[Resolvido!] O PC não abre o msn instalado

[nina_michely 0]

Olá boa-noite...

tentei baixar a nova versão do msn é quando ternimei a instalação não consegui abri-lo...

não consigo baixar pelo "baixaki" porque a página sempre dá como expirada...

procurei outros site para baixá-lo e somente consegui no site degracaemaisgostoso e depois de 2 horas de espera baixou.. pórém não abre... tentei baixar a versão antiga mas ao tentar instalar recebo uma mensagem dizendo que já tenho uma nova versão e para intalar a tenho que deletar a antiga... mas quando vou em "configuraçãoes".. paienl de controle... o msn não esta sendo visuaçizado por lá... fui em "meus arquivos de programas" achei mas não dá para excluir e com isso não tenho como baixar nemhuma versão dele aki no meu pc... o que faço?

[macielcr7 9]

meu chapa olhe.... faça o seguinte......

 

seu sistema operacional deve está desatualizado...

 

o novo msn só instala no XP serve park 2 ou superior.!'

[nina_michely 0]

olá meu querido...

obrigada por responder...

mas já verifiquei...

meu sistema é justamente o q você mencionou aí em cima...

XP e park 2...

não sei mas o q fazer... não estou conseguindo instalar e muito menos estou conseguindo achar o q o pc diz q esta instalado

[wings 22]

Bom dia...

 

Isso não é problema de contaminação.

 

O máximo que posso te ajudar é:

 

1.

Baixe o Revo Uninstaller

 

Feche o MSN.

 

Inicie o processo de desinstalação do Windows Live Messenger usando o Revo Uninstaller

 

Ao abrir a janela do Windows Live, clique em [Reparar]

 

Retorne ao Revo Uninstaller e cancele a operação

 

Reinicie o PC e veja se consegue entrar no MSN.

 

Ou

 

2.

Dê uma lida aqui e aqui

 

 

 

Um abraço.

[nina_michely 0]

Olá. fico muito grata por tentar me ajudar...

pelo menos dessa vez consegui desinstalar a versão 2009...

o pc aceitou a instalação da versão 2008.. consegui abrir a janela...

porém a msg que vem é a seguinte:

Que esta disposnível uma versão mas recente... pergunta se desejo instalar...

Se digo que SIM... vem a msg que o Windows Live não pode ser baixado e abre outra janela para verficar o arquivo de atualização... vai pra página do Windows Live e qndo peço para baixar a página expira...

Se digo que NÃO... vai pra página inicial do MSN....

Tentei baixar por novamente por outro site a nova versão... mas não consegui ao termino do processo veu a msg que não pode se executada e não consegui novamente entrar no meu msn...

HELP... O QUE ACHA QUE DEVO FAZER... JOGAR O COMPUTADOR PELA JANELA? SERÁ QUE ISSO VAI ME AJUGAR?

Logfile of HijackThis v1.99.1

Scan saved at 01:18:40, on 23/2/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\J4JBMEWN\HijackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\E_S284.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do PMB.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: UpTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E}: NameServer = 200.142.130.202 200.220.254.43

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

[wings 22]

1.

*Acesse o site ConfickerWorkingGroup

*Interprete e informe.

[nina_michely 0]

Bom-dia...

Esse ninck não abre aqui!

[wings 22]

O link está funcionando perfeitamente...

 

Tente novamente ou acesse este:

http://iv.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/

[nina_michely 0]

OLÁ ... muito obrigada por me ajudar...

mas esse ninck que você me mandou nao abre aqui...

o 1º até abre... porém vem com vários erros de página...

o 2º já abre já com a página expirada...

percebi também que não estou conseguindo baixar alguns programas aqui...

Obrigada pela atenção

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:00:51, on 1/1/2003

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Arquivos de programas\Vivo 3G\Vivo 3G.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\Movie Maker\moviemk.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Diretório temporário 2 para HiJackThis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/

R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [EPSON Stylus CX7300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDL.EXE /FU "C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\E_S284.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Ferramenta de Verificação de Mídia do PMB.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: UpTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E}: NameServer = 200.142.130.202 200.220.254.43

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 6741 bytes

[wings 22]

*Desative temporariamente seu antivírus

 

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso não esteja, uma janela conforme abaixo será aberta. Clique em [sIM] para aceitar a instalação do mesmo.

 

 

*Após a instalação, clique em [sIM] para continuar.

 

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[nina_michely 0]

Olá... meu amado...

MUITÍSSIMA obrigada... valeu mesmo...

consegui instalar MSN depois de passar o COMBOFIX...

mas só consegui a versão 8.5... pq a versão 2009 não baixou...

inclusive o pc fkou super rápido... pq estava andando td aki a passos de tartaruga

agora a pergunta é?...

posso sempre executar esse processo? e pq não veio consegui instalar a versão atual?

[wings 22]

*Cole o relatório criado em C:\combofix.txt

 

Cole o relatório conforme solicitei.

[nina_michely 0]

Olá... me desculpe... mas não tinha atentado para isso...

Mas gostaria muito de saber...

porque agora não consigo baixar a versão atualizada do MSN...

Confesso que meu computador fkou mas rápido...

mas tem alguns programas como o MEDIA PLAYER que não estão mas funcionando...

Assim como não estou conseguindo mas fazer nenhum dowland em sites que conheço...

sempre dá página expirada e/ou redirecionada...

Me perdoe a minha falta de conhecimento dentro dessa área...

prefiro deixar isso com você's... mas... me diga esse monte de letras e números aí...

é muito sério? e/ou é problema de "JUNTA" tudo é joga fora?

PLEASE HELP...

ComboFix 10-02-23.03 - Administrador 01/01/2003 4:21.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.223 [GMT -2:00]

Executando de: C:\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\msconfig.exe

c:\windows\tweaks.reg

 

c:\windows\system32\msgsvc.dll . . . está infectado!!

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2002-12-01 to 2003-01-01 ))))))))))))))))))))))))))))

.

 

2010-02-23 20:27 . 2010-02-23 20:27 -------- d-----w- c:\arquivos de programas\Conduit

2010-02-23 20:26 . 2003-01-01 05:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2010-02-23 20:26 . 2003-01-01 05:05 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-02-23 04:04 . 2010-02-23 04:04 272538 ----a-w- C:\HiJackThis.exe

2010-02-23 03:39 . 2010-02-23 03:40 -------- d-----w- c:\documents and settings\Administrador\Contacts

2010-02-23 03:29 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-02-23 03:29 . 2010-02-23 03:29 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-02-22 22:16 . 2010-02-22 22:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge

2010-02-17 15:36 . 2010-02-23 11:56 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-15 19:25 . 2010-02-15 19:25 -------- d-----w- c:\documents and settings\Administrador\MSN

2010-02-15 19:19 . 2010-02-17 16:05 -------- d-----w- c:\documents and settings\Administrador\Tracing

2010-01-23 16:01 . 2010-01-23 16:01 15256 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2010-01-21 12:54 . 2003-01-01 03:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-01-20 11:43 . 2008-10-29 18:37 737280 ----a-r- c:\windows\system32\hposwia_d02a.dll

2010-01-20 11:43 . 2008-10-29 18:37 598016 ----a-r- c:\windows\system32\hpost_d02a.dll

2010-01-20 11:43 . 2008-10-29 18:37 307200 ----a-r- c:\windows\system32\hposc_d02a.dll

2010-01-20 11:43 . 2008-10-28 10:31 372736 ----a-r- c:\windows\system32\hppldcoi.dll

2010-01-20 11:43 . 2008-10-28 10:31 309760 ----a-r- c:\windows\system32\difxapi.dll

2010-01-20 11:41 . 2010-01-20 11:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-01-20 11:40 . 2010-01-20 11:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-01-20 11:36 . 2010-01-20 11:46 169382 ----a-w- c:\windows\hpoins37.dat

2010-01-20 11:36 . 2009-07-08 14:40 632 ------w- c:\windows\hpomdl37.dat

2010-01-20 11:32 . 2010-01-20 11:34 -------- d-----w- c:\windows\SxsCaPendDel

2010-01-20 11:07 . 2010-01-20 11:08 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HpUpdate

2010-01-20 11:07 . 2010-01-20 11:07 -------- d-----w- c:\windows\Hewlett-Packard

2010-01-09 21:43 . 2010-01-09 21:43 -------- d-----w- C:\Passefacil2006

2010-01-08 18:09 . 2010-01-08 18:24 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2010-01-08 18:09 . 2010-01-08 18:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2010-01-08 18:08 . 2008-10-28 10:31 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2010-01-08 18:08 . 2008-10-28 10:31 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2010-01-08 18:07 . 2008-10-06 17:37 315392 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp083.dll

2010-01-08 18:07 . 2008-10-06 17:38 121344 ----a-w- c:\windows\system32\hpf3l083.dll

2010-01-08 18:07 . 2008-10-29 18:35 271704 ----a-r- c:\windows\system32\hpzids01.dll

2010-01-08 18:07 . 2008-10-28 10:31 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2010-01-08 18:02 . 2010-01-20 11:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-01-08 18:02 . 2010-01-08 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2010-01-08 18:01 . 2010-02-23 03:38 -------- dc----w- c:\windows\system32\DRVSTORE

2010-01-08 18:01 . 2010-01-20 11:42 -------- d-----w- c:\arquivos de programas\HP

2009-12-12 13:39 . 2009-12-12 13:43 -------- d-----w- C:\casamento da Greice

2009-11-29 14:35 . 2009-11-29 14:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Sony Corporation

2009-11-29 14:24 . 2009-11-29 14:24 -------- d-----w- c:\windows\Logs

2009-11-29 14:19 . 2009-11-29 14:19 -------- d-----w- c:\arquivos de programas\Sony

2009-11-29 14:19 . 2009-11-29 14:19 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

2009-10-03 02:10 . 2009-10-03 02:10 -------- d-s---w- c:\documents and settings\Administrador\UserData

2009-10-03 01:06 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbvoice.sys

2009-10-03 01:06 . 2009-03-30 12:39 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2009-10-03 01:06 . 2009-03-30 12:39 105344 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2009-10-03 01:06 . 2009-03-30 12:39 110592 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2009-10-03 01:06 . 2009-03-30 12:38 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2009-10-03 01:06 . 2009-10-03 01:06 -------- d-----w- c:\arquivos de programas\InstallAffixationInfo

2009-10-03 01:06 . 2010-02-23 20:03 -------- d-----w- c:\arquivos de programas\Vivo 3G

2009-09-21 08:50 . 2009-09-21 08:50 656088 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge\loader.dll

2009-09-21 08:50 . 2009-09-21 08:50 266968 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge\axpowerloader.dll

2009-09-21 08:50 . 2009-09-21 08:50 217816 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge\nppowerloader.dll

2009-08-30 20:20 . 2009-08-30 20:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Xerox

2009-08-30 20:20 . 2004-11-01 07:14 23040 ----a-w- c:\windows\system32\xrxwbtmp.dll

2009-08-30 20:20 . 2004-11-01 07:14 17408 ----a-w- c:\windows\system32\xrxscnui.dll

2009-08-30 20:20 . 2004-11-01 07:14 116224 ----a-w- c:\windows\system32\xrxwiadr.dll

2009-08-30 20:17 . 2004-11-01 07:14 99328 ----a-w- c:\windows\system32\srusd.dll

2009-08-30 20:17 . 2004-11-01 07:14 6912 ----a-w- c:\windows\system32\drivers\serscan.sys

2009-08-30 20:17 . 2004-11-01 07:13 71680 ----a-w- c:\windows\system32\fnfilter.dll

2009-08-21 01:54 . 2009-10-03 15:31 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AdobeUM

2009-05-21 23:18 . 2009-05-21 23:18 3584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\HP\Print Projects\Data\hpqd_cul_sticky_settings.dll

2009-05-21 22:21 . 2009-05-21 22:21 3584 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\HP\HelpViewer\HVdummy.dll

2009-05-21 22:21 . 2009-05-21 22:21 2560 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\HP\SolCtr\scdatafiles.dll

2009-05-21 21:58 . 2009-05-21 21:58 287256 ----a-r- c:\windows\system32\AbaleZip.dll

2009-05-19 23:09 . 2009-05-19 23:09 -------- d-----w- C:\spoolerlogs

2009-05-14 21:14 . 2007-01-10 20:02 113664 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

2009-05-14 08:25 . 2009-05-14 08:25 2560 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\HP\Digital Imaging\Data\hpqd_cul_s.dll

2009-05-14 08:25 . 2009-05-14 08:25 12288 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\HP\Digital Imaging\Data\Destination\aiopfl.dll

2009-05-14 08:22 . 2009-05-14 08:22 1645320 ----a-w- c:\windows\system32\gdiplus.dll

2009-05-09 17:21 . 2004-11-01 07:14 18176 ----a-w- c:\windows\system32\drivers\sermouse.sys

2009-04-10 18:32 . 2009-04-10 18:32 -------- d-----w- c:\documents and settings\Administrador\Configuraes locais

2008-12-26 19:57 . 2008-12-26 19:57 -------- d-----w- c:\windows\Cache

2008-12-26 19:56 . 2009-05-27 23:40 737280 ----a-w- c:\windows\iun6002.exe

2008-12-03 22:05 . 2008-12-03 22:05 20480 ----a-w- c:\windows\system32\hpzisn12.dll

2008-12-03 22:05 . 2008-12-03 22:05 29696 ----a-w- c:\windows\system32\hpzipt12.dll

2008-12-03 22:05 . 2008-12-03 22:05 33792 ----a-w- c:\windows\system32\HPZipr12.dll

2008-12-03 22:05 . 2008-12-03 22:05 53760 ----a-w- c:\windows\system32\HPZipm12.dll

2008-12-03 22:05 . 2008-12-03 22:05 49152 ----a-w- c:\windows\system32\HPZidr12.dll

2008-12-03 22:05 . 2008-12-03 22:05 44544 ----a-w- c:\windows\system32\HPZinw12.dll

2008-11-15 13:22 . 2008-11-15 13:22 -------- d-----w- c:\arquivos de programas\LucasFan Games

2008-07-18 23:48 . 2004-11-18 17:44 2433024 ------w- c:\windows\NuNinst.exe

2008-07-18 23:48 . 2004-11-19 19:01 7680 ------w- c:\windows\system32\drivers\InCDrec.sys

2008-07-18 23:48 . 2004-11-19 19:00 28672 ------w- c:\windows\system32\drivers\InCDpass.sys

2008-07-18 23:48 . 2004-11-19 18:59 93440 ------w- c:\windows\system32\drivers\InCDfs.sys

2008-07-18 23:48 . 2004-11-05 14:44 27648 ------w- c:\windows\system32\drivers\InCDrm.sys

2008-07-18 23:48 . 2008-07-18 23:48 -------- d-----w- c:\windows\InCD

2008-07-18 23:47 . 2004-01-14 09:53 1658880 ------w- c:\windows\UNNeroBurnRights.exe

2008-07-18 23:47 . 2002-10-09 11:36 53248 ----a-r- c:\windows\system32\NeroCo.dll

2008-03-04 23:45 . 2008-03-04 23:45 7680 ----a-w- c:\windows\system32\hpboidps.dll

2008-03-04 23:45 . 2008-03-04 23:45 25600 ----a-w- c:\windows\system32\hpboid.dll

2008-03-04 23:44 . 2008-03-04 23:44 39936 ----a-w- c:\windows\system32\hpbpro.dll

2008-03-04 23:44 . 2008-03-04 23:44 24576 ----a-w- c:\windows\system32\hpbmiapi.dll

2008-03-04 23:44 . 2008-03-04 23:44 7680 ----a-w- c:\windows\system32\hpbprops.dll

2007-10-24 18:42 . 2007-10-24 18:42 120304 ----a-w- c:\windows\system32\pxcpyi64.exe

2007-10-24 18:42 . 2008-07-04 13:22 122864 ----a-w- c:\windows\system32\PxInsI64.exe

2007-10-24 18:42 . 2007-10-24 18:42 68080 ----a-w- c:\windows\system32\drvins64.exe

2007-10-24 05:00 . 2008-07-04 13:22 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2007-10-17 05:00 . 2008-07-04 13:22 9200 ----a-w- c:\windows\system32\drivers\cdralw2k.sys

2007-10-17 05:00 . 2008-07-04 13:22 9072 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys

2007-04-24 12:33 . 2007-04-24 12:33 114688 ----a-w- c:\windows\system32\hplbdchn.dll

2006-11-17 20:22 . 2006-11-17 20:22 35648 ----a-w- c:\windows\system32\FM20PTB.DLL

2006-10-26 16:10 . 2006-10-26 16:10 1190688 ----a-w- c:\windows\system32\FM20.DLL

2006-10-26 15:45 . 2006-10-26 15:45 293376 ----a-w- c:\windows\system32\WISPTIS.EXE

2006-10-26 15:45 . 2006-10-26 15:45 207360 ----a-w- c:\windows\system32\INKED.DLL

2006-10-26 15:10 . 2006-10-26 15:10 33088 ----a-w- c:\windows\system32\FM20ENU.DLL

2006-07-24 12:50 . 2006-07-24 12:50 47920 ----a-w- c:\windows\system32\VBAME.DLL

2006-07-24 12:50 . 2006-07-24 12:50 39728 ----a-w- c:\windows\system32\SCP32.DLL

2006-07-24 12:50 . 2007-07-10 16:45 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2005-09-19 01:34 . 2005-09-19 01:34 11008 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2004-11-11 18:00 . 2004-11-11 18:00 23 ----a-w- c:\windows\tweaks.cmd

2004-11-06 04:00 . 2004-11-06 04:00 388 ----a-w- c:\windows\system32\presetup.cmd

2004-11-01 07:15 . 2004-11-01 07:15 219648 ----a-w- c:\windows\system32\uxtheme.dll

2004-11-01 07:15 . 2004-08-13 22:50 359040 ----a-w- c:\windows\system32\drivers\tcpip.sys

2004-11-01 07:14 . 2004-11-01 07:14 994816 ----a-w- c:\windows\system32\syssetup.dll

2004-11-01 07:14 . 2004-11-01 07:14 141312 ----a-w- c:\windows\system32\sfc_os.dll

2004-11-01 04:13 . 2004-11-01 07:23 20992 ----a-w- c:\windows\system32\hid.dll

2004-11-01 04:13 . 2004-11-01 07:23 12416 ----a-w- c:\windows\system32\drivers\fsvga.sys

2004-11-01 04:13 . 2004-11-01 07:23 57344 ----a-w- c:\windows\system32\dvdplay.exe

2004-11-01 04:13 . 2004-11-01 07:23 55296 ----a-w- c:\windows\system32\dmutil.dll

2004-11-01 04:13 . 2004-11-01 07:23 40576 ----a-w- c:\windows\system32\drivers\crusoe.sys

2004-11-01 04:13 . 2004-11-01 07:23 11776 ----a-w- c:\windows\system32\drivers\cpqdap01.sys

2004-11-01 04:13 . 2004-11-01 07:23 49152 ----a-w- c:\windows\system32\cnbjmon.dll

2004-11-01 04:13 . 2004-11-01 07:23 262528 ----a-w- c:\windows\system32\drivers\cinemst2.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-17 19:29 . 2003-01-01 07:02 -------- d-----w- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2010-01-31 16:49 . 2003-01-01 02:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-01-20 11:20 . 2003-01-01 07:00 -------- d-----w- c:\arquivos de programas\epson

2009-11-29 14:25 . 2003-01-01 07:01 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-05-21 20:57 . 2009-05-21 20:57 7680 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\HP\LGT 2.0\data\templates\Images\hplgtv_timages.dll

2009-05-14 21:14 . 2003-01-01 07:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EPSON

2009-05-02 23:00 . 2003-01-01 05:36 -------- d-----w- c:\arquivos de programas\Alwil Software

2008-11-09 12:04 . 2003-01-01 02:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2008-07-18 23:48 . 2003-01-01 02:21 -------- d-----w- c:\arquivos de programas\Ahead

2007-07-10 16:46 . 2003-02-02 06:17 368912 ----a-w- c:\windows\system32\Vbar332.dll

2007-07-10 16:46 . 2003-02-02 06:17 125712 ----a-w- c:\windows\system32\Vb6de.dll

2007-07-10 16:46 . 2003-02-02 06:17 102160 ----a-w- c:\windows\system32\Vb6jp.dll

2007-07-10 16:46 . 2003-02-02 06:17 89360 ----a-w- c:\windows\system32\VB5DB.DLL

2007-07-10 16:46 . 2003-02-02 06:17 151552 ----a-w- c:\windows\system32\RDOCURS.DLL

2007-07-10 16:46 . 2003-02-02 06:17 201568 ----a-w- c:\windows\system32\PrntPRO2.dll

2007-07-10 16:46 . 2003-02-02 06:17 72704 ----a-w- c:\windows\system32\ODBCTL32.dll

2007-07-10 16:44 . 2003-02-02 06:17 107008 ----a-w- c:\windows\system32\fxtls432.dll

2006-12-07 18:04 . 2003-01-01 07:00 76800 ----a-w- c:\windows\system32\E_FLBCDL.DLL

2006-10-31 03:10 . 2003-01-01 07:00 51360 ----a-w- c:\windows\system32\EpPicPrt.dll

2006-10-31 03:10 . 2003-01-01 07:00 51360 ----a-w- c:\windows\system32\EpPicMgr.dll

2006-10-26 12:29 . 2003-01-01 07:01 126976 ----a-w- c:\windows\system32\PhotoImpression Slideshow.scr

2006-10-20 03:10 . 2003-01-01 07:00 80024 ----a-w- c:\windows\system32\PICSDK.dll

2006-10-20 03:10 . 2003-01-01 07:00 501912 ----a-w- c:\windows\system32\PICSDK2.dll

2006-10-20 03:10 . 2003-01-01 07:00 108704 ----a-w- c:\windows\system32\PICEntry.dll

2006-04-18 19:00 . 2003-01-01 07:00 62976 ----a-w- c:\windows\system32\E_FD4BCDL.DLL

2005-02-23 17:58 . 2003-01-01 07:01 11776 ----a-w- c:\windows\system32\drivers\afc.sys

2004-12-07 13:11 . 2003-01-01 07:01 258352 ----a-w- c:\windows\system32\unicows.dll

2004-11-01 06:14 . 2004-11-01 04:14 23552 ----a-w- c:\windows\system32\wdmaud.drv

2004-11-01 06:13 . 2003-01-01 02:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

2004-11-01 06:13 . 2003-01-01 02:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2004-11-01 06:13 . 2003-01-01 02:15 60288 ----a-w- c:\windows\system32\drivers\drmk.sys

2004-11-01 06:13 . 2003-01-01 05:49 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2004-11-01 06:13 . 2003-01-01 02:15 142464 ----a-w- c:\windows\system32\drivers\aec.sys

2004-11-01 04:14 . 2004-08-04 05:45 29184 ----a-w- c:\windows\system32\sdhcinst.dll

2004-11-01 04:14 . 2004-08-04 05:45 30208 ----a-w- c:\windows\system32\bthserv.dll

2004-11-01 04:14 . 2004-08-04 05:45 20992 ----a-w- c:\windows\system32\bthci.dll

2004-11-01 04:14 . 2003-01-11 01:33 76288 ----a-w- c:\windows\system32\usbui.dll

2004-11-01 04:14 . 2003-01-11 01:32 42240 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS

2004-11-01 04:14 . 2003-01-11 01:37 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2004-11-01 04:14 . 2003-01-11 01:31 75776 ----a-w- c:\windows\system32\storprop.dll

2004-11-01 04:14 . 2003-01-11 01:35 57984 ----a-w- c:\windows\system32\drivers\redbook.sys

2004-11-01 04:13 . 2003-01-11 01:37 3072 ----a-w- c:\windows\system32\drivers\audstub.sys

2004-10-15 20:54 . 2004-08-04 05:45 586240 ----a-w- c:\windows\system32\mlang.dll

2004-09-29 18:49 . 2004-08-04 05:45 658944 ----a-w- c:\windows\system32\wininet.dll

2004-09-21 11:53 . 2003-01-01 02:15 2278784 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS

2004-09-21 03:13 . 2003-01-01 02:15 9196032 ----a-r- c:\windows\system32\RTLCPL.EXE

2004-09-16 12:39 . 2003-01-01 02:15 69632 ----a-r- c:\windows\SOUNDMAN.EXE

2004-09-07 06:23 . 2003-01-01 02:15 156672 ----a-r- c:\windows\system32\RTLCPAPI.dll

2004-08-30 17:06 . 2004-08-04 05:45 206848 ----a-w- c:\windows\system32\wmerror.dll

2004-08-30 17:06 . 2004-08-04 05:44 8192 ----a-w- c:\windows\system32\asferror.dll

2004-08-30 17:06 . 2004-08-04 05:45 86016 ----a-w- c:\windows\system32\wmpshell.dll

2004-08-30 17:06 . 2004-08-04 05:45 3399680 ----a-w- c:\windows\system32\wmploc.dll

2004-08-30 17:06 . 2004-08-04 05:45 311808 ----a-w- c:\windows\system32\MSWMDM.dll

2004-08-30 17:06 . 2003-01-11 03:48 482304 ----a-w- c:\windows\system32\Audiodev.dll

2004-08-11 03:39 . 2004-08-04 05:45 773368 ----a-w- c:\windows\system32\wmsdmod.dll

2004-08-11 03:38 . 2004-08-04 05:45 871160 ----a-w- c:\windows\system32\wmvdmod.dll

2004-08-11 03:38 . 2004-08-04 05:45 531192 ----a-w- c:\windows\system32\wmspdmod.dll

2004-08-11 03:38 . 2003-01-11 03:48 1181944 ----a-w- c:\windows\system32\wmvadvd.dll

2004-08-11 03:38 . 2004-08-04 05:45 380144 ----a-w- c:\windows\system32\wmadmod.dll

2004-08-11 03:38 . 2004-08-04 05:45 253688 ----a-w- c:\windows\system32\drmclien.dll

2004-08-11 03:38 . 2004-08-04 05:45 360176 ----a-w- c:\windows\system32\MSSCP.dll

2004-08-11 03:37 . 2003-01-11 03:48 290816 ----a-w- c:\windows\system32\WMDRMNet.dll

2004-08-11 03:37 . 2003-01-11 03:48 344064 ----a-w- c:\windows\system32\WMDRMdev.dll

2004-08-11 03:36 . 2004-08-04 05:45 527360 ----a-w- c:\windows\system32\drmv2clt.dll

2004-08-11 03:36 . 2004-08-04 05:45 233472 ----a-w- c:\windows\system32\blackbox.dll

2004-08-11 03:36 . 2004-08-04 05:45 141312 ----a-w- c:\windows\system32\msnetobj.dll

2004-08-11 03:36 . 2004-08-04 05:45 95232 ----a-w- c:\windows\system32\drmstor.dll

2004-08-11 02:41 . 2004-08-04 05:45 1027072 ----a-w- c:\windows\system32\wmnetmgr.dll

2004-08-11 02:41 . 2004-08-04 05:45 229376 ----a-w- c:\windows\system32\wmasf.dll

2004-08-11 00:07 . 2004-08-04 05:45 150016 ----a-w- c:\windows\system32\wmidx.dll

2004-08-11 00:07 . 2004-08-04 05:45 6656 ----a-w- c:\windows\system32\laprxy.dll

2004-08-11 00:05 . 2003-01-11 03:48 38912 ----a-w- c:\windows\system32\wpd_ci.dll

2004-08-11 00:05 . 2003-01-11 03:48 327680 ----a-w- c:\windows\system32\wpdsp.dll

2004-08-11 00:05 . 2003-01-11 03:48 331776 ----a-w- c:\windows\system32\wpdmtpdr.dll

2004-08-11 00:05 . 2003-01-11 03:48 18944 ----a-w- c:\windows\system32\drivers\wpdusb.sys

2004-08-11 00:05 . 2003-01-11 03:48 66560 ----a-w- c:\windows\system32\wpdmtpus.dll

2004-08-11 00:05 . 2003-01-11 03:48 114176 ----a-w- c:\windows\system32\wpdmtp.dll

2004-08-11 00:05 . 2003-01-11 03:48 61952 ----a-w- c:\windows\system32\wpdconns.dll

2004-08-11 00:05 . 2003-01-11 03:48 10752 ----a-w- c:\windows\system32\wpdtrace.dll

2004-08-11 00:05 . 2003-01-11 03:48 47104 ----a-w- c:\windows\system32\uwdf.exe

2004-08-11 00:05 . 2003-01-11 03:48 38912 ----a-w- c:\windows\system32\wdfmgr.exe

2004-08-11 00:05 . 2003-01-11 03:48 15872 ----a-w- c:\windows\system32\wdfapi.dll

2004-08-10 23:52 . 2004-08-04 05:45 20480 ----a-w- c:\windows\system32\wmpui.dll

2004-08-10 23:52 . 2004-08-04 05:45 20480 ----a-w- c:\windows\system32\wmpcore.dll

2004-08-10 23:52 . 2004-08-04 05:45 20480 ----a-w- c:\windows\system32\wmpcd.dll

2004-08-10 23:46 . 2004-08-04 05:45 96768 ----a-w- c:\windows\system32\logagent.exe

2004-08-04 06:40 . 2003-01-11 01:30 1014492 ----a-r- c:\windows\SET3.tmp

2004-08-04 06:34 . 2003-01-11 01:30 14043 ----a-r- c:\windows\SET8.tmp

2004-08-04 06:31 . 2003-01-11 01:30 1086058 ----a-r- c:\windows\SET4.tmp

2004-08-04 05:44 . 2004-08-04 05:44 563712 ----a-w- c:\windows\system32\shdoclc.dll

2004-08-04 05:41 . 2003-01-11 03:43 73472 ----a-w- c:\windows\system32\drivers\sr.sys

2004-08-04 05:34 . 2003-01-11 03:40 44544 ----a-w- c:\windows\system32\tscupgrd.exe

2004-08-04 05:34 . 2003-01-11 03:40 409088 ----a-w- c:\windows\system32\mstsc.exe

2004-08-04 04:01 . 2003-01-11 03:43 124800 ----a-w- c:\windows\system32\drivers\fltMgr.sys

2004-08-04 04:00 . 2003-01-11 01:31 11264 ----a-w- c:\windows\system32\drivers\irenum.sys

2004-07-20 18:24 . 2003-01-01 02:21 471040 ------w- c:\windows\system32\ImagXRA7.dll

2004-07-20 18:24 . 2003-01-01 02:21 476320 ------w- c:\windows\system32\ImagXpr7.dll

2004-07-20 18:24 . 2003-01-01 02:21 262144 ------w- c:\windows\system32\ImagXR7.dll

2004-07-20 18:24 . 2003-01-01 02:21 1568768 ------w- c:\windows\system32\ImagX7.dll

2004-07-17 16:34 . 2001-10-28 12:06 358976 ----a-w- c:\windows\system32\msjetoledb40.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2009-12-31 14:53 2349080 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]

"nwiz"="nwiz.exe" [2005-06-15 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2004-11-19 1466480]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-29 333088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5182:TCP"= 5182:TCP:tfodd

 

S2 shzhyvec;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [4/8/2004 03:45 14336]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/2/2010 01:29 27064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

shzhyvec

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe

AddRemove-CCleaner - c:\documents and settings\Administrador\Desktop\PESQUISA NET\CCleaner\uninst.exe

AddRemove-HijackThis - c:\docume~1\ADMINI~1\CONFIG~1\Temp\Diretório temporário 1 para HiJackThis.zip\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2003-01-01 04:28

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\shzhyvec]

"ServiceDll"="c:\windows\system32\fcifx.dll"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b9,2d,80,51,dd,69,d7,3f,b2,6e,1f,5c,06,36,ae,35,de,3c,e9,5e,79,56,d9,

09,6f,a1,7a,b6,dc,be,a6,5f,58,62,98,37,e0,f2,ce,34,37,7f,68,cf,2b,34,82,fd,\

"??"=hex:e4,4e,6e,26,26,5a,18,00,4b,0f,c5,d1,96,3b,60,e3

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Ahead\InCD\InCDsrv.exe

c:\documents and settings\All Users\Dados de aplicativos\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\UAService7.exe

c:\windows\SOUNDMAN.EXE

c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Tempo para conclusão: 2003-01-01 04:30:56 - Máquina reiniciou

ComboFix-quarantined-files.txt 2003-01-01 06:30

 

Pré-execução: 9.980.018.688 bytes disponíveis

Pós execução: 12 pasta(s) 10.176.081.920 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 6C09E72953FE25F820FC8328D85D4B80

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\windows\system32\fcifx.dll

Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\shzhyvec]

NetSvc::

shzhyvec

Driver::

shzhyvec

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N ou 2.

 

*Cole o relatório criado em C:\combofix.txt

[nina_michely 0]

Olá esta aí feito...

ComboFix 10-02-23.03 - Administrador 23/02/2010 15:23:09.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.511.221 [GMT -3:00]

Executando de: C:\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\cfscript.txt

 

FILE ::

"c:\windows\system32\fcifx.dll"

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-01-23 to 2010-02-23 ))))))))))))))))))))))))))))

.

 

2010-02-23 20:27 . 2010-02-23 20:27 -------- d-----w- c:\arquivos de programas\Conduit

2010-02-23 20:26 . 2003-01-01 05:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2010-02-23 20:26 . 2003-01-01 05:05 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-02-23 17:56 . 2010-02-23 17:57 -------- d-----w- c:\windows\system32\I8J2HXVZ

2010-02-23 14:46 . 2010-02-23 14:47 -------- d-----w- c:\windows\system32\9S2FH3TU

2010-02-23 14:45 . 2010-02-23 17:56 262168 --sh--w- c:\windows\system32\osesclib.dll

2010-02-23 14:45 . 2010-02-23 14:45 12136 ----a-w- c:\windows\system32\drivers\tcpz-x86d.sys

2010-02-23 14:45 . 2010-02-23 14:45 201240 --sh--w- c:\windows\system32\osesvstart.dll

2010-02-23 14:44 . 2010-02-23 14:45 -------- d-----w- c:\windows\system32\iB

2010-02-23 03:39 . 2010-02-23 03:40 -------- d-----w- c:\documents and settings\Administrador\Contacts

2010-02-23 03:29 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-02-23 03:29 . 2010-02-23 03:29 -------- d-----w- c:\arquivos de programas\VS Revo Group

2010-02-22 22:16 . 2010-02-22 22:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\PowerChallenge

2010-02-17 15:36 . 2003-01-01 07:14 -------- d-----w- c:\arquivos de programas\Windows Live

2010-02-15 19:25 . 2010-02-15 19:25 -------- d-----w- c:\documents and settings\Administrador\MSN

2010-02-15 19:19 . 2010-02-17 16:05 -------- d-----w- c:\documents and settings\Administrador\Tracing

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-23 18:01 . 2010-01-21 12:54 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HPAppData

2010-02-23 17:55 . 2009-10-03 01:06 -------- d-----w- c:\arquivos de programas\Vivo 3G

2010-02-23 04:44 . 2001-10-28 12:07 58998 ----a-w- c:\windows\system32\perfc016.dat

2010-02-23 04:44 . 2001-10-28 12:07 406986 ----a-w- c:\windows\system32\perfh016.dat

2010-02-17 19:29 . 2003-01-01 07:02 -------- d-----w- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2010-01-31 16:49 . 2003-01-01 02:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-01-23 16:01 . 2010-01-23 16:01 15256 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\IdentityCRL\ppcrlconfig.dll

2010-01-20 11:46 . 2010-01-20 11:36 169382 ----a-w- c:\windows\hpoins37.dat

2010-01-20 11:42 . 2010-01-08 18:01 -------- d-----w- c:\arquivos de programas\HP

2010-01-20 11:41 . 2010-01-08 18:02 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP

2010-01-20 11:41 . 2010-01-20 11:41 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\HP Product Assistant

2010-01-20 11:40 . 2010-01-20 11:40 -------- d-----w- c:\arquivos de programas\Arquivos comuns\HP

2010-01-20 11:20 . 2003-01-01 07:00 -------- d-----w- c:\arquivos de programas\epson

2010-01-20 11:08 . 2010-01-20 11:07 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HpUpdate

2010-01-08 18:24 . 2010-01-08 18:09 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\HP

2010-01-08 18:09 . 2010-01-08 18:09 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WEBREG

2010-01-08 18:02 . 2010-01-08 18:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Hewlett-Packard

2009-11-29 14:19 . 2009-11-29 14:19 10134 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2003-01-01_06.28.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-10-18 13:31 . 2007-10-18 13:31 51224 c:\windows\system32\sirenacm.dll

- 2001-10-28 12:07 . 2003-01-01 03:03 50532 c:\windows\system32\perfc009.dat

+ 2001-10-28 12:07 . 2010-02-23 04:44 50532 c:\windows\system32\perfc009.dat

+ 2010-02-23 14:45 . 2010-02-23 14:45 49152 c:\windows\system32\iB\J001.exe

+ 2010-02-23 14:46 . 2010-02-23 14:46 49152 c:\windows\system32\9S2FH3TU\J001.exe

- 2010-02-23 03:38 . 2010-02-23 03:38 29926 c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

+ 2003-01-01 07:44 . 2003-01-01 07:44 29926 c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

+ 2006-06-05 16:14 . 2006-06-05 16:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

+ 2006-06-05 16:14 . 2006-06-05 16:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

+ 2006-06-05 16:14 . 2006-06-05 16:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2001-10-28 12:07 . 2010-02-23 04:44 374064 c:\windows\system32\perfh009.dat

- 2001-10-28 12:07 . 2003-01-01 03:03 374064 c:\windows\system32\perfh009.dat

+ 2003-01-01 07:44 . 2003-01-01 07:44 805376 c:\windows\Installer\45fbd9.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2009-12-31 14:53 2349080 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]

"nwiz"="nwiz.exe" [2005-06-15 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\arquivos de programas\Ahead\InCD\InCD.exe" [2004-11-19 1466480]

"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

Adobe Gamma.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Ferramenta de Verifica‡Æo de M¡dia do PMB.lnk - c:\arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-29 333088]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

 

R2 OseSrv;Office Source Engine Service;c:\windows\System32\svchost.exe -k OseSrv [4/8/2004 02:45 14336]

R2 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\drivers\tcpz-x86d.sys [23/2/2010 11:45 12136]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/2/2010 00:29 27064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

OseSrv REG_MULTI_SZ OseSrv 2Ó È2Ó … osesclib.dll get.setheo.com in.setheo.com D¢ .?AVbad_exception@std@@

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: {ED8AABF9-CAE5-461A-B1C4-CD0DEC65D85E} = 200.142.130.202 200.220.254.43

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-23 15:27

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

? [46292]

? [27064]

? [42460]

? [47928]

? [52192]

? [52200]

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b9,2d,80,51,dd,69,d7,3f,b2,6e,1f,5c,06,36,ae,35,de,3c,e9,5e,79,56,d9,

09,6f,a1,7a,b6,dc,be,a6,5f,58,62,98,37,e0,f2,ce,34,37,7f,68,cf,2b,34,82,fd,\

"??"=hex:e4,4e,6e,26,26,5a,18,00,4b,0f,c5,d1,96,3b,60,e3

.

Tempo para conclusão: 2010-02-23 15:29:02

ComboFix-quarantined-files.txt 2010-02-23 18:29

 

Pré-execução: 9.002.205.184 bytes disponíveis

Pós execução: 8.976.629.760 bytes disponíveis

 

- - End Of File - - 25EF3FF3ECE2FAB86CA28E5A5CFDA4E5

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

 

*Clique [OK]

 

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades (C:\ e D:\) a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Selecione todos os resultados e clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[nina_michely 0]

Olá...

gostaria que você me falasse para serve esse ultimo procedimento....

será que desta vez\ resolveremos isso...

pq a droga (desculpe) do msn.. demora muito pra abri a janela...

e qndo abre sempre vem com erro....

sempre tenho q reeniciar a net...

e pq esses apareceu dois itens que não puderam ser removidos...

c:windows/sisten32/osesvstart.dll....

c:windows/sisten32/osesclib.dll...

Obrigada...

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3787

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

24/2/2010 01:49:39

mbam-log-2010-02-24 (01-49-39).txt

 

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 160252

Tempo decorrido: 40 minute(s), 4 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 2

Chaves do Registro infectadas: 0

Valores do Registro infectados: 1

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 13

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

c:\WINDOWS\system32\osesvstart.dll (Malware.Packer) -> Delete on reboot.

C:\WINDOWS\system32\osesclib.dll (Malware.Packer) -> Delete on reboot.

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

c:\WINDOWS\system32\osesvstart.dll (Malware.Packer) -> Delete on reboot.

C:\WINDOWS\system32\osesclib.dll (Malware.Packer) -> Delete on reboot.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\5HAL92CQ\A12[1].exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\5HAL92CQ\A12[2].exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\MYZSDPAA\scanner[1].zip (Malware.Packer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051473.dll (Malware.Packer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051696.dll (Malware.Packer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051702.dll (Malware.Packer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{6EFF6F13-6019-4978-8DBE-747F996AC0C8}\RP76\A0051711.dll (Malware.Packer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\0N317HYS\A12.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TQIJQQTV\A12.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\L2SYON1V\A12.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\L8RH2D8G\A12.exe (Malware.Packer) -> Quarantined and deleted successfully.

[wings 22]

1.

*Reinicie o PC

 

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

3.

Repita o scan com o malwarebytes e informe se algo foi encontrado.

 

4.

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término

*Retire o CD e reinicie o PC

 

5.

*Baixe o ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner.exe

*Em Main selecione [select all]

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera, também, siga os procedimentos abaixo:

*Em "Firefox" ou em "Opera" clique em [select all] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique [Empty Selected] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique em [Exit] ou no [X] para sair do programa

 

6.

*Faça o download e instale o CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.

 

 

7.

*Caso o problema com o MSN persista...leia aqui:

http://www.guiadohardware.net/comunidade/messenger-dica/1015221/

 

 

Um abraço.

[nina_michely 0]

1.

*Reinicie o PC

 

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

3.

Repita o scan com o malwarebytes e informe se algo foi encontrado.

 

4.

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término

*Retire o CD e reinicie o PC

 

5.

*Baixe o ATF'>http://www.atribune.org/ccount/click.php?id=1"]ATF Cleaner e salve-o no desktop

*Duplo clique em ATF-Cleaner.exe

*Em Main selecione [select all]

*Clique em [Empty Selected]

=>Caso use Firefox ou Opera, também, siga os procedimentos abaixo:

*Em "Firefox" ou em "Opera" clique em [select all] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique [Empty Selected] ( se você deseja manter suas passwords clique No, caso contrário clique Yes).

*Clique em [Exit] ou no [X] para sair do programa

 

6.

*Faça o download e instale o CCleaner'>http://www.ccleaner.com/download/builds/downloading-slim"]CCleaner

*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

Use regularmente os programas ATF-Cleaner e CCleaner para manter o PC em ordem.

 

 

7.

*Caso o problema com o MSN persista...leia aqui:

http://www.guiadohardware.net/comunidade/messenger-dica/1015221/

 

 

Um abraço.

[nina_michely 0]

Olá....

Mas não tenho mas o CD de instalação...

oq eu devo fazer agora?