02423.jpg

2009-02-20 20:26:30 . 2009-02-20 20:26:30 834427 ----a-w C:\DSC02422.jpg

2009-02-20 20:26:20 . 2009-02-20 20:26:20 879367 ----a-w C:\DSC02421.jpg

2009-02-20 18:13:24 . 2009-02-22 21:09:42 1089039 ----a-w C:\Vídeo018.3gp

2009-02-20 17:11:25 . 2004-08-04 03:45:24 78336 ----a-w C:\WINDOWS\system32\ieencode.dll

2009-02-18 23:24:57 . 2009-02-18 23:24:47 0 d-----w C:\Arquivos de programas\CCleaner

2009-02-15 02:01:51 . 2009-02-15 02:01:18 26935682 ----a-w C:\AULA solo guitarra - Improvisacao iniciante em Pentatonica.avi

2009-02-13 21:50:39 . 2009-02-13 21:49:30 84318472 ----a-w C:\Samson_ Zoom and Hartke Winter NAMM 2009 highlights video_.avi

2009-02-09 14:06:06 . 2004-08-04 03:38:20 1846912 ----a-w C:\WINDOWS\system32\win32k.sys

2009-02-09 11:25:13 . 2004-08-04 00:40:22 2028032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2009-02-09 11:25:07 . 2004-08-04 03:40:34 2149376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2009-02-09 11:25:05 . 2004-08-04 03:45:42 111104 ----a-w C:\WINDOWS\system32\services.exe

2009-02-09 10:53:26 . 2004-08-04 03:45:26 401408 ----a-w C:\WINDOWS\system32\rpcss.dll

2009-02-09 10:53:26 . 2004-08-04 03:45:24 731648 ----a-w C:\WINDOWS\system32\lsasrv.dll

2009-02-09 10:53:26 . 2004-08-04 03:45:22 683520 ----a-w C:\WINDOWS\system32\advapi32.dll

2009-02-09 10:53:26 . 2004-08-04 03:45:18 730624 ----a-w C:\WINDOWS\system32\ntdll.dll

2009-02-06 21:45:52 . 2009-02-06 21:45:52 45612 ----a-w C:\Sebastian_Bach___Skid_Row___Forever_Wild_DVD.torrent

2009-02-06 21:40:29 . 2009-02-06 21:40:24 22610 ----a-w C:\Skid_Row_-_Live_at_the_Budokan_-_Tokyo__Japan_-_1992-10-08_-_Pro.3573987.TPB.torrent

2009-02-06 10:39:08 . 2001-10-28 12:07:24 35328 ----a-w C:\WINDOWS\system32\sc.exe

2009-02-06 02:36:03 . 2009-02-06 02:36:02 45079 ----a-w C:\Nightwish_-_End_Of_Innocence_DVD-R.3266002.TPB.torrent

2009-02-06 02:29:10 . 2009-02-06 02:29:00 120568 ----a-w C:\Nightwish_videos_2007-2008_pal[www.btmon.com].torrent

2009-02-03 19:58:00 . 2004-08-04 03:45:28 56832 ----a-w C:\WINDOWS\system32\secur32.dll

2009-02-02 22:23:18 . 2009-02-02 22:23:18 42204592 ----a-w C:\MOV02420.avi

2009-01-31 20:43:20 . 2009-01-31 20:43:20 58324074 ----a-w C:\pnl edim.avi

2009-01-31 17:21:01 . 2009-01-31 17:21:01 79042 ----a-w C:\all video's released for download festival since 2005-2007 [mininova].torrent

2009-01-31 15:32:51 . 2009-01-31 15:32:32 83410 ----a-w C:\Nightwish_Holopainen_2006.3988911.TPB.torrent

2009-01-31 15:32:00 . 2009-01-31 15:31:52 16848 ----a-w C:\Nightwish.Amaranth.Metaltown.2008.4286332.TPB.torrent

2009-01-31 14:24:10 . 2009-01-31 14:24:10 13736 ----a-w C:\NIGHTWISH [mininova].torrent

2009-01-31 14:23:54 . 2009-01-31 14:23:54 28328 ----a-w C:\Nightwish_-_Critical_Testing_-_(Once_Tour_Concert_in_Melbourne_2.3613746.TPB.torrent

2009-01-31 14:23:24 . 2009-01-31 14:23:24 17961 ----a-w C:\Nightwish.Highest.Hopes.The.Best.Of.Nightwish.2005.PAL.COMPLETE..3665575.TP

B.torrent

2009-01-31 14:19:57 . 2009-01-31 14:19:57 25583 ----a-w C:\NIGHTWISH.AMARANTH.2007.PAL.DVD.SINGLE.MDVDR-T3RR0R1STS.3941117.TPB.torrent

2009-01-31 14:19:51 . 2009-01-31 14:19:50 32666 ----a-w C:\Nightwish_klipy.3589584.TPB.torrent

2009-01-31 14:16:29 . 2009-01-31 14:16:29 14483 ----a-w C:\Tarja_Turunen_(live_in_Ostrava__video_bootleg).4521888.TPB.torrent

2009-01-31 14:08:22 . 2009-01-31 14:08:22 22868 ----a-w C:\Tarja_Turunen_(live_in_Kiev__bootleg__DVD).4519430.TPB.torrent

2009-01-31 14:08:04 . 2009-01-31 14:08:04 19860 ----a-w C:\Tarja_Turunen_(live_in_Moscow__video_bootleg__06.11.08).4532506.TPB.torrent

2008-10-15 21:08:34 . 2008-10-15 21:08:43 32768 -csha-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\MSHist012008101520081016\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot_2009-04-16_23.02.24 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-16 23:06:13 . 2009-04-16 23:06:13 16384 C:\WINDOWS\temp\Perflib_Perfdata_64c.dat

+ 2009-04-17 01:28:54 . 2009-04-17 01:28:54 16384 C:\WINDOWS\temp\Perflib_Perfdata_57c.dat

+ 2009-04-17 01:29:17 . 2009-04-17 01:29:17 16384 C:\WINDOWS\temp\Perflib_Perfdata_49c.dat

+ 2008-06-06 13:12:07 . 2009-04-16 23:05:55 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-06-06 13:12:07 . 2009-04-16 22:51:20 16384 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2009-01-11 14:45:29 . 2009-04-16 22:51:20 32768 C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-11 14:45:29 . 2009-04-16 23:05:55 32768 C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2008-06-06 13:12:07 . 2009-04-16 23:05:55 32768 C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

- 2008-06-06 13:12:07 . 2009-04-16 22:51:20 32768 C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-06-06 12:55:34 . 2009-02-06 10:10:02 227840 C:\WINDOWS\system32\wbem\wmiprvse.exe

+ 2008-06-06 12:55:34 . 2009-02-09 10:53:25 453120 C:\WINDOWS\system32\wbem\wmiprvsd.dll

+ 2008-06-06 12:55:31 . 2009-02-09 10:53:26 473600 C:\WINDOWS\system32\wbem\fastprox.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:20:54 15360]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2009-04-11 19:12:38 321344]

"BitTorrent"="C:\Arquivos de programas\BitTorrent\bittorrent.exe" [2009-04-08 19:37:48 637232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 13:11:00 98304]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 13:13:00 114688]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 13:10:00 94208]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-01 20:33:10 7110656]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-01 20:33:10 86016]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 21:08:45 81000]

"VTTimer"="VTTimer.exe" - C:\WINDOWS\system32\VTTimer.exe [2006-09-21 19:36:18 53248]

"VTTrayp"="VTtrayp.exe" - C:\WINDOWS\system32\VTTrayp.exe [2006-12-15 17:04:28 176128]

"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2007-04-10 07:28:44 16126464]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - C:\WINDOWS\system32\HdAShCut.exe [2005-01-07 20:07:16 61952]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe [2008-9-26 1711304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"VIDC.FFDS"= ffdshow.ax

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=C:\WINDOWS\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31:18 1888 ----a-w C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18:50 49152 ----a-w C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29:00 49152 ----a-w C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21:10 1695232 ----a-w C:\Arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-10-18 14:34:46 5724184 ----a-w C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52:28 249856 ----a-w C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57:00 30208 ------w C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43:44 729088 ----a-w C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09:56 270128 ----a-w C:\Arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32:48 1581056 ----a-r C:\WINDOWS\mixer.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"C:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"C:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

 

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 02:44:32 29696]

R3 AVPsys;AVPsys;C:\WINDOWS\system32\drivers\tdi.sys [2008-04-13 19:00:05 19072]

R3 getPlus® Helper;getPlus® Helper;C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 12:59:52 33752]

R3 ListOpenedFileDrv;System Explorer Opened File Info; [x]

R3 sembbus;SEMC WMC Composite Device driver (WDM); [x]

R3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM); [x]

R3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter; [x]

R3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver; [x]

R3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM); [x]

R3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS); [x]

R3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM); [x]

R3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM); [x]

R3 SEMCReserved;SEMC Reserved Interface; [x]

R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader; [x]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 21:07:12 20560]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ba3dc4-f314-11dd-aa46-001a66ad48cd}]

\Shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe

\Shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.orkut.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

 

AutoFix [V5.2.3790.67]

Time [2009-04-16 22:47:32]

Microsoft Windows Version [5.1 (Service Pack 3) <2600>]

 

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:

Result [AutoStart Setting]: OK

Result [The Shell Hardware Detection service is running.]: OK

 

Test [Policies] - Instance [G:\, Drive Type: 2]:

Result [HKCU\...\Policies!NoDrives]: OK {Present}

Result [HKCU\...\Policies!NoDriveAutorun]: Problems {Present}

Result [HKCU\...\Policies!NoDriveTypeAutorun]: OK {Present}

>> Repair << [HKCU\...\Policies!NoDriveAutorun]

Step: Resetting policy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFFBF.

Result: This AutoPlay setting was successfully fixed.

 

>> Required action: The user must log off and log on again

 

AutoFix [V5.2.3790.67]

Time [2009-04-16 22:49:51]

Microsoft Windows Version [5.1 (Service Pack 3) <2600>]

 

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:

Result [AutoStart Setting]: OK

Result [The Shell Hardware Detection service is running.]: OK

 

Test [Policies] - Instance [H:\, Drive Type: 2]:

Result [HKCU\...\Policies!NoDrives]: OK {Present}

Result [HKCU\...\Policies!NoDriveAutorun]: Problems {Present}

Result [HKCU\...\Policies!NoDriveTypeAutorun]: OK {Present}

>> Repair << [HKCU\...\Policies!NoDriveAutorun]

Step: Resetting policy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFF3F.

Result: This AutoPlay setting was successfully fixed.

 

>> Required action: The user must log off and log on again

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! esdrasyave

 

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-o no Desktop! --> Tire-o do zip!

<@> Desabilite,temporariamente,seus programas de proteção. <-- ( antivírus,antispyware e firewall )

<@> Para maiores detalhes,na instalação,siga as recomendações deste Tutorial. <-- Link

<@> Execute a ferramenta,com um duplo-clique em UsbFix.exe.

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

-------------- UsbFix V2.395 ---------------

 

* User : lan-04 - BEGA-4078FCC43

* Outils mis a jours le 20/10/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 23:12:22 le qui 16/04/2009

* Windows Xp - Internet Explorer 7.0.5730.13

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\DOCUME~1\lan-04\CONFIG~1\Temp\1.tmp\b2e.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup

C:\WINDOWS\System32\SCardSvr.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Unidade de disco fixo

 

E: - Unidade de disco fixo

 

F: - Unidade de disco fixo

 

G: - Unidade de disco remov¡vel

 

H: - Unidade de disco remov¡vel

 

 

+- Contenu de l'autorun : G:\autorun.inf

 

[autorun]

open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe

icon=%SystemRoot%\system32\SHELL32.dll,4

action=Open folder to view files

shell\open=Open

shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe

shell\open\default=1

--------------- [ Registre / Startup ] ----------------

 

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

VTTimer REG_SZ VTTimer.exe

VTTrayp REG_SZ VTtrayp.exe

RTHDCPL REG_SZ RTHDCPL.EXE

IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe

HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe

Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe

NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

avast! REG_SZ C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe

BitTorrent DNA REG_SZ "C:\Arquivos de programas\DNA\btdna.exe"

BitTorrent REG_SZ "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

 

-> Recherche négative.

 

--------------- [ Nettoyage des disques ] ----------------

 

Supprimé ! - G:\autorun.inf

 

--------------- ! Fin du rapport ! ----------------

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:15:16, on 16/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 9071 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! esdrasyave

 

<@> Copie estas informações,entre os XXXXXXX....,para o Bloco de Notas.

<@> Salve-as,no desktop,como: CFScript <-- Texto!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

File::

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ba3dc4-f314-11dd-aa46-001a66ad48cd}]

Folder::

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Arraste o CFScript.txt,para o ícone do ComboFix.

<@> Arraste-o,até que surja uma solicitação para executar o ComboFix.exe.

<@> Terminando,poste: ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

Já copiei as informações e salvei no bloco de notas. Qdo executo o procedimento de arrastar p/ o Combofix nao pergunta nada..soh abre a pagina azul e mais nada..nao acontece mais nada..

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Já copiei as informações e salvei no bloco de notas. Qdo executo o procedimento de arrastar p/ o Combofix nao pergunta nada..soh abre a pagina azul e mais nada..nao acontece mais nada..

<><><><><><><><><>

Opa! esdrasyave

 

<!> Execute o procedimento em Modo de Segurança.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Ainda nao estou conseguindo msm no MS..

Diz que o Antivirus está funcionando e impedindo já tentei e não consegui tirar essa proteção

<><><><><><><><><><>

Opa! esdrasyave

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><>

<@> Baixe: < OTMoveIt3 > ( ...by OldTimer Tools )

<@> Salve-o no desktop e,execute-o aí mesmo!

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:Processes

explorer.exe

:Files

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ba3dc4-f314-11dd-aa46-001a66ad48cd}]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<@> Copie e cole estas informações,entre os XXXXX...,para o campo ( clipboard ),da ferramenta.

<@> Ps: Área abaixo de "Paste Instructions for Items to be Moved".

<@> Clique em MoveIt.

<@> Na solicitação de reboot,confirme!

<@> Terminando,verifique o conteúdo texto da pasta: C:\_OTMoveIt\MovedFiles

<@> Copie e poste,seu relatório mais recente: C:\_OTMoveIt\MovedFiles\xxxx2009_xxxxxx.log <--

<@> Ps: Como a ferramenta não sobreescreve seus relatórios,devemos observar o que foi gerado logo após sua execução.

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

esdrasyave    0

esdrasyave
Postado

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe not found.

File/Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89ba3dc4-f314-11dd-aa46-001a66ad48cd}\\ deleted successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\lan-04\Configurações locais\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_57c.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_70c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04172009_211650

 

Files moved on Reboot...

File C:\WINDOWS\temp\Perflib_Perfdata_57c.dat not found!

File C:\WINDOWS\temp\Perflib_Perfdata_70c.dat not found!

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:22:14, on 17/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\VTTimer.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Program Files\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll (file missing)

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehabn.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1214054730812

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 9155 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Eu não sei se o problema já está 100% resolvido mas já consigo ler os meus pendrives

<><><><><><><><><>

Bom Dia! esdrasyave

 

<!> Não vejo mais problemas,pelos logs das ferramentas,e creio estar tudo ok.

<><><><><><><><><>

<@> Abra o OTMoveIt3 --> Clique em < 8gehxg0.gif > --> Aguarde! --> Yes!

<><><><><><><><><>

<@> Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

<@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

<@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

<@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

<@> Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><>

<!> Os logs estão limpos! :thumbsup:

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito