Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

lu4nlins

[Arquivado] Invadirao meu pc

Recommended Posts

Ola meu pc foi invadido !

Desinstalaram um programa e robaram a senha dele, o hacker converso comigo pelo bloco de notas do windows

me ajuda por favor !

 

scan do hijack

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:46:06, on 21/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\arquivos de programas\mozilla firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 64.12.222.225 cpib.bradesco.com.br

O1 - Hosts: 64.12.222.225 wwws.realsecureweb.com.br

O1 - Hosts: 64.12.222.225 clickbanking.unibanco.com.br

O1 - Hosts: 64.12.222.225 www14.bancobrasil.com.br

O1 - Hosts: 64.12.222.225 imagem.caixa.gov.br

O1 - Hosts: 67.228.102.90 bradesco.com.br

O1 - Hosts: 67.228.102.90 www.bradesco.com.br

O1 - Hosts: 67.228.102.90 bradesco.com

O1 - Hosts: 67.228.102.90 www.bradesco.com

O1 - Hosts: 67.228.102.90 bradescoempresa.com.br

O1 - Hosts: 67.228.102.90 www.bradescoempresa.com.br

O1 - Hosts: 67.228.102.90 www.bradescoprime.com.br

O1 - Hosts: 67.228.102.90 bradescoprime.com.br

O1 - Hosts: 67.228.102.90 bradescocartoes.com.br

O1 - Hosts: 67.228.102.90 www.bradescocartoes.com.br

O1 - Hosts: 67.228.102.112 itau.com

O1 - Hosts: 67.228.102.112 itau.com.br

O1 - Hosts: 67.228.102.112 www.itau.com

O1 - Hosts: 67.228.102.112 www.itau.com.br

O1 - Hosts: 67.228.102.112 itaupersonnalite.com.br

O1 - Hosts: 67.228.102.112 www.itaupersonnalite.com.br

O1 - Hosts: 67.228.102.72 santander.com.br

O1 - Hosts: 67.228.102.72 www.santander.com.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Startup: Scheduler.lnk = C:\Arquivos de programas\3B Software\Common\Scheduler\wcomschd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204139434593

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 9428 bytes

 

obs: eu vi ai q tem varios sites de bancos mais eu nao tenho conta em banco e eu nunca entrei em nenhum site desses

Compartilhar este post


Link para o post
Compartilhar em outros sites

1ª Etapa

 

- Faça o download do HostsXpert e salve-o no desktop;

- Extraia o arquivo para seu desktop e execute o HostsXpert.exe;

- Clique no botão Restore MS Hosts Files e feche o programa.

 

 

2ª Etapa

 

- Faça o download do BankerFix e salve-o no desktop;

 

● Desabilite o seu antivírus temporariamente para não detectar a ferramenta como vírus;

● Dê um duplo clique em bankerfix.exe;

● Surgirá uma mensagem dizendo que o mesmo será baixado via internet;

● Clique em OK > OK. Tecle Enter e aguarde o término do scan;

● Terminado o scan, leia a mensagem na tela e tecle Enter novamente.

● Será gerado um log em C:\LinhaDefensiva\relatorio.txt.

 

Cole este log em sua próxima resposta, juntamente com um novo log do HijackThis.

 

Delete a pasta C:\LinhaDefensiva após colar seu log aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

eu fiz oq você falow mais na hora de rodar o bankerfix da esse erro

 

Nao e possivel encontrar o mecanismo de script "VBScript" para o script "C:\LinhaDefensiva\Iniciar-Bankerfix.vbs."

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora rodou tudo certinho!

 

scan do bankerfix

 

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-04-21 - 19:10

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\hosts

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\openow.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\upwin.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\vem.txt

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\configex.dll

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\MEGATRON.ini

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\WINDOWS\system32\msghot.dll

Arquivo infectado removido com sucesso!

 

 

 

----- Fim -------------------------

 

agora o scan do hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:11:46, on 21/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre6\bin\java.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Startup: Scheduler.lnk = C:\Arquivos de programas\3B Software\Common\Scheduler\wcomschd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204139434593

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 8498 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

1ª Etapa

 

Vá em Painel de Controle > Adicionar ou Remover Programas. Veja se o item Crawler Toolbar consta na lista, se sim, desinstale-o.

 

Execute o HijackThis e clique em Do a system scan only. Marque as entradas abaixo no log e clique em Fix Checked.

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

Clique em Sim na mensagem e feche o HijackThis.

 

 

2ª Etapa

 

- Faça o download do RSIT e salve no seu desktop;

 

● Dê dois cliques em RSIT.exe para executar o programa;

● Na janela que abrir, selecione a opção "2 months" e clique em Continue para que a ferramenta rode;

 

107055s.jpg

 

● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;

● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

 

 

3ª Etapa

 

Troque todas as senhas utilizadas no PC, como: Senha de Orkut, MSN, banco online (caso acesse, entre em contato com a administração do banco), de jogos e etc.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pronto troquei todas as senhas !

 

log.txt

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrador at 2009-04-21 19:53:01

Microsoft Windows XP Professional Service Pack 2

System drive C: has 5 GB (13%) free of 39 GB

Total RAM: 1535 MB (60% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:53:17, on 21/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AlienGUIse\wbload.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Java\jre6\bin\java.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Teamspeak2_RC2\TeamSpeak.exe

C:\Documents and Settings\Administrador\Desktop\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Administrador\Desktop\securit\Administrador.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

O4 - Startup: Scheduler.lnk = C:\Arquivos de programas\3B Software\Common\Scheduler\wcomschd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204139434593

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 7951 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-15 308856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2003-05-07 36864]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"TkBellExe"=C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [2008-08-15 185896]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"QuickTime Task"=C:\Arquivos de programas\QuickTime\QTTask.exe [2009-01-05 413696]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-02-14 7630848]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []

"avast!"=C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"SunJavaUpdateSched"=C:\Arquivos de programas\Java\jre6\bin\jusched.exe [2009-03-09 148888]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Regsister WScript"=wscript -regserver []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

"MsnMsgr"=C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe

Scheduler.lnk - C:\Arquivos de programas\3B Software\Common\Scheduler\wcomschd.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

C:\Arquivos de programas\AlienGUIse\fastload.dll [2001-12-20 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoSharedDocuments"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ForceClassicControlPanel"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Arquivos de programas\Megacubo\bin\minifly.exe"="C:\Arquivos de programas\Megacubo\bin\minifly.exe:*:Enabled:MiniFly"

"C:\Arquivos de programas\Megacubo\megasrv.exe"="C:\Arquivos de programas\Megacubo\megasrv.exe:*:Enabled:MegaSrv"

"C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"

"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{162ef53a-955d-11dd-8f57-000d87d45f47}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

 

======List of files/folders created in the last 3 months======

 

2009-04-21 19:53:01 ----D---- C:\rsit

2009-04-21 19:08:49 ----D---- C:\WINDOWS\LastGood

2009-04-20 01:41:55 ----A---- C:\WINDOWS\wb.ini

2009-04-20 01:41:55 ----A---- C:\WINDOWS\system32\wbsys.dll

2009-04-20 01:41:54 ----D---- C:\Arquivos de programas\Arquivos comuns\Stardock

2009-04-20 01:41:54 ----D---- C:\Arquivos de programas\AlienGUIse

2009-04-19 00:13:15 ----D---- C:\Arquivos de programas\Valve

2009-04-18 19:52:21 ----D---- C:\Arquivos de programas\Eidos Interactive

2009-04-11 01:24:37 ----A---- C:\WINDOWS\system32\DivXc32f.dll

2009-04-10 17:55:01 ----ASH---- C:\Arquivos de programas\desktop.ini

2009-04-10 17:46:50 ----D---- C:\Arquivos de programas\iColorFolder

2009-04-10 04:32:30 ----H---- C:\WINDOWS\system32\mstwain32.exe

2009-04-09 01:44:04 ----D---- C:\WINDOWS\ie8updates

2009-04-09 01:41:25 ----D---- C:\WINDOWS\WBEM

2009-04-09 01:39:31 ----HDC---- C:\WINDOWS\ie8

2009-04-09 01:39:31 ----D---- C:\WINDOWS\system32\pt-BR

2009-04-08 20:10:35 ----D---- C:\Arquivos de programas\mIRC

2009-04-08 14:04:13 ----A---- C:\WINDOWS\system32\javaws.exe

2009-04-08 14:04:13 ----A---- C:\WINDOWS\system32\javaw.exe

2009-04-08 14:04:13 ----A---- C:\WINDOWS\system32\java.exe

2009-03-31 21:36:28 ----D---- C:\Arquivos de programas\Microsoft

2009-03-31 21:36:06 ----D---- C:\Arquivos de programas\Windows Live SkyDrive

2009-03-31 20:28:46 ----D---- C:\Arquivos de programas\Circle Dvelopement

2009-03-29 21:00:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2009-03-28 02:31:56 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2009-03-21 12:55:31 ----D---- C:\Arquivos de programas\Arquivos comuns\Windows Live

2009-03-20 17:47:52 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-03-18 13:05:46 ----A---- C:\WINDOWS\update.exe

2009-03-18 13:05:42 ----A---- C:\WINDOWS\apsou.vbs

2009-03-17 03:17:04 ----A---- C:\WINDOWS\Config.ini

2009-03-17 02:25:15 ----D---- C:\Arquivos de programas\Despertador

2009-03-17 02:25:07 ----N---- C:\WINDOWS\Setup1.exe

2009-03-12 00:08:46 ----D---- C:\Arquivos de programas\Robster Productions

2009-03-10 20:42:23 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2009-03-10 09:00:25 ----D---- C:\WINDOWS\nview

2009-03-10 09:00:25 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-03-10 08:59:58 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

2009-03-08 14:35:34 ----N---- C:\WINDOWS\system32\ieframe.dll.mui

2009-03-08 14:35:16 ----N---- C:\WINDOWS\system32\msrating.dll.mui

2009-03-08 14:35:00 ----N---- C:\WINDOWS\system32\mshta.exe.mui

2009-03-08 14:32:34 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui

2009-03-08 14:32:32 ----N---- C:\WINDOWS\system32\advpack.dll.mui

2009-03-08 14:32:16 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui

2009-03-08 04:39:48 ----N---- C:\WINDOWS\system32\ieframe.dll

2009-03-08 04:34:48 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe

2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe

2009-03-08 04:32:26 ----N---- C:\WINDOWS\system32\msfeeds.dll

2009-03-08 04:32:22 ----N---- C:\WINDOWS\system32\iertutil.dll

2009-03-08 04:31:54 ----N---- C:\WINDOWS\system32\msfeedssync.exe

2009-03-08 04:31:52 ----N---- C:\WINDOWS\system32\msfeedsbs.dll

2009-03-08 04:31:52 ----N---- C:\WINDOWS\system32\icardie.dll

2009-03-08 04:22:46 ----N---- C:\WINDOWS\system32\ieui.dll

2009-03-08 04:11:12 ----N---- C:\WINDOWS\system32\ieapfltr.dll

2009-03-02 15:18:31 ----D---- C:\Arquivos de programas\Gabest

2009-02-28 04:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$

2009-02-28 04:25:35 ----AC---- C:\WINDOWS\system32\DXGI_beta.dll

2009-02-28 04:25:34 ----AC---- C:\WINDOWS\system32\D3DX11_40.dll

2009-02-28 04:25:34 ----AC---- C:\WINDOWS\system32\D3DX10d_40.dll

2009-02-28 04:25:34 ----AC---- C:\WINDOWS\system32\D3DX10d.dll

2009-02-28 04:25:34 ----AC---- C:\WINDOWS\system32\D3D11Ref.dll

2009-02-28 04:25:34 ----A---- C:\WINDOWS\system32\D3D11SDKLayers.dll

2009-02-28 04:25:33 ----AC---- C:\WINDOWS\system32\D3D11_beta.dll

2009-02-28 04:25:33 ----AC---- C:\WINDOWS\system32\D3D11.dll

2009-02-28 04:25:33 ----AC---- C:\WINDOWS\system32\D3D10WARP_beta.dll

2009-02-28 04:25:33 ----AC---- C:\WINDOWS\system32\D3D10WARP.dll

2009-02-28 04:25:33 ----AC---- C:\WINDOWS\system32\D3D10Level9_beta.dll

2009-02-28 04:25:32 ----AC---- C:\WINDOWS\system32\D3D10Level9.dll

2009-02-28 04:25:31 ----A---- C:\WINDOWS\system32\unins000.exe

2009-02-28 04:25:31 ----A---- C:\WINDOWS\system32\MyProg.exe

2009-02-28 04:24:39 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-02-28 04:24:38 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2009-02-28 04:23:39 ----D---- C:\Arquivos de programas\Windows Media Connect 2

2009-02-28 03:30:14 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\mIRC

2009-02-14 23:37:49 ----D---- C:\WINDOWS\CS Online Pro Addons

2009-02-11 19:20:47 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2

2009-02-11 19:20:31 ----D---- C:\Arquivos de programas\Teamspeak2_RC2

2009-02-11 13:01:50 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2009-02-11 12:59:11 ----D---- C:\Arquivos de programas\QuickTime

2009-02-11 12:59:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2009-02-11 12:58:33 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2009-02-11 12:58:33 ----D---- C:\Arquivos de programas\Apple Software Update

2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll

2009-02-06 05:06:00 ----AC---- C:\WINDOWS\Winchat.ini

 

======List of files/folders modified in the last 3 months======

 

2009-04-21 19:53:01 ----D---- C:\WINDOWS\Prefetch

2009-04-21 19:26:41 ----D---- C:\Arquivos de programas\sXe Injected

2009-04-21 19:10:25 ----HD---- C:\WINDOWS\system32

2009-04-21 19:10:20 ----RD---- C:\WINDOWS

2009-04-21 19:08:59 ----D---- C:\WINDOWS\Temp

2009-04-21 19:08:59 ----D---- C:\WINDOWS\system32\DllCache

2009-04-21 19:08:56 ----HD---- C:\WINDOWS\inf

2009-04-21 19:08:56 ----D---- C:\WINDOWS\Help

2009-04-21 19:08:46 ----D---- C:\WINDOWS\system32\CatRoot2

2009-04-21 17:21:29 ----D---- C:\Arquivos de programas\Mozilla Firefox

2009-04-21 16:57:13 ----RD---- C:\cs-no steam

2009-04-21 06:15:32 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-04-21 05:48:18 ----D---- C:\Arquivos de programas\Winamp

2009-04-21 05:04:15 ----RD---- C:\cs off-line

2009-04-21 04:15:49 ----A---- C:\WINDOWS\NeroDigital.ini

2009-04-21 02:38:02 ----D---- C:\Arquivos de programas\Windows Media Player

2009-04-20 01:41:54 ----RD---- C:\Arquivos de programas

2009-04-20 01:41:54 ----D---- C:\Arquivos de programas\Arquivos comuns

2009-04-18 16:30:30 ----SHD---- C:\WINDOWS\Installer

2009-04-11 18:45:14 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2009-04-11 18:45:07 ----D---- C:\Arquivos de programas\Spyware Terminator

2009-04-11 18:41:25 ----D---- C:\Documents and Settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-04-10 17:55:04 ----ASH---- C:\WINDOWS\desktop.ini

2009-04-10 17:55:03 ----RD---- C:\SIERRA

2009-04-10 17:55:03 ----RD---- C:\Program Files

2009-04-10 17:55:03 ----RD---- C:\fire fox

2009-04-10 17:55:03 ----RD---- C:\drivers

2009-04-10 17:55:02 ----RD---- C:\Documents and Settings

2009-04-10 17:55:01 ----RD---- C:\Worms Armagedon

2009-04-10 17:55:01 ----RD---- C:\Combat Arms

2009-04-10 17:55:01 ----RD---- C:\CCLEANER Limpa lixo

2009-04-10 17:55:01 ----RD---- C:\arruma erros

2009-04-10 17:55:01 ----RD---- C:\Anti-Spyware

2009-04-09 03:20:44 ----D---- C:\WINDOWS\Debug

2009-04-09 03:20:43 ----D---- C:\WINDOWS\Minidump

2009-04-09 01:47:08 ----D---- C:\Arquivos de programas\Internet Explorer

2009-04-09 01:43:38 ----HD---- C:\WINDOWS\$hf_mig$

2009-04-09 01:41:11 ----D---- C:\WINDOWS\Media

2009-04-08 14:04:12 ----D---- C:\Arquivos de programas\Java

2009-04-01 07:07:39 ----D---- C:\WINDOWS\system32\Restore

2009-03-31 21:36:48 ----D---- C:\WINDOWS\WinSxS

2009-03-31 21:35:22 ----D---- C:\Arquivos de programas\Windows Live

2009-03-31 20:28:43 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2009-03-30 18:34:08 ----D---- C:\WINDOWS\system32\drivers

2009-03-29 20:58:58 ----RSD---- C:\WINDOWS\Fonts

2009-03-29 20:52:31 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2009-03-22 16:02:22 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2009-03-21 12:55:30 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2009-03-20 17:47:49 ----D---- C:\Arquivos de programas\Alwil Software

2009-03-17 15:23:58 ----D---- C:\Arquivos de programas\PokerStars.NET

2009-03-17 02:25:04 ----A---- C:\WINDOWS\ST6UNST.EXE

2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll

2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll

2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll

2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll

2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll

2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll

2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll

2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll

2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll

2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll

2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll

2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll

2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll

2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll

2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll

2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll

2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll

2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll

2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll

2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll

2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll

2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll

2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll

2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll

2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe

2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll

2009-02-28 04:28:50 ----D---- C:\WINDOWS\AppPatch

2009-02-28 04:24:43 ----D---- C:\WINDOWS\system32\CatRoot

2009-02-28 04:23:52 ----A---- C:\WINDOWS\win.ini

2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe

2009-02-23 11:19:52 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-18 16:12:55 ----SD---- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft

2009-02-11 12:58:41 ----SD---- C:\WINDOWS\Tasks

2009-02-05 00:47:40 ----D---- C:\WINDOWS\system32\config

2009-02-05 00:47:17 ----D---- C:\WINDOWS\system32\wbem

2009-02-05 00:47:17 ----D---- C:\WINDOWS\Registration

2009-02-02 17:47:30 ----RSD---- C:\WINDOWS\assembly

2009-02-02 17:47:30 ----D---- C:\WINDOWS\Microsoft.NET

2009-01-27 17:47:18 ----D---- C:\Arquivos de programas\VirtualDJ

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2005-08-30 41472]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]

R3 ddsxeiservice;ddsxeiservice2; \??\C:\Arquivos de programas\sXe Injected\ddsxei.sys []

R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-02-14 3958496]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 112223333;112223333; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\1.sys []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-08-31 17024]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Arquivos de programas\MediaCoder\SysInfo.sys []

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Documents and Settings\Administrador\Meus documentos\besteiras\_www.thegenius.us_Everest_UE_4.20.1183_beta.Reg.Multi-Idiomas_by.Dreamer\kerneld.wnt []

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-08-31 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-08-31 85376]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2005-08-31 10880]

S3 PciCon;PciCon; \??\E:\PciCon.sys []

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-26 47360]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2005-08-31 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2005-08-31 15360]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-08-31 25856]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-08-31 26496]

S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2003-07-16 260224]

S3 WallHack;WallHack; \??\C:\Documents and Settings\Administrador\Desktop\sxe7.7-WH - www.sicheats.com\WallHack.sys []

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-08-31 19328]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2009-03-09 152984]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-02-14 155715]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2008-05-15 606720]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-16 2736890]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

 

-----------------EOF-----------------

 

 

info.txt

 

info.txt logfile of random's system information tool 1.06 2009-04-21 19:53:31

 

======Uninstall list======

 

-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ActivationManager-->"C:\Arquivos de programas\ActivationManager\Uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

AlienGUIse Theme Manager-->C:\ARQUIV~1\ALIENG~1\thememgr.exe /uninstallwise

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Ares 2.0.9-->"C:\Arquivos de programas\Ares\uninstall.exe"

Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}

Atualização de Segurança para o Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Atualização para Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"

Atualização para Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Atualização para Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Atualização para Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Atualização para Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Atualização para Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Atualização para Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Atualização para Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Atualização para Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Atualização para Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Atualização para Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Atualização para Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Atualização para Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"

avast! Antivirus-->C:\Arquivos de programas\Alwil Software\Avast4\aswRunDll.exe "C:\Arquivos de programas\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

CCleaner (remove only)-->"C:\Arquivos de programas\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe

Counter-Strike 1.6-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19

CS Online Pro Addons-->"C:\WINDOWS\CS Online Pro Addons\uninstall.exe" "/U:C:\Arquivos de Programas\Valve\cstrike\Uninstall\uninstall.xml"

Dirrect X11Beta-->"c:\windows\system32\unins000.exe"

DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf

Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

HijackThis 2.0.2-->"C:\Documents and Settings\Administrador\Desktop\HijackThis.exe" /uninstall

Hitman (remove only)-->"C:\Arquivos de programas\Eidos Interactive\IO Interactive\Hitman\Uninstall.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

ICatch (VI) PC Camera-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}\setup.exe"

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Codec Pack 3.5.3 Full-->"C:\Arquivos de programas\K-Lite Codec Pack\unins000.exe"

KM400/KN400 Display Driver and Utilities-->C:\ARQUIV~1\S3Inc\S3\s3setvga.exe -s -fC:\ARQUIV~1\S3Inc\S3\S3.uns

Messenger Plus! Live & Sponsor (CiD)-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"

mIRC-->C:\Arquivos de programas\mIRC\uninstall.exe _?=C:\Arquivos de programas\mIRC

Mozilla Firefox (3.0.8)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Nero Suite-->C:\Arquivos de programas\Arquivos comuns\Nero\Uninstall\SetupX.exe /uninstall ExtraUninstallID=""

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Octinium - SourceLeague-->C:\Documents and Settings\Administrador\Meus documentos\oct\Desinstalar.exe

overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}

PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}

PokerStars.net-->"C:\Arquivos de programas\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

RamBooster-->MsiExec.exe /I{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}

RealPlayer-->C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'

S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'

S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'

S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SopCast 3.0.3-->C:\Arquivos de programas\SopCast\uninst.exe

Spyware Terminator-->"C:\Arquivos de programas\Spyware Terminator\unins000.exe"

sXe Injected-->"C:\Arquivos de programas\sXe Injected\uninstall.exe"

sXe Injected-->C:\Arquivos de programas\sXe Injected\uninstall.exe

TeamSpeak 2 RC2-->"C:\Arquivos de programas\Teamspeak2_RC2\unins000.exe"

VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

VIMICRO USB PC Camera-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9

Virtual DJ - Atomix Productions-->C:\ARQUIV~1\VIRTUA~1\UNWISE.EXE C:\ARQUIV~1\VIRTUA~1\INSTALL.LOG

VobSub v2.23 (Remove Only)-->"C:\Arquivos de programas\Gabest\VobSub\uninstall.exe"

Winamp-->"C:\Arquivos de programas\Winamp\UninstWA.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Arquivos de programas\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{3B96F4EA-CD82-4C57-B86A-646A017CAF18}

Windows Live Messenger-->MsiExec.exe /X{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

 

=====HijackThis Backups=====

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337 [2009-04-21]

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-04-21]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60337 [2009-04-21]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337 [2009-04-21]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337 [2009-04-21]

 

======Hosts File======

 

127.0.0.1 localhost

 

======Security center information======

 

AV: avast! antivirus 4.8.1335 [VPS 090421-0]

 

======System event log======

 

Computer Name: D8CB40EB0F9641A

Event Code: 26

Message: Popup de aplicativo: : Machine Check:

 

Record Number: 5

Source Name: Application Popup

Time Written: 20090408114904.000000-180

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 26

Message: Popup de aplicativo: : Machine Check: Regs

 

Record Number: 4

Source Name: Application Popup

Time Written: 20090408114904.000000-180

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 26

Message: Popup de aplicativo: : Machine Check:

 

Record Number: 3

Source Name: Application Popup

Time Written: 20090408114904.000000-180

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 6005

Message: O serviço Log de eventos foi iniciado.

 

Record Number: 2

Source Name: EventLog

Time Written: 20090408114851.000000-180

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20090408114851.000000-180

Event Type: Informações

User:

 

=====Application event log=====

 

Computer Name: D8CB40EB0F9641A

Event Code: 101

Message: msnmsgr (3936) O mecanismo de banco de dados parou.

 

Record Number: 10629

Source Name: ESENT

Time Written: 20090215131442.000000-120

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 103

Message: msnmsgr (3936) \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\lu4n_nick@hotmail.com\SharingMetadata\Working\database_AFC_B4BD_FCB4_A47B\dfsr.db: O mecanismo de banco de dados interrompeu uma instância (0).

 

Record Number: 10628

Source Name: ESENT

Time Written: 20090215131442.000000-120

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 102

Message: msnmsgr (3936) \\.\C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Messenger\lu4n_nick@hotmail.com\SharingMetadata\Working\database_AFC_B4BD_FCB4_A47B\dfsr.db: O mecanismo de banco de dados iniciou uma nova instância (0).

 

Record Number: 10627

Source Name: ESENT

Time Written: 20090215130708.000000-120

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 100

Message: msnmsgr (3936) O mecanismo de banco de dados 5.01.2600.2780 foi iniciado.

 

Record Number: 10626

Source Name: ESENT

Time Written: 20090215130708.000000-120

Event Type: Informações

User:

 

Computer Name: D8CB40EB0F9641A

Event Code: 101

Message: msnmsgr (3936) O mecanismo de banco de dados parou.

 

Record Number: 10625

Source Name: ESENT

Time Written: 20090215130650.000000-120

Event Type: Informações

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Arquivos de programas\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Arquivos de programas\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"VERSION"=2.1.5

"SESSIONID"=1215441932684g1u0358c.austin.hp.com-21c4a205:11b73e19b35:220a

"COLLECTIONID"=COL7299

"ITEMID"=oj-21918-1

"TOOLPATH"=/C:\Arquivos%20de%20programas\Hewlett-Packard\HP%20Software%20Update\install.htm

"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet

"SWUTVER"=1.0.18.30716

"OSVER"=winXPP

"LANG"=1046

"TIMEOUT"=0

"CLASSPATH"=.;C:\Arquivos de programas\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Arquivos de programas\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do ComboFix e salve-o na área de trabalho;

 

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;

● Duplo clique no ícone combofix.exe para iniciar o scan;

● Leia o contrato que aparecerá e clique em Sim para continuar;

● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;

● Aguarde enquanto o ComboFix faz o scan;

● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;

Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;

● Se quiser sair ou parar o ComboFix, tecle N;

● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;

● Será gerado um log em C:\ComboFix.txt.

 

Cole este log em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

scan combofix

 

ComboFix 09-04-22.02 - Administrador 21/04/2009 21:24:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1166 [GMT -3:00]

Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\Administrador\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

C:\Documents and Settings\Administrador\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

C:\Documents and Settings\Administrador\Dados de aplicativos\addon.dat

C:\Documents and Settings\Administrador\Dados de aplicativos\addons.dat

C:\WINDOWS\config.ini

C:\WINDOWS\system32\28463

C:\WINDOWS\system32\28463\AKV.exe

C:\WINDOWS\system32\28463\KBND.001

C:\WINDOWS\system32\28463\KBND.002

C:\WINDOWS\system32\28463\KBND.005

C:\WINDOWS\system32\28463\KBND.006

C:\WINDOWS\system32\28463\KBND.009

C:\WINDOWS\update.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_OREANS32

-------\Service_oreans32

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))

.

 

2009-04-22 00:28:20 . 2009-04-22 00:28:20 0 d-----w C:\WINDOWS\system32\xircom

2009-04-22 00:28:20 . 2009-04-22 00:28:20 0 d-----w C:\WINDOWS\system32\oobe

2009-04-21 22:53:01 . 2009-04-21 22:53:31 0 d-----w C:\rsit

2009-04-21 05:50:28 . 2009-04-21 05:50:28 5760054 ----a-w C:\WINDOWS\ALX_1600x1200.bmp

2009-04-21 05:49:38 . 2009-04-21 05:49:38 5760054 ----a-w C:\WINDOWS\AW_1600x1200.bmp

2009-04-21 05:47:34 . 2009-04-21 05:47:34 3932214 ----a-w C:\WINDOWS\InvaderDark1280.bmp

2009-04-21 05:40:02 . 2009-04-21 05:40:02 23392 ----a-w C:\WINDOWS\system32\nscompat.tlb

2009-04-21 05:40:02 . 2009-04-21 05:40:02 16832 ----a-w C:\WINDOWS\system32\amcompat.tlb

2009-04-20 18:58:43 . 2009-04-21 05:50:55 3932214 ----a-w C:\WINDOWS\AW_XenoMorph1280.bmp

2009-04-20 04:43:23 . 2005-02-01 16:20:28 5760056 ----a-w C:\WINDOWS\Darkstar.bmp

2009-04-20 04:41:55 . 2009-04-20 04:41:55 64 ----a-w C:\WINDOWS\wb.ini

2009-04-20 04:41:55 . 2003-02-27 01:27:44 36864 ----a-w C:\WINDOWS\system32\wbsys.dll

2009-04-11 04:24:37 . 2000-04-01 08:35:00 414272 ----a-w C:\WINDOWS\system32\DivXc32f.dll

2009-04-10 20:55:02 . 2009-04-10 20:55:03 114 --sha-w C:\Documents and Settings\desktop.ini

2009-04-10 07:32:31 . 2009-04-22 00:23:41 40012 ---h--w C:\WINDOWS\system32\logg.dat

2009-04-10 07:32:30 . 2009-04-08 00:49:38 815184 ---h--w C:\WINDOWS\system32\mstwain32.exe

2009-04-09 06:20:38 . 2009-04-09 06:20:38 0 d-sh--w C:\Documents and Settings\Administrador\IECompatCache

2009-04-09 04:50:57 . 2009-04-09 04:50:57 0 d-sh--w C:\Documents and Settings\Administrador\PrivacIE

2009-04-09 04:47:43 . 2009-04-09 04:47:43 0 d-sh--w C:\Documents and Settings\Administrador\IETldCache

2009-04-09 04:44:04 . 2009-04-09 04:44:04 0 d-----w C:\WINDOWS\ie8updates

2009-04-09 04:39:31 . 2009-04-09 04:41:40 0 dc-h--w C:\WINDOWS\ie8

2009-04-09 04:39:31 . 2009-04-09 04:41:25 0 d-----w C:\WINDOWS\system32\pt-BR

2009-04-09 03:42:16 . 2009-04-09 03:42:16 0 d-----w C:\Documents and Settings\Administrador\dwhelper

2009-04-08 21:51:58 . 2009-04-08 21:51:58 0 d-----w C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\RapidShare_

2009-03-30 05:20:04 . 2009-02-28 04:55:00 105984 ------w C:\WINDOWS\system32\dllcache\iecompat.dll

2009-03-30 00:00:14 . 2009-03-30 00:00:14 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2009-03-28 05:31:56 . 2009-03-28 05:31:56 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles

2009-03-25 18:14:03 . 2009-03-25 18:15:00 1598976 ----a-w C:\SteamInstall.msi

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 00:28:18 . 2009-04-22 00:28:18 0 d-----w C:\Arquivos de programas\microsoft frontpage

2009-04-21 23:47:58 . 2008-02-26 17:43:32 230560 ----a-w C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-21 22:44:42 . 2009-02-11 22:20:31 0 d-----w C:\Arquivos de programas\Teamspeak2_RC2

2009-04-21 22:42:09 . 2009-04-19 03:13:15 0 d-----w C:\Arquivos de programas\Valve

2009-04-21 22:26:41 . 2008-02-27 18:05:53 0 d-----w C:\Arquivos de programas\sXe Injected

2009-04-21 08:48:18 . 2008-02-27 16:02:17 0 d-----w C:\Arquivos de programas\Winamp

2009-04-21 05:50:19 . 2009-04-20 04:41:54 0 d-----w C:\Arquivos de programas\AlienGUIse

2009-04-20 04:41:54 . 2009-04-20 04:41:54 0 d-----w C:\Arquivos de programas\Arquivos comuns\Stardock

2009-04-18 22:52:21 . 2009-04-18 22:52:21 0 d-----w C:\Arquivos de programas\Eidos Interactive

2009-04-11 23:05:38 . 2009-03-31 23:28:46 0 d-----w C:\Arquivos de programas\Circle Dvelopement

2009-04-11 21:45:14 . 2008-02-27 19:43:07 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2009-04-11 21:45:07 . 2008-02-27 19:43:02 0 d-----w C:\Arquivos de programas\Spyware Terminator

2009-04-11 21:41:25 . 2008-02-27 19:43:06 0 d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-04-11 00:49:13 . 2009-02-28 06:30:14 0 d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\mIRC

2009-04-10 20:55:29 . 2009-04-10 20:46:50 0 d-----w C:\Arquivos de programas\iColorFolder

2009-04-10 20:55:01 . 2009-04-10 20:55:01 114 --sha-w C:\Arquivos de programas\desktop.ini

2009-04-10 17:55:41 . 2009-04-08 23:10:35 0 d-----w C:\Arquivos de programas\mIRC

2009-04-08 17:04:12 . 2008-08-16 01:15:38 0 d-----w C:\Arquivos de programas\Java

2009-04-01 00:36:28 . 2009-04-01 00:36:28 0 d-----w C:\Arquivos de programas\Microsoft

2009-04-01 00:36:06 . 2009-04-01 00:36:06 0 d-----w C:\Arquivos de programas\Windows Live SkyDrive

2009-04-01 00:35:22 . 2008-02-27 19:58:10 0 d-----w C:\Arquivos de programas\Windows Live

2009-03-31 23:28:43 . 2008-02-27 19:58:06 0 d-----w C:\Arquivos de programas\Messenger Plus! Live

2009-03-29 23:52:31 . 2008-02-27 19:14:33 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2009-03-29 23:17:02 . 2009-03-17 05:25:15 0 d-----w C:\Arquivos de programas\Despertador

2009-03-21 15:55:31 . 2009-03-21 15:55:31 0 d-----w C:\Arquivos de programas\Arquivos comuns\Windows Live

2009-03-20 20:47:49 . 2008-02-27 18:23:56 0 d-----w C:\Arquivos de programas\Alwil Software

2009-03-17 18:23:58 . 2009-01-20 00:44:33 0 d-----w C:\Arquivos de programas\PokerStars.NET

2009-03-17 05:25:07 . 2009-03-17 05:25:07 249856 ------w C:\WINDOWS\Setup1.exe

2009-03-17 05:25:04 . 2008-10-31 20:37:44 73216 ----a-w C:\WINDOWS\ST6UNST.EXE

2009-03-12 03:08:46 . 2009-03-12 03:08:46 0 d-----w C:\Arquivos de programas\Robster Productions

2009-03-10 23:42:23 . 2009-03-10 23:42:23 0 d-----w C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

2009-03-10 12:07:37 . 2009-03-10 12:07:37 268 ---ha-w C:\sqmdata10.sqm

2009-03-10 12:07:37 . 2009-03-10 12:07:37 244 ---ha-w C:\sqmnoopt10.sqm

2009-03-10 12:03:31 . 2009-03-10 12:03:31 268 ---ha-w C:\sqmdata09.sqm

2009-03-10 12:03:31 . 2009-03-10 12:03:31 244 ---ha-w C:\sqmnoopt09.sqm

2009-03-09 08:19:08 . 2009-01-08 08:26:48 410984 ----a-w C:\WINDOWS\system32\deploytk.dll

2009-03-08 17:09:26 . 2009-03-08 17:09:26 638816 ------w C:\WINDOWS\system32\DllCache\iexplore.exe

2009-03-08 17:09:26 . 2009-03-08 17:09:26 391536 ------w C:\WINDOWS\system32\DllCache\iedkcs32.dll

2009-03-08 07:41:16 . 2007-12-07 14:37:10 5937152 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll

2009-03-08 07:34:58 . 2007-12-07 01:07:12 914944 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll

2009-03-08 07:34:58 . 2005-08-31 02:13:54 914944 ----a-w C:\WINDOWS\system32\wininet.dll

2009-03-08 07:34:56 . 2007-12-07 01:07:12 1206784 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll

2009-03-08 07:34:48 . 2009-03-08 07:34:48 236544 ------w C:\WINDOWS\system32\DllCache\webcheck.dll

2009-03-08 07:34:30 . 2009-03-08 07:34:30 43008 ------w C:\WINDOWS\system32\DllCache\licmgr10.dll

2009-03-08 07:34:30 . 2004-08-03 21:45:24 43008 ----a-w C:\WINDOWS\system32\licmgr10.dll

2009-03-08 07:34:28 . 2009-03-08 07:34:28 105984 ------w C:\WINDOWS\system32\DllCache\url.dll

2009-03-08 07:34:18 . 2009-03-08 07:34:18 109568 ------w C:\WINDOWS\system32\DllCache\occache.dll

2009-03-08 07:34:18 . 2007-12-07 01:07:10 193536 ----a-w C:\WINDOWS\system32\DllCache\msrating.dll

2009-03-08 07:33:48 . 2007-06-26 13:57:02 759296 ----a-w C:\WINDOWS\system32\DllCache\VGX.dll

2009-03-08 07:33:40 . 2009-03-08 07:33:40 18944 ------w C:\WINDOWS\system32\DllCache\corpol.dll

2009-03-08 07:33:40 . 2004-08-03 21:45:22 18944 ----a-w C:\WINDOWS\system32\corpol.dll

2009-03-08 07:33:26 . 2007-12-07 01:07:08 25600 ----a-w C:\WINDOWS\system32\DllCache\jsproxy.dll

2009-03-08 07:33:08 . 2009-03-08 07:33:08 229376 ------w C:\WINDOWS\system32\DllCache\ieaksie.dll

2009-03-08 07:33:02 . 2009-03-08 07:33:02 125952 ------w C:\WINDOWS\system32\DllCache\ieakeng.dll

2009-03-08 07:32:56 . 2009-03-08 07:32:56 72704 ------w C:\WINDOWS\system32\DllCache\admparse.dll

2009-03-08 07:32:56 . 2004-08-03 21:45:22 72704 ----a-w C:\WINDOWS\system32\admparse.dll

2009-03-08 07:32:54 . 2009-03-08 07:32:54 173056 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe

2009-03-08 07:32:52 . 2009-03-08 07:32:52 163840 ------w C:\WINDOWS\system32\DllCache\ieakui.dll

2009-03-08 07:32:50 . 2009-03-08 07:32:50 71680 ------w C:\WINDOWS\system32\DllCache\iesetup.dll

2009-03-08 07:32:50 . 2009-03-08 07:32:50 55808 ------w C:\WINDOWS\system32\DllCache\iernonce.dll

2009-03-08 07:32:50 . 2004-08-03 21:45:24 71680 ----a-w C:\WINDOWS\system32\iesetup.dll

2009-03-08 07:32:48 . 2009-03-08 07:32:48 128512 ------w C:\WINDOWS\system32\DllCache\advpack.dll

2009-03-08 07:32:46 . 2007-12-07 01:07:08 94720 ----a-w C:\WINDOWS\system32\DllCache\inseng.dll

2009-03-08 07:32:04 . 2007-12-07 01:07:10 611840 ----a-w C:\WINDOWS\system32\DllCache\mstime.dll

2009-03-08 07:31:56 . 2007-12-07 01:07:08 183808 ----a-w C:\WINDOWS\system32\DllCache\iepeers.dll

2009-03-08 07:31:44 . 2007-12-07 01:07:08 348160 ----a-w C:\WINDOWS\system32\DllCache\dxtmsft.dll

2009-03-08 07:31:38 . 2009-03-08 07:31:38 34816 ------w C:\WINDOWS\system32\DllCache\imgutil.dll

2009-03-08 07:31:38 . 2007-12-07 01:07:08 216064 ----a-w C:\WINDOWS\system32\DllCache\dxtrans.dll

2009-03-08 07:31:38 . 2004-08-03 21:45:24 34816 ----a-w C:\WINDOWS\system32\imgutil.dll

2009-03-08 07:31:36 . 2007-12-07 01:07:10 46592 ----a-w C:\WINDOWS\system32\DllCache\pngfilt.dll

2009-03-08 07:31:26 . 2007-12-07 01:07:10 66560 ----a-w C:\WINDOWS\system32\DllCache\mshtmled.dll

2009-03-08 07:31:18 . 2009-03-08 07:31:18 48128 ------w C:\WINDOWS\system32\DllCache\mshtmler.dll

2009-03-08 07:31:18 . 2004-08-03 21:44:30 48128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2009-03-08 07:31:02 . 2009-03-08 07:31:02 45568 ------w C:\WINDOWS\system32\DllCache\mshta.exe

2009-03-08 07:31:02 . 2004-08-03 21:45:40 45568 ----a-w C:\WINDOWS\system32\mshta.exe

2009-03-08 07:24:28 . 2009-03-08 07:24:28 68608 ------w C:\WINDOWS\system32\DllCache\hmmapi.dll

2009-03-08 07:22:38 . 2009-03-08 07:22:38 156160 ------w C:\WINDOWS\system32\DllCache\msls31.dll

2009-03-08 07:22:38 . 2001-10-28 11:07:04 156160 ----a-w C:\WINDOWS\system32\msls31.dll

2009-03-02 18:18:31 . 2009-03-02 18:18:31 0 d-----w C:\Arquivos de programas\Gabest

2009-02-28 07:25:36 . 2009-02-28 07:25:31 2179 -c--a-w C:\WINDOWS\system32\unins000.dat

2009-02-28 07:25:20 . 2009-02-28 07:25:31 728858 ----a-w C:\WINDOWS\system32\unins000.exe

2009-02-28 07:23:41 . 2009-02-28 07:23:39 0 d-----w C:\Arquivos de programas\Windows Media Connect 2

2009-02-23 14:19:52 . 2001-10-28 11:07:18 68578 ----a-w C:\WINDOWS\system32\perfc016.dat

2009-02-23 14:19:52 . 2001-10-28 11:07:18 427700 ----a-w C:\WINDOWS\system32\perfh016.dat

2009-02-06 21:52:40 . 2009-02-06 21:52:40 49504 ----a-w C:\WINDOWS\system32\sirenacm.dll

2008-08-22 22:22:47 . 2009-03-01 18:19:42 840625 -c--a-w C:\Documents and Settings\Administrador\dos.exe

2008-04-14 02:41:56 . 2008-04-14 02:41:56 146 -c--a-w C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\fusioncache.dat

2008-02-27 11:26:42 . 2008-02-26 18:05:46 81920 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\ezpinst.exe

2008-02-27 11:26:42 . 2008-02-26 18:05:46 47360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

.

 

------- Sigcheck -------

 

[-] 2005-08-31 02:13:38 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 C:\WINDOWS\system32\spoolsv.exe

 

[-] 2005-08-31 02:24:22 1548288 9DD429359FE067BA52D00C0DBB9537EE C:\WINDOWS\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45:32 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 21:50:38 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50:42 155648]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-16 01:34:26 185896]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 03:04:34 39792]

"QuickTime Task"="C:\Arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 18:18:48 413696]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-14 05:31:54 7630848]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08:45 81000]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 08:19:17 148888]

"VTTimer"="VTTimer.exe" - C:\WINDOWS\system32\VTTimer.exe [2003-05-07 19:32:36 36864]

"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2007-02-14 05:32:00 1519616]

"NvMediaCenter"="NvMCTray.dll" - C:\WINDOWS\system32\nvmctray.dll [2007-02-14 05:31:56 86016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45:32 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:34:24 44544]

 

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Alienware Dock.lnk - C:\Arquivos de programas\AlienGUIse\AlienwareDock\ObjectDock.exe [2009-4-20 2074360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-21 02:34:52 24576 ----a-w C:\Arquivos de programas\AlienGUIse\fastload.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R3 112223333;112223333; [x]

R3 CrystalSysInfo;CrystalSysInfo; [x]

R3 ddsxeiservice;ddsxeiservice2;C:\Arquivos de programas\sXe Injected\ddsxei.sys [2009-03-27 06:53:16 50560]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Administrador\Meus documentos\besteiras\_www.thegenius.us_Everest_UE_4.20.1183_beta.Reg.Multi-Idiomas_by.Dreamer\kerneld.wnt [2007-10-14 07:44:12 22640]

R3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des [2009-02-17 00:39:00 2736890]

R3 PciCon;PciCon; [x]

R3 WallHack;WallHack; [x]

S1 aswSP;avast! Self Protection; [x]

S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-25 03:19:28 141312]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 22:07:12 20560]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{162ef53a-955d-11dd-8f57-000d87d45f47}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B879631-9B54-616A-BDB7-0FEAEB563C16}]

C:\WINDOWS\system32\mstwain32.exe s

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34:12 . 2008-07-30 14:34:12]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-Cmaudio - cmicnfg.cpl

Notify-WgaLogon - (no file)

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.entretieneteds.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\010v7k8j.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - plugin: C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

 

OBS: AGORA NAO CONSIGO ABRIR O MSN, QUANDO ELE ABRE O PC TRAVA E SO DESTRAVA RENICIANDO !

Compartilhar este post


Link para o post
Compartilhar em outros sites

Selecione e copie este conteúdo abaixo. Cole-o no bloco de notas de seu PC e salve no desktop como CFScript.txt

 

File::

C:\WINDOWS\system32\mstwain32.exe

C:\Documents and Settings\Administrador\dos.exe

C:\Arquivos de programas\desktop.ini

C:\sqmdata10.sqm

C:\sqmnoopt10.sqm

C:\sqmdata09.sqm

C:\sqmnoopt09.sqm

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{162ef53a-955d-11dd-8f57-000d87d45f47}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B879631-9B54-616A-BDB7-0FEAEB563C16}]

Driver::

112223333

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

 

CFScript.gif

 

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando;

● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;

● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

 

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

hijack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:17:42, on 22/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\securit\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Startup: Scheduler.lnk = C:\Arquivos de programas\3B Software\Common\Scheduler\wcomschd.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204139434593

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 6544 bytes

 

 

combofix

 

 

ComboFix 09-04-23.02 - Administrador 22/04/2009 18:48.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1535.1159 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\securit\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\securit\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrador\Dados de aplicativos\addons.dat

.

---- -------

.

c:\arquivos de programas\ActivationManager

c:\arquivos de programas\ActivationManager\Uninstall.exe

c:\documents and settings\Administrador\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\Administrador\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\documents and settings\Administrador\Dados de aplicativos\addon.dat

c:\documents and settings\Administrador\Dados de aplicativos\addons.dat

c:\windows\config.ini

c:\windows\system32\28463

c:\windows\system32\28463\AKV.exe

c:\windows\system32\28463\KBND.001

c:\windows\system32\28463\KBND.002

c:\windows\system32\28463\KBND.005

c:\windows\system32\28463\KBND.006

c:\windows\system32\28463\KBND.009

c:\windows\update.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_OREANS32

-------\Service_oreans32

-------\Legacy_112223333

-------\Service_112223333

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-03-22 to 2009-04-22 ))))))))))))))))))))))))))))

.

 

2009-04-22 13:19 . 2005-08-31 08:11 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys

2009-04-22 02:37 . 2009-04-22 02:37 2560 ----a-w c:\windows\_MSRSTRT.EXE

2009-04-22 01:10 . 2008-06-14 17:59 272384 ------w c:\windows\system32\drivers\bthport.sys

2009-04-22 01:10 . 2008-06-14 17:59 272384 ------w c:\windows\system32\dllcache\bthport.sys

2009-04-22 01:07 . 2009-03-06 14:46 285696 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-22 01:07 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-22 01:07 . 2005-07-26 04:40 60416 ------w c:\windows\system32\dllcache\colbact.dll

2009-04-22 01:07 . 2009-02-09 10:19 473088 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-22 01:07 . 2009-02-09 10:19 399360 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-22 01:07 . 2009-02-06 16:54 35328 ------w c:\windows\system32\dllcache\sc.exe

2009-04-22 01:07 . 2009-02-09 10:19 683008 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-22 01:07 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-22 01:06 . 2009-02-09 10:19 730624 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-22 01:06 . 2009-02-09 10:19 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-22 00:56 . 2008-05-01 14:32 331776 ------w c:\windows\system32\dllcache\msadce.dll

2009-04-22 00:51 . 2008-04-21 21:27 216064 ------w c:\windows\system32\dllcache\wordpad.exe

2009-04-22 00:28 . 2009-04-22 00:28 -------- d-----w c:\windows\system32\xircom

2009-04-22 00:28 . 2009-04-22 00:28 -------- d-----w c:\windows\system32\oobe

2009-04-21 22:53 . 2009-04-21 22:53 -------- d-----w C:\rsit

2009-04-21 05:50 . 2009-04-21 05:50 5760054 ----a-w c:\windows\ALX_1600x1200.bmp

2009-04-21 05:49 . 2009-04-21 05:49 5760054 ----a-w c:\windows\AW_1600x1200.bmp

2009-04-21 05:47 . 2009-04-21 05:47 3932214 ----a-w c:\windows\InvaderDark1280.bmp

2009-04-21 05:40 . 2009-04-21 05:40 23392 ----a-w c:\windows\system32\nscompat.tlb

2009-04-21 05:40 . 2009-04-21 05:40 16832 ----a-w c:\windows\system32\amcompat.tlb

2009-04-20 18:58 . 2009-04-21 05:50 3932214 ----a-w c:\windows\AW_XenoMorph1280.bmp

2009-04-20 04:43 . 2005-02-01 16:20 5760056 ----a-w c:\windows\Darkstar.bmp

2009-04-20 04:41 . 2003-02-27 01:27 36864 ----a-w c:\windows\system32\wbsys.dll

2009-04-11 04:24 . 2000-04-01 08:35 414272 ----a-w c:\windows\system32\DivXc32f.dll

2009-04-10 20:55 . 2009-04-10 20:55 114 --sha-w c:\documents and settings\desktop.ini

2009-04-10 07:32 . 2009-04-22 14:28 46926 ---ha-w c:\windows\system32\logg.dat

2009-04-10 07:32 . 2009-04-08 00:49 815184 ---h--w c:\windows\system32\mstwain32.exe

2009-04-09 06:20 . 2009-04-09 06:20 -------- d-sh--w c:\documents and settings\Administrador\IECompatCache

2009-04-09 04:50 . 2009-04-09 04:50 -------- d-sh--w c:\documents and settings\Administrador\PrivacIE

2009-04-09 04:47 . 2009-04-09 04:47 -------- d-sh--w c:\documents and settings\Administrador\IETldCache

2009-04-09 04:44 . 2009-04-09 04:44 -------- d-----w c:\windows\ie8updates

2009-04-09 04:39 . 2009-04-09 04:41 -------- dc-h--w c:\windows\ie8

2009-04-09 04:39 . 2009-04-09 04:41 -------- d-----w c:\windows\system32\pt-BR

2009-04-09 03:42 . 2009-04-09 03:42 -------- d-----w c:\documents and settings\Administrador\dwhelper

2009-04-08 21:51 . 2009-04-08 21:51 -------- d-----w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\RapidShare_

2009-03-30 05:20 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll

2009-03-28 05:31 . 2009-03-28 05:31 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\nView_Profiles

2009-03-25 18:14 . 2009-03-25 18:15 1598976 ----a-w C:\SteamInstall.msi

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 21:30 . 2008-02-27 18:05 -------- d-----w c:\arquivos de programas\sXe Injected

2009-04-22 16:51 . 2009-04-22 16:51 -------- d-----w c:\arquivos de programas\Microsoft

2009-04-22 16:51 . 2008-02-27 19:58 -------- d-----w c:\arquivos de programas\Windows Live

2009-04-22 16:51 . 2009-04-22 16:51 -------- d-----w c:\arquivos de programas\Windows Live SkyDrive

2009-04-22 15:26 . 2008-02-27 19:14 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2009-04-22 12:37 . 2001-10-28 11:07 68796 ----a-w c:\windows\system32\perfc016.dat

2009-04-22 12:37 . 2001-10-28 11:07 428054 ----a-w c:\windows\system32\perfh016.dat

2009-04-22 05:58 . 2009-04-22 05:58 -------- d-----w c:\arquivos de programas\MSXML 4.0

2009-04-22 02:38 . 2009-04-20 04:41 -------- d-----w c:\arquivos de programas\AlienGUIse

2009-04-22 02:16 . 2008-02-26 17:43 231144 ----a-w c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

2009-04-22 00:28 . 2009-04-22 00:28 -------- d-----w c:\arquivos de programas\microsoft frontpage

2009-04-21 22:44 . 2009-02-11 22:20 -------- d-----w c:\arquivos de programas\Teamspeak2_RC2

2009-04-21 22:42 . 2009-04-19 03:13 -------- d-----w c:\arquivos de programas\Valve

2009-04-21 08:48 . 2008-02-27 16:02 -------- d-----w c:\arquivos de programas\Winamp

2009-04-18 22:52 . 2009-04-18 22:52 -------- d-----w c:\arquivos de programas\Eidos Interactive

2009-04-11 21:45 . 2008-02-27 19:43 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\Spyware Terminator

2009-04-11 21:45 . 2008-02-27 19:43 -------- d-----w c:\arquivos de programas\Spyware Terminator

2009-04-11 21:41 . 2008-02-27 19:43 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\Spyware Terminator

2009-04-11 00:49 . 2009-02-28 06:30 -------- d-----w c:\documents and settings\Administrador\Dados de aplicativos\mIRC

2009-04-10 20:55 . 2009-04-10 20:46 -------- d-----w c:\arquivos de programas\iColorFolder

2009-04-10 20:55 . 2009-04-10 20:55 114 --sha-w c:\arquivos de programas\desktop.ini

2009-04-10 17:55 . 2009-04-08 23:10 -------- d-----w c:\arquivos de programas\mIRC

2009-04-08 17:04 . 2008-08-16 01:15 -------- d-----w c:\arquivos de programas\Java

2009-03-29 23:17 . 2009-03-17 05:25 -------- d-----w c:\arquivos de programas\Despertador

2009-03-21 15:55 . 2009-03-21 15:55 -------- d-----w c:\arquivos de programas\Arquivos comuns\Windows Live

2009-03-21 14:20 . 2007-04-16 15:53 1025024 ------w c:\windows\system32\DllCache\kernel32.dll

2009-03-20 20:47 . 2008-02-27 18:23 -------- d-----w c:\arquivos de programas\Alwil Software

2009-03-17 18:23 . 2009-01-20 00:44 -------- d-----w c:\arquivos de programas\PokerStars.NET

2009-03-17 05:25 . 2009-03-17 05:25 249856 ------w c:\windows\Setup1.exe

2009-03-17 05:25 . 2008-10-31 20:37 73216 ----a-w c:\windows\ST6UNST.EXE

2009-03-12 03:08 . 2009-03-12 03:08 -------- d-----w c:\arquivos de programas\Robster Productions

2009-03-11 01:18 . 2009-03-11 01:18 969608 ------w c:\windows\system32\DllCache\WgaTray.exe

2009-03-11 01:18 . 2009-03-11 01:18 265096 ------w c:\windows\system32\DllCache\wgaLogon.dll

2009-03-10 23:42 . 2009-03-10 23:42 -------- d-----w c:\documents and settings\All Users\Dados de aplicativos\NVIDIA

2009-03-10 12:07 . 2009-03-10 12:07 268 ---ha-w C:\sqmdata10.sqm

2009-03-10 12:07 . 2009-03-10 12:07 244 ---ha-w C:\sqmnoopt10.sqm

2009-03-10 12:03 . 2009-03-10 12:03 268 ---ha-w C:\sqmdata09.sqm

2009-03-10 12:03 . 2009-03-10 12:03 244 ---ha-w C:\sqmnoopt09.sqm

2009-03-09 08:19 . 2009-01-08 08:26 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 17:09 . 2009-03-08 17:09 638816 ------w c:\windows\system32\DllCache\iexplore.exe

2009-03-08 17:09 . 2009-03-08 17:09 391536 ------w c:\windows\system32\DllCache\iedkcs32.dll

2009-03-08 07:41 . 2007-12-07 14:37 5937152 ----a-w c:\windows\system32\DllCache\mshtml.dll

2009-03-08 07:34 . 2007-12-07 01:07 914944 ----a-w c:\windows\system32\DllCache\wininet.dll

2009-03-08 07:34 . 2005-08-31 02:13 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 07:34 . 2007-12-07 01:07 1206784 ----a-w c:\windows\system32\DllCache\urlmon.dll

2009-03-08 07:34 . 2009-03-08 07:34 236544 ------w c:\windows\system32\DllCache\webcheck.dll

2009-03-08 07:34 . 2009-03-08 07:34 43008 ------w c:\windows\system32\DllCache\licmgr10.dll

2009-03-08 07:34 . 2004-08-03 21:45 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 07:34 . 2009-03-08 07:34 105984 ------w c:\windows\system32\DllCache\url.dll

2009-03-08 07:34 . 2009-03-08 07:34 109568 ------w c:\windows\system32\DllCache\occache.dll

2009-03-08 07:34 . 2007-12-07 01:07 193536 ----a-w c:\windows\system32\DllCache\msrating.dll

2009-03-08 07:33 . 2007-06-26 13:57 759296 ----a-w c:\windows\system32\DllCache\VGX.dll

2009-03-08 07:33 . 2009-03-08 07:33 18944 ------w c:\windows\system32\DllCache\corpol.dll

2009-03-08 07:33 . 2004-08-03 21:45 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 07:33 . 2007-12-07 01:07 25600 ----a-w c:\windows\system32\DllCache\jsproxy.dll

2009-03-08 07:33 . 2009-03-08 07:33 229376 ------w c:\windows\system32\DllCache\ieaksie.dll

2009-03-08 07:33 . 2009-03-08 07:33 125952 ------w c:\windows\system32\DllCache\ieakeng.dll

2009-03-08 07:32 . 2009-03-08 07:32 72704 ------w c:\windows\system32\DllCache\admparse.dll

2009-03-08 07:32 . 2004-08-03 21:45 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 07:32 . 2009-03-08 07:32 173056 ------w c:\windows\system32\DllCache\ie4uinit.exe

2009-03-08 07:32 . 2009-03-08 07:32 163840 ------w c:\windows\system32\DllCache\ieakui.dll

2009-03-08 07:32 . 2009-03-08 07:32 71680 ------w c:\windows\system32\DllCache\iesetup.dll

2009-03-08 07:32 . 2009-03-08 07:32 55808 ------w c:\windows\system32\DllCache\iernonce.dll

2009-03-08 07:32 . 2004-08-03 21:45 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 07:32 . 2009-03-08 07:32 128512 ------w c:\windows\system32\DllCache\advpack.dll

2009-03-08 07:32 . 2007-12-07 01:07 94720 ----a-w c:\windows\system32\DllCache\inseng.dll

2009-03-08 07:32 . 2007-12-07 01:07 611840 ----a-w c:\windows\system32\DllCache\mstime.dll

2009-03-08 07:31 . 2007-12-07 01:07 183808 ----a-w c:\windows\system32\DllCache\iepeers.dll

2009-03-08 07:31 . 2007-12-07 01:07 348160 ----a-w c:\windows\system32\DllCache\dxtmsft.dll

2009-03-08 07:31 . 2009-03-08 07:31 34816 ------w c:\windows\system32\DllCache\imgutil.dll

2009-03-08 07:31 . 2007-12-07 01:07 216064 ----a-w c:\windows\system32\DllCache\dxtrans.dll

2009-03-08 07:31 . 2004-08-03 21:45 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 07:31 . 2007-12-07 01:07 46592 ----a-w c:\windows\system32\DllCache\pngfilt.dll

2009-03-08 07:31 . 2007-12-07 01:07 66560 ----a-w c:\windows\system32\DllCache\mshtmled.dll

2009-03-08 07:31 . 2009-03-08 07:31 48128 ------w c:\windows\system32\DllCache\mshtmler.dll

2009-03-08 07:31 . 2004-08-03 21:44 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 07:31 . 2009-03-08 07:31 45568 ------w c:\windows\system32\DllCache\mshta.exe

2009-03-08 07:31 . 2004-08-03 21:45 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 07:24 . 2009-03-08 07:24 68608 ------w c:\windows\system32\DllCache\hmmapi.dll

2009-03-08 07:22 . 2009-03-08 07:22 156160 ------w c:\windows\system32\DllCache\msls31.dll

2009-03-08 07:22 . 2001-10-28 11:07 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:46 . 2004-08-03 21:45 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-02 18:18 . 2009-03-02 18:18 -------- d-----w c:\arquivos de programas\Gabest

2009-02-28 07:25 . 2009-02-28 07:25 2179 -c--a-w c:\windows\system32\unins000.dat

2009-02-28 07:25 . 2009-02-28 07:25 728858 ----a-w c:\windows\system32\unins000.exe

2009-02-28 07:23 . 2009-02-28 07:23 -------- d-----w c:\arquivos de programas\Windows Media Connect 2

2009-02-09 14:17 . 2007-03-08 15:33 1846400 ------w c:\windows\system32\DllCache\win32k.sys

2009-02-09 14:17 . 2005-08-31 02:12 1846400 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:50 . 2007-02-28 16:02 2019840 ------w c:\windows\system32\DllCache\ntkrpamp.exe

2009-02-09 11:50 . 2007-02-28 16:02 2061952 ------w c:\windows\system32\DllCache\ntkrnlpa.exe

2009-02-09 11:50 . 2005-08-31 05:11 2061952 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:50 . 2007-02-28 16:02 2184704 ------w c:\windows\system32\DllCache\ntoskrnl.exe

2009-02-09 11:50 . 2005-08-31 02:12 2184704 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:50 . 2007-02-28 16:02 2140160 ------w c:\windows\system32\DllCache\ntkrnlmp.exe

2009-02-09 10:19 . 2007-11-07 09:28 726016 ------w c:\windows\system32\DllCache\lsasrv.dll

2009-02-09 10:19 . 2005-08-31 02:13 399360 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:19 . 2005-08-31 02:12 726016 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:19 . 2004-08-03 21:45 683008 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:19 . 2004-08-03 21:45 730624 ----a-w c:\windows\system32\ntdll.dll

2009-02-09 10:08 . 2004-08-03 21:45 111104 ----a-w c:\windows\system32\services.exe

.

 

------- Sigcheck -------

 

[-] 2005-08-31 02:13 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\system32\spoolsv.exe

 

[-] 2005-08-31 02:24 1548288 9DD429359FE067BA52D00C0DBB9537EE c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-04-22_00.30.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-30 19:45 . 2008-09-30 19:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

+ 2009-04-22 21:54 . 2009-04-22 21:54 16384 c:\windows\Temp\Perflib_Perfdata_48c.dat

+ 2009-04-22 21:55 . 2009-04-22 21:55 16384 c:\windows\Temp\Perflib_Perfdata_268.dat

+ 2008-02-27 19:13 . 2008-10-16 17:09 43544 c:\windows\system32\wups2.dll

+ 2008-02-26 16:56 . 2008-10-16 17:08 34328 c:\windows\system32\wups.dll

+ 2008-02-26 16:56 . 2008-10-16 17:09 51224 c:\windows\system32\wuauclt.exe

+ 2007-11-13 11:31 . 2008-10-22 09:47 62976 c:\windows\system32\tzchange.exe

+ 2009-04-22 00:41 . 2008-10-16 17:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll

+ 2009-04-22 00:41 . 2008-10-16 17:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2004-08-03 21:45 . 2009-02-03 20:10 55808 c:\windows\system32\secur32.dll

- 2004-08-03 21:45 . 2004-08-03 21:45 55808 c:\windows\system32\secur32.dll

+ 2001-10-28 11:07 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe

+ 2001-10-28 11:07 . 2009-04-22 12:37 60248 c:\windows\system32\perfc009.dat

+ 2008-02-26 16:53 . 2008-06-12 14:18 91648 c:\windows\system32\mtxoci.dll

- 2004-08-03 21:45 . 2006-03-01 19:44 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-03 21:45 . 2008-06-12 14:18 66560 c:\windows\system32\mtxclu.dll

+ 2008-02-26 16:53 . 2008-06-12 14:18 58880 c:\windows\system32\msdtclog.dll

- 2008-02-26 16:53 . 2004-08-03 21:45 58880 c:\windows\system32\msdtclog.dll

+ 2005-08-31 02:14 . 2008-06-24 16:24 74240 c:\windows\system32\mscms.dll

+ 2009-02-03 20:10 . 2009-02-03 20:10 55808 c:\windows\system32\DllCache\secur32.dll

+ 2008-06-12 14:18 . 2008-06-12 14:18 91648 c:\windows\system32\DllCache\mtxoci.dll

+ 2008-06-12 14:18 . 2008-06-12 14:18 66560 c:\windows\system32\DllCache\mtxclu.dll

+ 2008-06-12 14:18 . 2008-06-12 14:18 58880 c:\windows\system32\DllCache\msdtclog.dll

+ 2008-06-24 16:24 . 2008-06-24 16:24 74240 c:\windows\system32\DllCache\mscms.dll

+ 2005-09-03 08:55 . 2008-10-16 17:09 92696 c:\windows\system32\cdm.dll

+ 2004-07-15 03:34 . 2004-07-15 03:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_PerfCounter.dll

+ 2003-02-20 22:09 . 2003-02-20 22:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorsn.dll

+ 2004-07-15 03:32 . 2004-07-15 03:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_CORPerfMonExt.dll

+ 2007-01-15 19:11 . 2007-01-15 19:11 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

- 2003-02-20 22:09 . 2003-02-20 22:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2007-04-13 23:58 . 2007-04-13 23:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2007-04-13 23:57 . 2007-04-13 23:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2003-02-20 22:09 . 2003-02-20 22:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2007-04-13 23:57 . 2007-04-13 23:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2004-07-15 03:32 . 2004-07-15 03:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2007-04-14 00:30 . 2007-04-14 00:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2004-07-15 04:49 . 2004-07-15 04:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2009-04-21 23:41 . 2009-04-21 23:41 80395 c:\windows\Installer\{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}\MsblIco.Exe

+ 2009-04-22 16:51 . 2009-04-22 16:51 80395 c:\windows\Installer\{C8DD4EAD-674B-461B-94D5-4C80CCFB8401}\MsblIco.Exe

- 2008-02-26 18:23 . 2008-02-28 05:03 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 23040 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 61440 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 27136 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 11264 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 86016 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 12288 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2009-03-29 23:50 . 2009-03-29 23:50 29926 c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

+ 2009-03-29 23:50 . 2009-04-22 15:33 29926 c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

+ 2009-04-22 05:58 . 2009-04-22 05:58 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

+ 2009-04-22 16:50 . 2009-04-22 16:50 62304 c:\windows\Installer\{32BC546A-8AA3-4239-AE92-9CF3291C35A6}\IconWlc.exe

- 2009-04-21 23:40 . 2009-04-21 23:40 62304 c:\windows\Installer\{32BC546A-8AA3-4239-AE92-9CF3291C35A6}\IconWlc.exe

+ 2009-04-22 06:02 . 2009-04-22 06:02 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1f33fea2\System.Drawing.Design.dll

+ 2009-04-22 06:02 . 2009-04-22 06:02 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_abe41f72\CustomMarshalers.dll

- 2005-09-23 09:29 . 2005-09-23 09:29 6144 c:\windows\system32\mui\0409\mscorees.dll

+ 2006-12-22 16:02 . 2006-12-22 16:02 6144 c:\windows\system32\mui\0409\mscorees.dll

- 2008-02-26 18:23 . 2008-02-28 05:03 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 4096 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2009-04-22 02:37 . 2009-04-22 02:37 2560 c:\windows\_MSRSTRT.EXE

+ 2005-08-31 02:12 . 2008-02-17 07:33 360448 c:\windows\system32\xpsp3res.dll

+ 2008-02-26 16:56 . 2008-10-16 17:13 202776 c:\windows\system32\wuweb.dll

+ 2008-02-26 16:56 . 2008-10-16 17:12 323608 c:\windows\system32\wucltui.dll

+ 2008-02-26 16:56 . 2008-10-16 17:12 561688 c:\windows\system32\wuapi.dll

+ 2005-08-31 02:35 . 2008-06-18 08:03 938496 c:\windows\system32\WMNetmgr.dll

+ 2005-08-31 02:35 . 2007-10-25 12:28 222720 c:\windows\system32\wmasf.dll

+ 2005-09-03 08:55 . 2008-12-16 12:50 351232 c:\windows\system32\winhttp.dll

+ 2009-03-11 01:18 . 2009-03-11 01:18 969608 c:\windows\system32\WgaTray.exe

+ 2009-03-11 01:18 . 2009-03-11 01:18 265096 c:\windows\system32\WgaLogon.dll

+ 2008-02-26 16:53 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2008-02-26 16:53 . 2009-02-09 10:19 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2008-02-26 16:53 . 2009-02-09 10:19 473088 c:\windows\system32\wbem\fastprox.dll

+ 2004-08-03 21:45 . 2007-12-18 14:42 417792 c:\windows\system32\vbscript.dll

+ 2004-08-03 21:45 . 2008-10-03 10:16 247326 c:\windows\system32\strmdll.dll

+ 2004-08-03 21:45 . 2008-12-05 07:13 144896 c:\windows\system32\schannel.dll

- 2004-08-03 21:45 . 2007-04-25 14:22 144896 c:\windows\system32\schannel.dll

+ 2001-10-28 11:07 . 2009-04-22 12:37 394914 c:\windows\system32\perfh009.dat

+ 2004-08-03 21:45 . 2008-10-15 16:59 332800 c:\windows\system32\netapi32.dll

+ 2005-09-05 14:23 . 2008-10-16 17:06 208744 c:\windows\system32\muweb.dll

+ 2008-02-27 20:18 . 2008-10-16 17:06 268648 c:\windows\system32\mucltui.dll

+ 2004-08-03 21:45 . 2008-06-20 17:41 247808 c:\windows\system32\mswsock.dll

- 2004-08-03 21:45 . 2004-08-03 21:45 247808 c:\windows\system32\mswsock.dll

+ 2005-08-31 02:35 . 2006-12-04 19:21 414720 c:\windows\system32\msscp.dll

+ 2008-02-26 16:53 . 2008-06-12 14:18 161792 c:\windows\system32\msdtcuiu.dll

+ 2008-02-26 16:53 . 2008-06-12 14:18 956928 c:\windows\system32\msdtctm.dll

+ 2008-02-26 16:53 . 2008-06-12 14:18 428032 c:\windows\system32\msdtcprx.dll

+ 2006-12-22 15:28 . 2006-12-22 15:28 271360 c:\windows\system32\mscoree.dll

- 2005-08-31 02:35 . 2006-10-18 23:03 100864 c:\windows\system32\logagent.exe

+ 2005-08-31 02:35 . 2008-06-18 04:09 100864 c:\windows\system32\logagent.exe

+ 2004-08-03 21:45 . 2007-12-18 14:42 450560 c:\windows\system32\jscript.dll

+ 2008-02-26 16:55 . 2008-04-11 18:51 683520 c:\windows\system32\inetcomm.dll

- 2008-02-26 16:55 . 2007-08-21 06:17 683520 c:\windows\system32\inetcomm.dll

+ 2004-08-03 21:45 . 2008-10-23 13:00 283648 c:\windows\system32\gdi32.dll

+ 2008-02-26 13:37 . 2009-04-22 12:31 676840 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-03 21:45 . 2008-07-07 20:31 253952 c:\windows\system32\es.dll

+ 2004-08-03 20:07 . 2008-06-20 09:52 225920 c:\windows\system32\drivers\tcpip6.sys

+ 2005-08-31 02:14 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys

+ 2005-08-31 02:13 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys

+ 2001-10-28 11:07 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys

+ 2005-08-31 02:12 . 2008-10-24 11:10 453632 c:\windows\system32\drivers\mrxsmb.sys

+ 2004-08-03 20:14 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys

+ 2004-08-03 21:45 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll

+ 2008-06-18 08:03 . 2008-06-18 08:03 938496 c:\windows\system32\DllCache\WMNetmgr.dll

+ 2007-10-25 12:28 . 2007-10-25 12:28 222720 c:\windows\system32\DllCache\wmasf.dll

+ 2008-12-16 12:50 . 2008-12-16 12:50 351232 c:\windows\system32\DllCache\winhttp.dll

+ 2009-03-08 07:33 . 2007-12-18 14:42 417792 c:\windows\system32\DllCache\vbscript.dll

+ 2006-08-16 09:37 . 2008-06-20 09:52 225920 c:\windows\system32\DllCache\tcpip6.sys

+ 2007-10-30 17:20 . 2008-06-20 10:45 360320 c:\windows\system32\DllCache\tcpip.sys

+ 2006-08-24 16:20 . 2008-10-03 10:16 247326 c:\windows\system32\DllCache\strmdll.dll

+ 2006-08-14 10:34 . 2008-12-11 11:57 333184 c:\windows\system32\DllCache\srv.sys

- 2007-04-25 14:22 . 2007-04-25 14:22 144896 c:\windows\system32\DllCache\schannel.dll

+ 2007-04-25 14:22 . 2008-12-05 07:13 144896 c:\windows\system32\DllCache\schannel.dll

+ 2006-07-13 08:48 . 2008-05-08 12:28 202752 c:\windows\system32\DllCache\rmcast.sys

+ 2006-08-17 12:28 . 2008-10-15 16:59 332800 c:\windows\system32\DllCache\netapi32.dll

+ 2008-06-20 17:41 . 2008-06-20 17:41 247808 c:\windows\system32\DllCache\mswsock.dll

+ 2008-06-12 14:18 . 2008-06-12 14:18 161792 c:\windows\system32\DllCache\msdtcuiu.dll

+ 2008-06-12 14:18 . 2008-06-12 14:18 956928 c:\windows\system32\DllCache\msdtctm.dll

+ 2008-06-12 14:18 . 2008-06-12 14:18 428032 c:\windows\system32\DllCache\msdtcprx.dll

+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\system32\DllCache\mrxsmb.sys

+ 2008-06-18 04:09 . 2008-06-18 04:09 100864 c:\windows\system32\DllCache\logagent.exe

+ 2006-05-18 05:36 . 2007-12-18 14:42 450560 c:\windows\system32\DllCache\jscript.dll

+ 2007-08-21 06:17 . 2008-04-11 18:51 683520 c:\windows\system32\DllCache\inetcomm.dll

- 2007-08-21 06:17 . 2007-08-21 06:17 683520 c:\windows\system32\DllCache\inetcomm.dll

+ 2007-03-08 15:36 . 2008-10-23 13:00 283648 c:\windows\system32\DllCache\gdi32.dll

+ 2008-07-07 20:31 . 2008-07-07 20:31 253952 c:\windows\system32\DllCache\es.dll

+ 2006-06-26 17:41 . 2008-06-20 17:41 148992 c:\windows\system32\DllCache\dnsapi.dll

+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\DllCache\afd.sys

+ 2003-02-21 07:42 . 2003-02-21 07:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_msvcr71.dll

+ 2004-07-15 03:25 . 2004-07-15 03:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorjit.dll

+ 2004-07-15 03:24 . 2004-07-15 03:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_fusion.dll

+ 2004-07-15 04:49 . 2004-07-15 04:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_aspnet_isapi.dll

+ 2007-04-13 23:58 . 2007-04-13 23:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2004-07-15 03:33 . 2004-07-15 03:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2004-07-15 03:25 . 2004-07-15 03:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2007-04-13 23:56 . 2007-04-13 23:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2004-07-15 04:49 . 2004-07-15 04:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2007-04-14 00:30 . 2007-04-14 00:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2008-02-26 18:23 . 2008-02-28 05:03 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 409600 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 286720 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 249856 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 794624 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 135168 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-02-26 18:23 . 2009-04-22 06:05 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-02-26 18:23 . 2008-02-28 05:03 593920 c:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2006-05-05 09:41 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2009-04-22 01:10 . 2008-06-14 17:59 272384 c:\windows\Driver Cache\i386\bthport.sys

+ 2009-04-22 06:03 . 2009-04-22 06:03 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_64e189e9\System.Drawing.dll

+ 2009-04-22 01:05 . 2008-04-15 17:59 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

+ 2008-09-30 19:42 . 2008-09-30 19:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-02-26 16:56 . 2008-10-16 17:13 1809944 c:\windows\system32\wuaueng.dll

+ 2005-08-31 02:35 . 2008-06-18 08:03 2458112 c:\windows\system32\WMVCore.dll

+ 2005-08-31 02:35 . 2007-04-30 11:20 5537792 c:\windows\system32\wmp.dll

- 2005-08-31 02:13 . 2007-10-25 16:57 8484352 c:\windows\system32\shell32.dll

+ 2005-08-31 02:13 . 2008-07-03 13:15 8484352 c:\windows\system32\shell32.dll

- 2004-08-03 21:45 . 2007-10-29 22:44 1292288 c:\windows\system32\quartz.dll

+ 2004-08-03 21:45 . 2008-12-20 22:43 1292288 c:\windows\system32\quartz.dll

+ 2008-09-30 19:43 . 2008-09-30 19:43 1286152 c:\windows\system32\msxml4.dll

+ 2004-08-03 21:45 . 2008-09-04 16:45 1106944 c:\windows\system32\msxml3.dll

+ 2008-02-26 13:37 . 2009-03-11 01:18 1482112 c:\windows\system32\LegitCheckControl.dll

+ 2004-08-03 21:45 . 2009-03-21 14:20 1025024 c:\windows\system32\kernel32.dll

+ 2008-06-18 08:03 . 2008-06-18 08:03 2458112 c:\windows\system32\DllCache\WMVCore.dll

- 2006-12-19 21:50 . 2007-10-25 16:57 8484352 c:\windows\system32\DllCache\shell32.dll

+ 2006-12-19 21:50 . 2008-07-03 13:15 8484352 c:\windows\system32\DllCache\shell32.dll

+ 2007-10-29 22:44 . 2008-12-20 22:43 1292288 c:\windows\system32\DllCache\quartz.dll

- 2007-10-29 22:44 . 2007-10-29 22:44 1292288 c:\windows\system32\DllCache\quartz.dll

+ 2007-06-26 06:10 . 2008-09-04 16:45 1106944 c:\windows\system32\DllCache\msxml3.dll

+ 2007-04-14 00:35 . 2007-04-14 00:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2007-04-14 00:35 . 2007-04-14 00:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2004-07-15 03:28 . 2004-07-15 03:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorwks.dll

+ 2004-07-15 03:26 . 2004-07-15 03:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorsvr.dll

+ 2004-07-15 17:29 . 2004-07-15 17:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorlib.dll

+ 2007-04-13 23:57 . 2007-04-13 23:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2007-04-13 23:57 . 2007-04-13 23:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2007-04-13 23:50 . 2007-04-13 23:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2007-02-28 16:02 . 2009-02-09 11:50 2184704 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2007-02-28 16:02 . 2007-02-28 16:02 2019840 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2007-02-28 16:02 . 2009-02-09 11:50 2019840 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2007-02-28 16:02 . 2009-02-09 11:50 2061952 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2007-02-28 16:02 . 2009-02-09 11:50 2140160 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2007-02-28 16:02 . 2007-02-28 16:02 2140160 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-04-22 06:02 . 2009-04-22 06:02 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_37ac34de\System.dll

+ 2009-04-22 06:03 . 2009-04-22 06:03 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_d62eb081\System.Xml.dll

+ 2009-04-22 06:03 . 2009-04-22 06:03 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4ac63285\System.Windows.Forms.dll

+ 2009-04-22 06:03 . 2009-04-22 06:03 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_4eb2d5b5\System.Design.dll

+ 2009-04-22 06:03 . 2009-04-22 06:03 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_bd9be9ee\mscorlib.dll

+ 2009-04-22 06:02 . 2009-04-22 06:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2009-04-22 06:02 . 2009-04-22 06:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-08-16 185896]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-01-05 413696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7630848]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-05-07 36864]

"Cmaudio"="cmicnfg.cpl" [bU]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-14 1519616]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2007-02-14 86016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R3 CrystalSysInfo;CrystalSysInfo; [x]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Administrador\Meus documentos\besteiras\_www.thegenius.us_Everest_UE_4.20.1183_beta.Reg.Multi-Idiomas_by.Dreamer\kerneld.wnt [2007-10-14 22640]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2736890]

R3 PciCon;PciCon; [x]

R3 WallHack;WallHack; [x]

S1 aswSP;avast! Self Protection; [x]

S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-25 141312]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 14:34]

.

.

------- Scan Suplementar -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\010v7k8j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - plugin: c:\documents and settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 18:56

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]

"ImagePath"="\??\c:\documents and settings\Administrador\Meus documentos\besteiras\_www.thegenius.us_Everest_UE_4.20.1183_beta.Reg.Multi-Idiomas_by.Dreamer\kerneld.wnt"

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-515967899-492894223-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,0c,c3,70,a9,de,33,4f,b4,48,87,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,0c,c3,70,a9,de,33,4f,b4,48,87,\

 

[HKEY_USERS\S-1-5-21-515967899-492894223-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

 

[HKEY_USERS\S-1-5-21-515967899-492894223-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD7ED1B0-CAFE-AEBB-34AE-53B4B0E75861}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ialejgocgjejdnecik"=hex:6a,61,67,6e,69,64,6f,6d,6c,6a,65,6d,6b,6c,6e,6f,69,63,

68,67,00,00

"hafegnkjchobdkkd"=hex:6a,61,67,6e,6c,64,70,6f,68,70,65,6f,65,6a,61,67,67,69,

64,64,00,ff

"iahpmpmpgehoicalio"=hex:63,61,6b,6e,65,65,00,7c

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(1596)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\Spyware Terminator\sp_rsser.exe

c:\windows\system32\rundll32.exe

c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-04-22 19:03 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-04-22 22:02

 

Pré-execução: 4.678.287.360 bytes disponíveis

Pós execução: 4.744.888.320 bytes disponíveis

 

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4

512 --- E O F --- 2009-04-22 06:07

 

 

Meu pc ja esta seguro pra entrar em jogos com senhas ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Olá lu4nlins!

 

A administração pediu para prosseguir com o seu tópico, por causa do tempo sem respostas.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.