Devas 0 Denunciar post Postado Setembro 1, 2009 Meu PC estava com o Avast Instalado e troquei pelo Avira. Logo após (coincidencia ou naum) meu pc ficou hiper lento... e agora nem mesmo o msn esta abrindo. Segue análise do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:22:48, on 31/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Vtune\TBPanel.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Arquivos de programas\uTorrent\uTorrent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\adminPlanet\Meus documentos\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.flogao.com.br/planetarioslanhouse R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=meus+locais+de+rede&srch=3&prov=&utf8 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tcvnc] "C:\Timer Café\tcvnc.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Gainward] C:\Arquivos de programas\Vtune\TBPanel.exe /A O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Timer Café] "C:\Timer Café\TIMERCAFE.EXE" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = planetarios.lan O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca1e6c43571162) (gupdate1ca1e6c43571162) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13829 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 2, 2009 Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. • Poste-o na sua próxima resposta juntamente com um novo log do hijackThis. Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente. Compartilhar este post Link para o post Compartilhar em outros sites
Devas 0 Denunciar post Postado Setembro 2, 2009 Log do MalwareBytes .. Malwarebytes' Anti-Malware 1.40 Versão do banco de dados: 2728 Windows 5.1.2600 Service Pack 3 2/9/2009 12:20:19 mbam-log-2009-09-02 (12-20-19).txt Tipo de Verificação: Completa (C:\|D:\|E:\|) Objetos verificados: 398267 Tempo decorrido: 2 hour(s), 36 minute(s), 7 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 0 Ítens do Registro infectados: 6 Pastas infectadas: 0 Arquivos infectados: 0 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive (Hijack.DriveView) -> Bad: (67108863) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: (Nenhum ítem malicioso foi detectado) ----------------------------------------------------------- Novo Log do Hijackthis .. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:22:27, on 2/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Vtune\TBPanel.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\adminPlanet\Meus documentos\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.flogao.com.br/planetarioslanhouse R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=meus+locais+de+rede&srch=3&prov=&utf8 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [tcvnc] "C:\Timer Café\tcvnc.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Gainward] C:\Arquivos de programas\Vtune\TBPanel.exe /A O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Timer Café] "C:\Timer Café\TIMERCAFE.EXE" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = planetarios.lan O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca1e6c43571162) (gupdate1ca1e6c43571162) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13577 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 2, 2009 Faça o download do ComboFix de um destes locais: Link 1. Link 2. Link 3. Importante! Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança. Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado. Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional. Certifique-se de que você salvou ComboFix.exe para o seu desktop. • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Dê um duplo clique no ComboFix.exe & siga as instruções. • Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware. • Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console. -- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos. Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem: Clique em Sim, para continuar a varredura de malware. Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
Devas 0 Denunciar post Postado Setembro 6, 2009 ComboFix 09-09-05.02 - adminPlanet 05/09/2009 22:50.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1520 [GMT -3:00] Executando de: c:\documents and settings\adminPlanet\Meus documentos\Downloads\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Cache c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))) . 2009-09-03 12:48 . 2009-09-03 12:48 -------- d-----w- c:\arquivos de programas\GsmServer 2009-09-02 01:24 . 2009-09-02 01:24 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Malwarebytes 2009-09-01 02:18 . 2009-09-01 02:30 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\uTorrent 2009-09-01 02:18 . 2009-09-01 02:18 -------- d-sh--w- c:\documents and settings\adminPlanet\IETldCache 2009-09-01 02:10 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-09-01 02:10 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-09-01 02:10 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-09-01 02:10 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-09-01 02:10 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-09-01 02:10 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-09-01 02:10 . 2009-09-01 02:10 -------- d-----w- c:\windows\ie8updates 2009-09-01 02:09 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-09-01 02:09 . 2009-07-19 21:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-01 02:09 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-01 02:09 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-01 02:09 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-09-01 02:09 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-01 02:07 . 2009-09-01 02:09 -------- dc-h--w- c:\windows\ie8 2009-08-30 22:21 . 2009-09-01 02:17 -------- d-----w- c:\windows\system32\pt-br 2009-08-30 22:21 . 2009-08-30 22:21 -------- d-----w- c:\windows\l2schemas 2009-08-30 22:21 . 2009-08-30 22:21 -------- d-----w- c:\windows\system32\bits 2009-08-30 21:57 . 2009-08-30 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion 2009-08-30 18:26 . 2009-08-30 18:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-08-30 18:26 . 2009-08-30 18:30 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-30 18:26 . 2009-08-30 18:30 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-30 18:23 . 2009-08-30 18:23 1582 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-08-30 18:22 . 2009-08-30 18:22 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Leadertech 2009-08-30 13:06 . 2009-08-30 13:06 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-30 13:06 . 2009-08-30 13:06 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-08-30 13:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-30 13:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-30 13:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-30 13:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-30 13:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-30 13:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-30 13:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-30 12:50 . 2009-08-30 12:50 -------- d-s---w- c:\documents and settings\adminPlanet\UserData 2009-08-29 22:58 . 2009-08-29 22:58 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\BrOffice.org 2009-08-29 18:50 . 2009-08-29 18:50 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\DAEMON Tools Lite 2009-08-29 18:50 . 2009-08-29 18:50 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Nero 2009-08-29 18:25 . 2009-08-30 23:22 -------- d-----w- c:\documents and settings\adminPlanet\Tracing 2009-08-29 02:12 . 2009-08-29 02:12 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-08-29 02:10 . 2009-08-29 02:10 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2009-08-29 02:07 . 2009-08-29 02:07 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-29 02:07 . 2009-08-29 02:07 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Corel 2009-08-29 02:04 . 2009-05-21 18:48 268288 -c----w- c:\windows\system32\dllcache\httpext.dll 2009-08-29 02:00 . 2009-08-29 02:00 -------- d-----w- c:\arquivos de programas\Yahoo! 2009-08-29 02:00 . 2009-08-29 02:01 -------- d-----w- c:\arquivos de programas\CCleaner 2009-08-29 01:54 . 2009-08-29 01:54 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Apple Computer 2009-08-29 01:52 . 2009-08-29 01:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2009-08-29 01:52 . 2009-08-29 01:52 -------- d-----w- c:\arquivos de programas\Apple Software Update 2009-08-29 01:52 . 2009-08-29 01:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-08-29 01:39 . 2009-08-29 01:39 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\DivX 2009-08-29 00:53 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll 2009-08-29 00:52 . 2008-04-14 02:20 68608 ----a-w- c:\windows\system32\iisext.dll 2009-08-29 00:50 . 2009-08-29 00:54 -------- d-----w- C:\Inetpub 2009-08-24 01:37 . 2009-08-30 18:27 -------- d-----w- c:\arquivos de programas\GameVicio 2009-08-24 01:25 . 2009-08-29 19:21 -------- d-----w- c:\arquivos de programas\EA GAMES 2009-08-24 01:20 . 2009-08-24 01:20 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\DAEMON Tools Pro 2009-08-24 01:19 . 2009-08-24 01:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-08-24 01:18 . 2009-08-24 01:19 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar 2009-08-24 01:18 . 2009-08-25 01:13 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite 2009-08-24 01:13 . 2009-08-24 01:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-24 01:13 . 2009-08-24 01:19 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\DAEMON Tools Lite 2009-08-23 21:08 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-23 21:08 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-23 21:08 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-23 21:08 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-23 21:08 . 2009-08-23 21:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-08-23 21:08 . 2009-08-23 21:08 -------- d-----w- c:\arquivos de programas\Avira 2009-08-23 19:57 . 2009-08-23 19:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield 2009-08-23 19:54 . 2009-08-23 19:54 -------- d-----w- c:\arquivos de programas\Corel 2009-08-23 19:54 . 2009-08-23 19:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel 2009-08-23 19:48 . 1997-11-19 18:49 303616 ----a-w- c:\windows\IsUninst.exe 2009-08-23 19:48 . 2009-08-23 19:48 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\WINDOWS 2009-08-23 19:40 . 2009-08-23 19:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2009-08-23 19:39 . 2009-08-23 19:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real 2009-08-23 19:39 . 2009-08-23 19:39 -------- d-----w- c:\arquivos de programas\Real 2009-08-22 23:54 . 2009-08-22 23:54 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Malwarebytes 2009-08-22 23:54 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-22 23:54 . 2009-08-22 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-08-22 23:54 . 2009-08-22 23:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-08-22 23:54 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 13:07 . 2009-08-20 13:07 -------- d-----w- c:\arquivos de programas\GNU 2009-08-20 13:01 . 2009-08-20 13:02 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Media Player Classic 2009-08-20 12:57 . 2009-08-20 12:57 -------- d-----w- c:\arquivos de programas\XP Codec Pack 2009-08-20 02:10 . 2009-08-20 02:10 1025 ----a-w- c:\windows\system32\sysprs7.dll 2009-08-20 02:10 . 2009-08-20 02:10 1025 ----a-w- c:\windows\system32\clauth2.dll 2009-08-20 02:10 . 2009-08-20 02:10 1025 ----a-w- c:\windows\system32\clauth1.dll 2009-08-20 02:10 . 2009-08-20 02:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Minnetonka Audio Software 2009-08-18 19:54 . 2009-08-18 19:54 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Ulead Systems 2009-08-18 15:38 . 2009-08-18 15:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SONY Digital Images 2009-08-18 15:37 . 2009-08-18 15:37 -------- d-----w- c:\arquivos de programas\Ulead Systems 2009-08-18 15:37 . 2009-08-18 15:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ulead Systems 2009-08-18 15:37 . 2009-08-18 19:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems 2009-08-18 02:53 . 2009-08-18 02:53 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\BrOffice.org 2009-08-18 01:46 . 2003-03-16 03:15 90112 ----a-w- c:\windows\unvise32.exe 2009-08-18 01:43 . 2009-08-18 01:43 -------- d-----w- c:\arquivos de programas\Pinnacle 2009-08-17 17:24 . 2009-08-17 17:24 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center 2009-08-17 00:35 . 2009-08-17 00:35 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Thinstall 2009-08-16 22:33 . 2009-08-16 22:33 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Nero 2009-08-16 22:30 . 2009-08-16 22:30 -------- d-----w- c:\arquivos de programas\Nero 2009-08-16 22:30 . 2009-08-16 22:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero 2009-08-16 22:30 . 2009-08-16 22:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-08-16 22:22 . 2009-08-16 22:22 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector 2009-08-16 22:18 . 2009-08-16 22:18 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-08-16 20:50 . 2009-08-16 20:50 -------- d-----w- c:\windows\system32\%commonprogramfiles% 2009-08-16 18:13 . 2007-05-16 19:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-08-16 18:13 . 2007-04-04 21:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2009-08-16 18:13 . 2007-03-15 19:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2009-08-16 18:13 . 2007-03-12 19:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2009-08-16 18:13 . 2007-03-12 19:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2009-08-16 18:01 . 2009-08-16 18:01 -------- d-----w- c:\windows\Logs 2009-08-16 12:39 . 2009-08-16 12:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems 2009-08-16 12:35 . 2009-08-16 12:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared 2009-08-16 12:26 . 2009-08-16 12:39 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\DivX 2009-08-16 12:23 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll 2009-08-16 12:22 . 2009-08-16 12:24 -------- d-----w- c:\arquivos de programas\Google 2009-08-16 12:22 . 2009-08-16 12:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared 2009-08-16 12:22 . 2009-08-16 12:23 -------- d-----w- c:\arquivos de programas\DivX 2009-08-16 05:50 . 2004-08-04 03:36 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys 2009-08-16 02:18 . 2009-09-01 02:20 -------- d-----w- c:\arquivos de programas\uTorrent 2009-08-16 02:17 . 2009-08-18 04:03 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\uTorrent 2009-08-15 23:12 . 2009-08-16 21:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS 2009-08-15 20:57 . 2009-08-15 20:57 -------- d-----w- c:\windows\system32\NtmsData . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-30 22:37 . 2001-10-28 12:07 524080 ----a-w- c:\windows\system32\perfh016.dat 2009-08-30 22:37 . 2001-10-28 12:07 100814 ----a-w- c:\windows\system32\perfc016.dat 2009-08-23 19:57 . 2009-07-18 21:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield 2009-08-23 19:08 . 2009-07-26 16:40 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2009-08-18 15:37 . 2009-07-18 21:38 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-08-16 22:22 . 2009-07-26 16:26 -------- d-----w- c:\arquivos de programas\Windows Live 2009-08-12 13:20 . 2009-07-26 16:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 22:52 . 2009-07-30 22:52 -------- d-----w- c:\arquivos de programas\TCInternetFilter 2009-07-27 22:44 . 2009-07-27 22:44 -------- d-----w- c:\arquivos de programas\LogMeIn Ignition 2009-07-27 22:20 . 2009-07-27 22:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2009-07-26 16:54 . 2009-07-26 16:54 -------- d-----w- c:\arquivos de programas\Microsoft Works 2009-07-26 16:53 . 2009-07-26 16:53 -------- d-----w- c:\arquivos de programas\MSBuild 2009-07-26 16:28 . 2009-07-26 16:28 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-07-26 16:27 . 2009-07-26 16:27 -------- d-----w- c:\arquivos de programas\Microsoft 2009-07-26 16:26 . 2009-07-26 16:26 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2009-07-26 16:24 . 2009-07-26 16:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live 2009-07-18 22:30 . 2009-07-18 22:30 0 ----a-w- c:\windows\nsreg.dat 2009-07-18 21:47 . 2009-07-18 21:47 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-07-18 21:44 . 2009-07-18 21:44 -------- d-----w- c:\arquivos de programas\BrOffice.org 3 2009-07-18 21:39 . 2009-07-18 21:39 -------- d-----w- c:\arquivos de programas\Realtek 2009-07-18 21:38 . 2009-07-18 21:38 315392 ----a-w- c:\windows\HideWin.exe 2009-07-18 21:35 . 2009-07-18 21:35 -------- d-----w- c:\arquivos de programas\Intel 2009-07-18 21:25 . 2009-07-18 21:25 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2009-07-18 21:23 . 2009-07-18 21:23 -------- d-----w- c:\arquivos de programas\Serviços on-line 2009-07-18 21:22 . 2009-07-18 21:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços 2009-07-18 21:21 . 2009-07-18 21:21 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:59 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-04 03:45 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 03:45 523776 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 03:45 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 03:45 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 03:45 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 03:45 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 03:45 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 03:45 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 03:45 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 03:45 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 03:45 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 11:49 . 2004-08-04 03:45 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 03:45 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 03:45 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 01:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:39 . 2001-10-28 12:06 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 12:21 . 2009-07-18 21:20 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-08-23 185896] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Gainward"="c:\arquivos de programas\Vtune\TBPanel.exe" [2007-04-23 2158592] "Acrobat Assistant 8.0"="c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\adminPlanet.PLANETARIOS\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\adminPlanet\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-8-15 295606] Adobe Acrobat Synchronizer.lnk - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "shell"= c:\windows\Explorer.exe "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) "RestrictRun"= 0 (0x0) "RestrictCpl"= 0 (0x0) "NoExplorerBar"= 0 (0x0) "NoFolders"= 0 (0x0) "NoToolsMenu"= 0 (0x0) "SpecifyDefaultButtons"= 1 (0x1) "NoFileUrl"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) "RestrictRun"= 0 (0x0) "NoAddPrinter"= 1 (0x1) "NoDeletePrinter"= 1 (0x1) "NoPrinterTabs"= 1 (0x1) "RestrictCpl"= 1 (0x1) "NoSetTaskBar"= 1 (0x1) "NoNetworkConnections"= 1 (0x1) "NoStartMenuNetworkPlaces"= 1 (0x1) "SpecifyDefaultButtons"= 1 (0x1) "NoToolsMenu"= 0 (0x0) "NoFileUrl"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5/7/2006 09:46 63352] R1 ndisfad;ndisfad;c:\windows\system32\drivers\ndisfad.sys [9/7/2008 16:01 22784] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [23/8/2009 18:08 108289] R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\arquivos de programas\ASTRA32\astra32.sys [22/2/2007 11:28 30864] S2 gupdate1ca1e6c43571162;Google Update Service (gupdate1ca1e6c43571162);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [16/8/2009 09:22 133104] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Conteúdo da pasta 'Tarefas Agendadas' 2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-08-16 12:22] 2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-08-16 12:22] . - - - - ORFÃOS REMOVIDOS - - - - Toolbar-Locked - (no file) HKCU-Run-Timer Café - c:\timer café\TIMERCAFE.EXE HKLM-Run-tcvnc - c:\timer café\tcvnc.exe . ------- Scan Suplementar ------- . uStart Page = www.flogao.com.br/planetarioslanhouse IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\adminPlanet\Dados de aplicativos\Mozilla\Firefox\Profiles\9cde25k0.default\ FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-05 22:55 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f7,33,1c,8d,d4,05,4a,55,15,d4,8d,c1,27,a8,da,ed,7f,2a,ba,7d,cd, 98,3a,ba,bf,37,f1,4e,6f,f3,26,d2,b4,ee,08,b2,eb,ba,4a,19,8a,19,5f,ac,ba,d6,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f7,33,1c,8d,d4,05,4a,55,15,d4,8d,c1,27,a8,da,ed,7f,2a,ba,7d,cd, 98,3a,ba,bf,37,f1,4e,6f,f3,26,d2,b4,ee,08,b2,eb,ba,4a,19,8a,19,5f,ac,ba,d6,\ . Tempo para conclusão: 2009-09-06 22:57 ComboFix-quarantined-files.txt 2009-09-06 01:57 Pré-execução: 1.799.974.912 bytes disponíveis Pós execução: 2.786.258.944 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 358 --- E O F --- 2009-09-02 06:01 --- Log do HIjackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:41, on 5/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Vtune\TBPanel.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\adminPlanet\Meus documentos\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.flogao.com.br/planetarioslanhouse R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=meus+locais+de+rede&srch=3&prov=&utf8 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Gainward] C:\Arquivos de programas\Vtune\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = planetarios.lan O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca1e6c43571162) (gupdate1ca1e6c43571162) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 12789 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 7, 2009 1º Passo: Selecione e copie o texto dentro do QUOTE. Abra o bloco de notas e coleo que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. File::c:\windows\HideWin.exe Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo: O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente. Será gerado um log, que estará em C:\ComboFix.txt poste ele em sua próxima resposta. 2º Passo: • Baixe: < '>http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/"]Kaspersky Virus Removal Tool > • Salve-o em Arquivos de Programas,e instale-o aí mesmo! • Reinicie o computador,em Modo de Segurança! <-- Importante! • Dê início ao exame,clicando em "Scan". • A verificação é um pouco demorada. Aguarde! • Caso seja encontrada infecções,clique em "disinfect". • Terminando,clique na aba Events. • Desmarque a caixa de seleção "Show all events". • Clique em "Save to file". • Nomeie-o e salve-o no desktop! <-- Relatório para postagem! • Poste,também,HijackThis atualizado. Compartilhar este post Link para o post Compartilhar em outros sites
Devas 0 Denunciar post Postado Setembro 7, 2009 O Link do Kaspersky Virus Removal Tool esta com erro... pode verificar, por favor ? vlw !! ahh.. segue os logs atualizados do hijackthis e do combo fix .. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:03, on 7/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\Vtune\TBPanel.exe C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\adminPlanet\Meus documentos\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15015&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=meus+locais+de+rede&srch=3&prov=&utf8 R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Gainward] C:\Arquivos de programas\Vtune\TBPanel.exe /A O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video - res://C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = planetarios.lan O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca1e6c43571162) (gupdate1ca1e6c43571162) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13477 bytes ------------------------------------------------------------------------- ComboFix 09-09-06.06 - adminPlanet 07/09/2009 16:00.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2047.1513 [GMT -3:00] Executando de: c:\documents and settings\adminPlanet\Meus documentos\Downloads\ComboFix.exe Comandos utilizados :: c:\documents and settings\adminPlanet\Meus documentos\Downloads\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\HideWin.exe" . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\HideWin.exe c:\windows\system32\lsprst7.dll c:\windows\system32\ssprs.dll c:\windows\system32\tmpPrst.dll c:\windows\system32\HideWin.dll . . . está faltando!! . (((((((((((((((( Arquivos/Ficheiros criados de 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))) . 2009-09-07 18:00 . 2009-09-07 18:14 -------- d-----w- c:\arquivos de programas\Valve 2009-09-07 17:15 . 2009-09-07 17:15 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Ulead Systems 2009-09-07 15:57 . 2009-09-07 15:57 -------- d-----w- c:\arquivos de programas\Ask.com 2009-09-07 15:56 . 2009-09-07 15:57 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2009-09-07 15:56 . 2009-09-07 15:56 -------- d-----w- c:\arquivos de programas\DVDVideoSoft 2009-09-06 22:42 . 2009-09-06 22:42 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2009-09-06 22:42 . 2009-09-06 22:42 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector 2009-09-03 12:48 . 2009-09-03 12:48 -------- d-----w- c:\arquivos de programas\GsmServer 2009-09-02 01:24 . 2009-09-02 01:24 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Malwarebytes 2009-09-01 02:18 . 2009-09-01 02:30 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\uTorrent 2009-09-01 02:18 . 2009-09-01 02:18 -------- d-sh--w- c:\documents and settings\adminPlanet\IETldCache 2009-09-01 02:10 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2009-09-01 02:10 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2009-09-01 02:10 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2009-09-01 02:10 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2009-09-01 02:10 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2009-09-01 02:10 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-09-01 02:10 . 2009-09-01 02:10 -------- d-----w- c:\windows\ie8updates 2009-09-01 02:09 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-09-01 02:09 . 2009-07-19 21:45 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-01 02:09 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-01 02:09 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-01 02:09 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-09-01 02:09 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-01 02:07 . 2009-09-01 02:09 -------- dc-h--w- c:\windows\ie8 2009-08-30 22:21 . 2009-09-01 02:17 -------- d-----w- c:\windows\system32\pt-br 2009-08-30 22:21 . 2009-08-30 22:21 -------- d-----w- c:\windows\l2schemas 2009-08-30 22:21 . 2009-08-30 22:21 -------- d-----w- c:\windows\system32\bits 2009-08-30 21:57 . 2009-08-30 21:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion 2009-08-30 18:26 . 2009-08-30 18:27 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-08-30 18:26 . 2009-08-30 18:30 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-08-30 18:26 . 2009-08-30 18:30 183112 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-30 18:23 . 2009-08-30 18:23 1582 ----a-w- c:\windows\system32\ealregsnapshot1.reg 2009-08-30 18:22 . 2009-08-30 18:22 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Leadertech 2009-08-30 13:06 . 2009-08-30 13:06 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-30 13:06 . 2009-08-30 13:06 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2009-08-30 13:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-30 13:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-30 13:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-30 13:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-30 13:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-30 13:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-30 13:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-30 12:50 . 2009-08-30 12:50 -------- d-sh--w- c:\documents and settings\adminPlanet\UserData 2009-08-29 22:58 . 2009-08-29 22:58 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\BrOffice.org 2009-08-29 18:50 . 2009-08-29 18:50 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\DAEMON Tools Lite 2009-08-29 18:50 . 2009-08-29 18:50 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Nero 2009-08-29 18:25 . 2009-09-07 14:19 -------- d-----w- c:\documents and settings\adminPlanet\Tracing 2009-08-29 02:12 . 2009-08-29 02:12 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2009-08-29 02:10 . 2009-08-29 02:10 -------- d-----w- c:\arquivos de programas\MSXML 4.0 2009-08-29 02:07 . 2009-09-06 23:09 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-29 02:07 . 2009-08-29 02:07 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Corel 2009-08-29 02:04 . 2009-05-21 18:48 268288 -c----w- c:\windows\system32\dllcache\httpext.dll 2009-08-29 02:00 . 2009-08-29 02:00 -------- d-----w- c:\arquivos de programas\Yahoo! 2009-08-29 02:00 . 2009-08-29 02:01 -------- d-----w- c:\arquivos de programas\CCleaner 2009-08-29 01:54 . 2009-08-29 01:54 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\Apple Computer 2009-08-29 01:52 . 2009-08-29 01:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer 2009-08-29 01:52 . 2009-08-29 01:52 -------- d-----w- c:\arquivos de programas\Apple Software Update 2009-08-29 01:52 . 2009-08-29 01:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple 2009-08-29 01:39 . 2009-08-29 01:39 -------- d-----w- c:\documents and settings\adminPlanet\Dados de aplicativos\DivX 2009-08-29 00:53 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll 2009-08-29 00:52 . 2008-04-14 02:20 68608 ----a-w- c:\windows\system32\iisext.dll 2009-08-29 00:50 . 2009-08-29 00:54 -------- d-----w- C:\Inetpub 2009-08-24 01:37 . 2009-08-30 18:27 -------- d-----w- c:\arquivos de programas\GameVicio 2009-08-24 01:25 . 2009-08-29 19:21 -------- d-----w- c:\arquivos de programas\EA GAMES 2009-08-24 01:20 . 2009-08-24 01:20 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\DAEMON Tools Pro 2009-08-24 01:19 . 2009-08-24 01:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite 2009-08-24 01:18 . 2009-08-24 01:19 -------- d-----w- c:\arquivos de programas\DAEMON Tools Toolbar 2009-08-24 01:18 . 2009-08-25 01:13 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite 2009-08-24 01:13 . 2009-08-24 01:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-24 01:13 . 2009-08-24 01:19 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\DAEMON Tools Lite 2009-08-23 21:08 . 2009-07-28 19:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-23 21:08 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-08-23 21:08 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-08-23 21:08 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-08-23 21:08 . 2009-08-23 21:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2009-08-23 21:08 . 2009-08-23 21:08 -------- d-----w- c:\arquivos de programas\Avira 2009-08-23 19:57 . 2009-08-23 19:57 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\InstallShield 2009-08-23 19:54 . 2009-08-23 19:54 -------- d-----w- c:\arquivos de programas\Corel 2009-08-23 19:54 . 2009-08-23 19:54 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Corel 2009-08-23 19:48 . 1997-11-19 18:49 303616 ----a-w- c:\windows\IsUninst.exe 2009-08-23 19:48 . 2009-08-23 19:48 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\WINDOWS 2009-08-23 19:40 . 2009-08-23 19:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared 2009-08-23 19:39 . 2009-08-23 19:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Real 2009-08-23 19:39 . 2009-08-23 19:39 -------- d-----w- c:\arquivos de programas\Real 2009-08-22 23:54 . 2009-08-22 23:54 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Malwarebytes 2009-08-22 23:54 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-22 23:54 . 2009-08-22 23:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2009-08-22 23:54 . 2009-08-22 23:54 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2009-08-22 23:54 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 13:07 . 2009-08-20 13:07 -------- d-----w- c:\arquivos de programas\GNU 2009-08-20 13:01 . 2009-08-20 13:02 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Media Player Classic 2009-08-20 12:57 . 2009-08-20 12:57 -------- d-----w- c:\arquivos de programas\XP Codec Pack 2009-08-20 02:10 . 2009-08-20 02:10 2048 ----a-w- c:\windows\system32\sysprs7.dll 2009-08-20 02:10 . 2009-08-20 02:10 1025 ----a-w- c:\windows\system32\clauth2.dll 2009-08-20 02:10 . 2009-08-20 02:10 1025 ----a-w- c:\windows\system32\clauth1.dll 2009-08-20 02:10 . 2009-08-20 02:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Minnetonka Audio Software 2009-08-18 19:54 . 2009-08-18 19:54 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Ulead Systems 2009-08-18 15:38 . 2009-08-18 15:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\SONY Digital Images 2009-08-18 15:37 . 2009-08-18 15:37 -------- d-----w- c:\arquivos de programas\Ulead Systems 2009-08-18 15:37 . 2009-08-18 15:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Ulead Systems 2009-08-18 15:37 . 2009-08-18 19:54 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Ulead Systems 2009-08-18 02:53 . 2009-08-18 02:53 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\BrOffice.org 2009-08-18 01:46 . 2003-03-16 03:15 90112 ----a-w- c:\windows\unvise32.exe 2009-08-18 01:43 . 2009-08-18 01:43 -------- d-----w- c:\arquivos de programas\Pinnacle 2009-08-17 17:24 . 2009-08-17 17:24 -------- d-----w- c:\arquivos de programas\Windows Live Safety Center 2009-08-17 00:35 . 2009-08-17 00:35 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Thinstall 2009-08-16 22:33 . 2009-08-16 22:33 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\Nero 2009-08-16 22:30 . 2009-08-16 22:30 -------- d-----w- c:\arquivos de programas\Nero 2009-08-16 22:30 . 2009-08-16 22:32 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Nero 2009-08-16 22:30 . 2009-08-16 22:30 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Nero 2009-08-16 22:18 . 2009-08-16 22:18 -------- d-----w- c:\arquivos de programas\Microsoft Sync Framework 2009-08-16 20:50 . 2009-08-16 20:50 -------- d-----w- c:\windows\system32\%commonprogramfiles% 2009-08-16 18:13 . 2007-05-16 19:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2009-08-16 18:13 . 2007-04-04 21:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll 2009-08-16 18:13 . 2007-03-15 19:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll 2009-08-16 18:13 . 2007-03-12 19:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll 2009-08-16 18:13 . 2007-03-12 19:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll 2009-08-16 18:01 . 2009-08-16 18:01 -------- d-----w- c:\windows\Logs 2009-08-16 12:39 . 2009-08-16 12:39 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Adobe Systems 2009-08-16 12:35 . 2009-08-16 12:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe Systems Shared 2009-08-16 12:26 . 2009-08-16 12:39 -------- d-----w- c:\documents and settings\adminPlanet.PLANETARIOS\Dados de aplicativos\DivX 2009-08-16 12:23 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll 2009-08-16 12:22 . 2009-08-16 12:24 -------- d-----w- c:\arquivos de programas\Google 2009-08-16 12:22 . 2009-08-16 12:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DivX Shared . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-07 18:00 . 2009-07-18 21:38 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2009-09-06 22:40 . 2009-07-26 16:26 -------- d-----w- c:\arquivos de programas\Windows Live 2009-08-30 22:37 . 2001-10-28 12:07 524080 ----a-w- c:\windows\system32\perfh016.dat 2009-08-30 22:37 . 2001-10-28 12:07 100814 ----a-w- c:\windows\system32\perfc016.dat 2009-08-23 19:57 . 2009-07-18 21:38 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield 2009-08-23 19:08 . 2009-07-26 16:40 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live 2009-08-12 13:20 . 2009-07-26 16:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help 2009-08-05 09:00 . 2004-08-04 03:45 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 22:52 . 2009-07-30 22:52 -------- d-----w- c:\arquivos de programas\TCInternetFilter 2009-07-27 22:44 . 2009-07-27 22:44 -------- d-----w- c:\arquivos de programas\LogMeIn Ignition 2009-07-27 22:20 . 2009-07-27 22:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus! 2009-07-26 19:44 . 2009-07-26 19:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-26 16:54 . 2009-07-26 16:54 -------- d-----w- c:\arquivos de programas\Microsoft Works 2009-07-26 16:53 . 2009-07-26 16:53 -------- d-----w- c:\arquivos de programas\MSBuild 2009-07-26 16:28 . 2009-07-26 16:28 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition 2009-07-26 16:27 . 2009-07-26 16:27 -------- d-----w- c:\arquivos de programas\Microsoft 2009-07-26 16:26 . 2009-07-26 16:26 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2009-07-26 16:24 . 2009-07-26 16:24 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live 2009-07-18 22:30 . 2009-07-18 22:30 0 ----a-w- c:\windows\nsreg.dat 2009-07-18 21:47 . 2009-07-18 21:47 -------- d-----w- c:\arquivos de programas\Alwil Software 2009-07-18 21:44 . 2009-07-18 21:44 -------- d-----w- c:\arquivos de programas\BrOffice.org 3 2009-07-18 21:39 . 2009-07-18 21:39 -------- d-----w- c:\arquivos de programas\Realtek 2009-07-18 21:35 . 2009-07-18 21:35 -------- d-----w- c:\arquivos de programas\Intel 2009-07-18 21:25 . 2009-07-18 21:25 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2009-07-18 21:23 . 2009-07-18 21:23 -------- d-----w- c:\arquivos de programas\Serviços on-line 2009-07-18 21:22 . 2009-07-18 21:22 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços 2009-07-18 21:21 . 2009-07-18 21:21 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-17 19:03 . 2004-08-04 03:45 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 02:43 . 2004-08-04 03:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 15:25 . 2009-07-10 15:25 307056 ----a-w- c:\windows\WLXPGSS.SCR 2009-07-03 16:59 . 2004-08-04 03:45 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-04 03:45 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 03:45 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 03:45 523776 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 03:45 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 03:45 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 03:45 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 03:45 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 03:45 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 03:45 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 03:45 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 03:45 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 03:45 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:27 . 2004-08-04 03:45 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2004-08-04 03:45 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2004-08-04 03:45 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2004-08-04 03:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:27 . 2004-08-04 03:45 732672 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2004-08-04 03:45 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-04 01:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-22 11:49 . 2004-08-04 03:45 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 03:45 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 03:45 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 01:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-16 14:39 . 2004-08-04 03:45 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:39 . 2001-10-28 12:06 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2004-08-04 03:45 77824 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:44 . 2004-08-04 03:45 81408 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:14 . 2004-08-04 03:45 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 12:21 . 2009-07-18 21:20 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-04 03:45 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-06_01.55.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-06 22:42 . 2009-09-06 22:42 49664 c:\windows\Installer\235d12f.msi + 2009-09-06 22:39 . 2009-09-06 22:39 22016 c:\windows\Installer\235d059.msi + 2009-09-06 22:37 . 2009-09-06 22:37 27136 c:\windows\Installer\235d01e.msi + 2009-09-06 22:38 . 2009-09-06 22:38 80395 c:\windows\Installer\{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}\MsblIco.Exe + 2009-09-06 22:42 . 2009-09-06 22:42 29316 c:\windows\Installer\{95120000-0122-0416-0000-0000000FF1CE}\olc_setup.exe + 2009-09-07 15:57 . 2009-09-07 15:57 40960 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe + 2009-09-06 22:39 . 2009-09-06 22:39 58945 c:\windows\Installer\{74AD1846-2010-4FB1-8E24-B6F2B87150C2}\wlmail.exe + 2009-09-06 22:43 . 2009-09-06 22:43 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\931576d67bc4f7d5ef5d3f9ce6e5173c\WindowsLiveWriter.ni.exe + 2009-09-06 22:43 . 2009-09-06 22:43 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\534cd402cf22bebe59ec2b87928f2fab\WindowsLive.Writer.Api.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll - 2009-08-30 19:00 . 2009-08-30 19:00 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ec83ec80653eb20ccc6ed42075c90aee\Microsoft.VisualC.ni.dll + 2009-08-29 00:54 . 2009-09-07 14:19 224649 c:\windows\system32\inetsrv\MetaBase.bin + 2009-09-06 22:42 . 2009-09-06 22:42 519168 c:\windows\Installer\235d128.msi + 2009-09-06 22:40 . 2009-09-06 22:40 570368 c:\windows\Installer\235d113.msi + 2009-09-06 22:40 . 2009-09-06 22:40 778752 c:\windows\Installer\235d0da.msi + 2009-09-06 22:39 . 2009-09-06 22:39 476672 c:\windows\Installer\235d09a.msi + 2009-09-06 22:39 . 2009-09-06 22:39 739328 c:\windows\Installer\235d085.msi + 2009-09-06 22:38 . 2009-09-06 22:38 430080 c:\windows\Installer\235d04e.msi + 2009-09-06 22:37 . 2009-09-06 22:37 155648 c:\windows\Installer\235d030.msi + 2009-09-06 22:40 . 2009-09-06 22:40 132096 c:\windows\Installer\{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}\WLXPhotoGalleryIcon.exe + 2009-09-06 22:43 . 2009-09-06 22:43 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\5f8809146507a8956047b7980cb049c1\WindowsLiveLocal.WriterPlugin.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fad42c0c7c2c60c7d371ca356d027433\WindowsLive.Writer.Localization.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fa4fc31a45a276040fe60fe9b2370e05\WindowsLive.Writer.Instrumentation.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f6b33dc9e92ddb49069262e3b1dc31c0\WindowsLive.Writer.SpellChecker.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\eed6e22ab93b2370b6a9b70204b42e6c\WindowsLive.Writer.FileDestinations.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e195165c4e7c44d5f404709a8f8d5758\WindowsLive.Writer.BlogClient.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb8e348a5c9b28a622b6d3c37661d8e6\WindowsLive.Writer.Mshtml.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8335570e4770bcef587c21a55cc3dd39\WindowsLive.Writer.Passport.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\82c122c2491be216031b6ddcd8f84c64\WindowsLive.Writer.Controls.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7d2fc985641178605ba9debdfe146e59\WindowsLive.Writer.Extensibility.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\74f0d8ed64db5dadd0ffd8f1b1b02c33\WindowsLive.Writer.HtmlEditor.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6cf11694fdc6cb7a79ddd28faded7a2c\WindowsLive.Writer.Interop.Mshtml.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\681ad822aa7295018c1b9f96ad372ee0\WindowsLive.Writer.Interop.SHDocVw.ni.dll - 2009-08-30 18:59 . 2009-08-30 18:59 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\681ad822aa7295018c1b9f96ad372ee0\WindowsLive.Writer.Interop.SHDocVw.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\655369517d0a6237ceacdfe25daa02b4\WindowsLive.Writer.Interop.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56305a199f4f12e8c9b3123b192944fb\WindowsLive.Writer.HtmlParser.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c2e32b33e55538a330d714500e9275e\WindowsLive.Writer.BrowserControl.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\01847dc3c3aa981649e7a59e2d53e474\WindowsLive.Client.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll - 2009-08-30 19:00 . 2009-08-30 19:00 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2abd876a3c8a6b088fa6d8d39d901e3c\System.Runtime.Remoting.ni.dll + 2009-09-07 15:57 . 2009-09-07 15:57 2265088 c:\windows\Installer\5b6a8d.msi + 2009-09-06 22:43 . 2009-09-06 22:43 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e79feaf99eadddc64c6612cefdb8d9e2\WindowsLive.Writer.CoreServices.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\951375335aae58a5e5fd61e39414582b\WindowsLive.Writer.ApplicationFramework.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b0b01354b3735e2165f4234b601692d\WindowsLive.Writer.PostEditor.ni.dll - 2009-08-30 19:00 . 2009-08-30 19:00 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\283ecfbaa6a6fab76c8b544a4a89d5ce\System.Data.OracleClient.ni.dll + 2009-09-06 22:43 . 2009-09-06 22:43 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\283ecfbaa6a6fab76c8b544a4a89d5ce\System.Data.OracleClient.ni.dll + 2009-09-06 22:42 . 2009-09-06 22:42 15706112 c:\windows\Installer\235d137.msp . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 20:22 1144712 ----a-w- c:\arquivos de programas\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\arquivos de programas\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-08-23 185896] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "Gainward"="c:\arquivos de programas\Vtune\TBPanel.exe" [2007-04-23 2158592] "Acrobat Assistant 8.0"="c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\adminPlanet.PLANETARIOS\Menu Iniciar\Programas\Inicializar\ Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\adminPlanet\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-8-15 295606] Adobe Acrobat Synchronizer.lnk - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "shell"= c:\windows\Explorer.exe "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 0 (0x0) "RestrictRun"= 0 (0x0) "RestrictCpl"= 0 (0x0) "NoExplorerBar"= 0 (0x0) "NoFolders"= 0 (0x0) "NoToolsMenu"= 0 (0x0) "SpecifyDefaultButtons"= 1 (0x1) "NoFileUrl"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"= 1 (0x1) "RestrictRun"= 0 (0x0) "NoAddPrinter"= 1 (0x1) "NoDeletePrinter"= 1 (0x1) "NoPrinterTabs"= 1 (0x1) "RestrictCpl"= 1 (0x1) "NoSetTaskBar"= 1 (0x1) "NoNetworkConnections"= 1 (0x1) "NoStartMenuNetworkPlaces"= 1 (0x1) "SpecifyDefaultButtons"= 1 (0x1) "NoToolsMenu"= 0 (0x0) "NoFileUrl"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ImapiService"=3 (0x3) "helpsvc"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "c:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5/7/2006 09:46 63352] R1 ndisfad;ndisfad;c:\windows\system32\drivers\ndisfad.sys [9/7/2008 16:01 22784] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [23/8/2009 18:08 108289] R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\arquivos de programas\ASTRA32\astra32.sys [22/2/2007 11:28 30864] S2 gupdate1ca1e6c43571162;Google Update Service (gupdate1ca1e6c43571162);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [16/8/2009 09:22 133104] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Conteúdo da pasta 'Tarefas Agendadas' 2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34] 2009-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-08-16 12:22] 2009-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-08-16 12:22] 2009-09-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\arquivos de programas\Ask.com\UpdateTask.exe [2009-06-16 20:22] . . ------- Scan Suplementar ------- . uStart Page = hxxp://br.ask.com?o=15015&l=dis IE: Append to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Save YouTube Video - c:\arquivos de programas\Arquivos comuns\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm FF - ProfilePath - c:\documents and settings\adminPlanet\Dados de aplicativos\Mozilla\Firefox\Profiles\9cde25k0.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=orkut&hl=pt-BR&rm=false&cd=BR&passive=true&skipvpage=true&sendvemail=false&continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin%3Fmsg%3D0%26page%3D%252FMain%2523Home.aspx FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=en_US&q= FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-07 16:14 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f7,33,1c,8d,d4,05,4a,55,15,d4,8d,c1,27,a8,da,ed,7f,2a,ba,7d,cd, 98,3a,ba,bf,37,f1,4e,6f,f3,26,d2,b4,ee,08,b2,eb,ba,4a,19,8a,19,5f,ac,ba,d6,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f7,33,1c,8d,d4,05,4a,55,15,d4,8d,c1,27,a8,da,ed,7f,2a,ba,7d,cd, 98,3a,ba,bf,37,f1,4e,6f,f3,26,d2,b4,ee,08,b2,eb,ba,4a,19,8a,19,5f,ac,ba,d6,\ . Tempo para conclusão: 2009-09-07 16:17 ComboFix-quarantined-files.txt 2009-09-07 19:16 ComboFix2.txt 2009-09-06 01:57 Pré-execução: 888.287.232 bytes disponíveis Pós execução: 967.471.104 bytes disponíveis Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4 417 --- E O F --- 2009-09-02 06:01 Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Setembro 8, 2009 O Link do Kaspersky Virus Removal Tool esta com erro... pode verificar, por favor ? Link Logo passarei outras instruções do Script do comboFix. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 8, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
