[Resolvido!] Malware/Vírus

[DigoMS 0]

Estou com um problema no meu PC, quando eu desinstalei meu AVG e resolvi instalar o AVAST foi detectado esse virus win32:rootkit-gen. Não sei o que fazer para retirá-lo. Quando eu entro no Internet Explorer ele fica um tempo nele mas depois fecha a janela sozinha. Gostaria de instruções por favor. Tenho o HiJackthis segue abaixo meu log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:20:08, on 6/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\svchost.exe

C:\Documents and Settings\user\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1A312467-8E7C-4BE9-864A-5F70956C19AE} - (no file)

O2 - BHO: Flash Video Decoder for SWF - {1ADE72B3-5E0F-44CE-9F3E-E46A3CC0BF16} - C:\WINDOWS\system32\flash10swf.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 7560 bytes

[wings 22]

Bom dia.....

 

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[DigoMS 0]

Tive que fazer o download por outro computador que possuo pois o computador infectado agora não está nem entrando na internet (acho que esse win32 fez alguma coisa no meu pc pois a conecção está sendo dada como nula ou limitada e não está sendo reparada através do "reparar" da conecção local).

 

SEGUE ABAIXO O LOG:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4052

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

6/5/2010 19:12:03

mbam-log-2010-05-06 (19-12-03).txt

 

Tipo de Verificação: Verificação Completa (A:\|C:\|D:\|E:\|F:\|)

Objetos escaneados: 179834

Tempo decorrido: 32 minuto(s), 29 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 4

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 1

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\dark (Trojan.Banker) -> Quarantined and deleted successfully.

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Documents and Settings\user\Meus documentos\Downloads\The Sims 2 Coleção Completa\EA Games Keygen v.157.exe (Trojan.Orsam) -> Quarantined and deleted successfully.

[wings 22]

*Desative temporariamente seu antivírus

 

Clique com o botão direito do mouse no ícone do Avast que fica rodando ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

 

*Execute o Combofix e aceite o contrato

 

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

 

 

*Clique em [sIM] para continuar.

 

 

*Aguarde a conclusão de todas as etapas

 

 

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

 

*Cole o relatório criado em C:\combofix.txt

[DigoMS 0]

Eu fiz tudo que foi recomendado, porém ao inicializar o Combofix foi pedido para certificar-me de que a internet estava conectada, mas como eu ja havia dito a conecção parece ter sido afetada pelo virus e está apresentando "conectividade nula ou limitada".

Existem 3 computadores em minha casa e nenhum deles apresenta o mesmo erro de conecçao, portanto não há problema com o servidor(internet).

[wings 22]

1.

*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Aguarde até surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

 

2.

*Baixe o OTL e salve-o no desktop

*Duplo clique em OTL.exe

*Selecione as opções abaixo:

 

[x] Scan All Users

[x[ Minimal Output

[x] Use Company Name WhiteList

[x] Skip Microsoft Files

[x] LOP Check

[x] Purity Check

*Em Custom Scans/Fixes cole o código abaixo:

 

safebootminimal

safebootnetwork

drivers32

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

/md5stop

%systemroot%\*. /mp /s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

netsvcs

*Clique em [Run Scan] e aguarde o término do processo

*Dois relatórios serão criados no desktop chamados: OTL.txt e Extras.txt

*Cole o relatório OTL.txt

[DigoMS 0]

OTL logfile created on: 7/5/2010 13:38:48 - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 84,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 95,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 232,88 Gb Total Space | 152,45 Gb Free Space | 65,47% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 3,72 Gb Total Space | 0,50 Gb Free Space | 13,47% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: USER

Current User Name: user

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NMIndexingService) -- File not found

SRV - (gusvc) -- File not found

SRV - (avast! Web Scanner) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Antivirus) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (gameenum) Crystal SoundFusion -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (cwcwdm) Crystal SoundFusion -- C:\WINDOWS\system32\drivers\cwcwdm.sys (Crystal Semiconductor Corp.)

DRV - (cwcspud) Crystal SoundFusion -- C:\WINDOWS\system32\drivers\cwcspud.sys (Crystal Semiconductor Corp.)

DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1177238915-484763869-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-1177238915-484763869-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

[2009/07/10 08:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\Mozilla\Extensions

[2009/07/10 08:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

 

O1 HOSTS File: ([2009/12/18 11:44:48 | 000,366,503 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 12612 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Flash Video Decoder for SWF) - {1ADE72B3-5E0F-44CE-9F3E-E46A3CC0BF16} - C:\WINDOWS\system32\flash10swf.dll ( )

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.

O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1177238915-484763869-682003330-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1177238915-484763869-682003330-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1177238915-484763869-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1177238915-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1177238915-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1177238915-484763869-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/16 18:47:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - File not found

SafeBootNet: nm.sys - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/06/16 18:46:54 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/05/07 13:31:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2010/05/07 01:02:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/05/07 00:44:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/06 18:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dados de aplicativos\Malwarebytes

[2010/05/06 18:37:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/06 18:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/05/06 18:37:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/06 18:37:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/05/05 17:35:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2010/05/05 01:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2010/05/05 01:18:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger Plus! Live

[2010/05/04 21:14:53 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\HijackThis.exe

[2010/05/04 19:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sun

[2010/05/04 19:26:37 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java

[2010/04/30 04:52:17 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/04/30 04:52:16 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/04/30 04:52:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/04/30 04:52:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/04/30 04:52:12 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/04/30 04:52:12 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/04/30 04:52:12 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/04/30 04:52:02 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/04/30 04:52:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010/04/30 04:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2010/04/30 04:51:55 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Alwil Software

[2010/04/30 04:47:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/04/30 04:15:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2010/04/30 04:15:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive

[2010/04/30 04:15:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live

[2010/04/28 23:18:09 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\EA GAMES

[2010/04/28 23:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Meus documentos\EA Games

[2010/04/28 23:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\EA Games

[2010/04/28 23:06:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DAEMON Tools

[2010/04/28 16:35:33 | 001,045,504 | ---- | C] ( ) -- C:\WINDOWS\System32\flash10swf.dll

[2010/04/28 16:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Meus documentos\Marina

[2010/04/24 04:32:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Asprate

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/05/07 13:29:12 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/05/07 13:27:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/07 13:27:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/07 13:26:02 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT

[2010/05/07 13:26:02 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini

[2010/05/07 12:43:40 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2010/05/07 01:37:59 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\este2.bmp

[2010/05/07 01:28:22 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A61EDCF2-D0BB-4927-8B1C-32F851527B59}.job

[2010/05/07 01:10:03 | 000,000,626 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2010/05/07 01:10:03 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/05/07 01:04:55 | 000,000,558 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/07 01:04:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/05/07 01:01:35 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Atalho para ComboFix.lnk

[2010/05/07 00:30:18 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\este.bmp

[2010/05/06 18:37:12 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/06 15:24:55 | 001,638,834 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\popopopo.bmp

[2010/05/06 06:21:07 | 000,995,606 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\popopopo2.bmp

[2010/05/06 02:19:02 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/04 02:53:23 | 001,045,504 | ---- | M] ( ) -- C:\WINDOWS\System32\flash10swf.dll

[2010/05/03 19:27:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/02 02:53:57 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\user\Desktop\The Sims 2 Vida de Apartamento.lnk

[2010/04/30 15:57:03 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Windows Live Messenger .lnk

[2010/04/30 04:52:17 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/04/30 04:52:13 | 000,003,018 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/04/30 03:56:26 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/29 14:56:31 | 002,929,682 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\jghjgh.bmp

[2010/04/29 02:19:25 | 008,562,830 | -H-- | M] () -- C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\IconCache.db

[2010/04/29 01:30:10 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2010/04/28 23:06:42 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk

[2010/04/28 02:22:11 | 001,638,834 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\Primeiro Andar.bmp

[2010/04/27 15:56:32 | 001,086,586 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/27 15:56:32 | 000,476,876 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/04/27 15:56:32 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/04/27 15:56:32 | 000,082,770 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/04/27 15:56:32 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/04/27 00:44:22 | 001,638,834 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\larara.bmp

[2010/04/25 06:06:33 | 001,638,834 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\ghjgh.bmp

[2010/04/25 04:55:38 | 000,995,606 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\Segundo Andar.bmp

[2010/04/18 22:41:15 | 000,116,004 | ---- | M] () -- C:\Documents and Settings\user\Meus documentos\Planta.gif

[2010/04/14 13:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010/04/14 13:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/04/14 13:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/04/14 13:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/04/14 13:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/04/14 13:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/04/14 13:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/04/14 13:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/04/14 13:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/05/07 01:01:35 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Atalho para ComboFix.lnk

[2010/05/06 18:37:12 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/06 15:26:07 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\este2.bmp

[2010/05/06 15:25:22 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\este.bmp

[2010/05/06 06:16:58 | 000,995,606 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\popopopo2.bmp

[2010/05/06 06:07:34 | 001,638,834 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\popopopo.bmp

[2010/05/02 01:58:52 | 000,350,720 | ---- | C] () -- C:\Documents and Settings\user\Desktop\hjsplit.exe

[2010/04/30 15:57:03 | 000,001,871 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Windows Live Messenger .lnk

[2010/04/30 04:52:17 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/04/29 22:21:01 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\user\Desktop\The Sims 2 Vida de Apartamento.lnk

[2010/04/28 23:06:42 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools.lnk

[2010/04/28 16:35:33 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\flash10swf.usr

[2010/04/28 16:35:33 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\flash10swf.cfg

[2010/04/27 00:44:22 | 001,638,834 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\larara.bmp

[2010/04/20 00:08:47 | 001,638,834 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\Primeiro Andar.bmp

[2010/04/20 00:08:47 | 001,638,834 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\ghjgh.bmp

[2010/04/20 00:08:27 | 000,995,606 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\Segundo Andar.bmp

[2010/04/18 22:50:05 | 000,116,004 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\Planta.gif

[2010/04/10 23:55:13 | 002,929,682 | ---- | C] () -- C:\Documents and Settings\user\Meus documentos\jghjgh.bmp

[2009/09/13 23:10:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI

[2009/06/24 18:06:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/06/17 13:54:47 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/06/16 18:55:31 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/06/16 18:55:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/06/16 18:55:30 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/06/16 18:55:30 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/06/16 18:55:29 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/06/16 18:55:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/06/28 13:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/28 13:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/28 13:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/28 13:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/28 13:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

 

========== LOP Check ==========

 

[2010/04/30 04:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2009/08/29 23:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2010/01/23 08:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts

[2009/09/14 03:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\KB Piano

[2010/05/05 01:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2009/09/12 18:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/08/29 23:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\DAEMON Tools Lite

[2009/06/17 07:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\GrabPro

[2009/11/14 06:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\LimeWire

[2009/07/06 06:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\Orbit

[2009/09/14 02:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\Synthesia

[2010/04/20 05:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\Tibia

[2010/05/05 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dados de aplicativos\uTorrent

[2010/05/07 01:28:22 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A61EDCF2-D0BB-4927-8B1C-32F851527B59}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/10/21 00:09:25 | 018,869,654 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2008/10/21 00:09:25 | 018,869,654 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/13 08:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 08:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 16:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 16:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/13 16:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2008/04/13 16:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 16:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/13 16:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2008/04/13 16:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 16:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/13 16:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-30 07:14:34

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:4F0FFA06

< End of report >

[wings 22]

Não vejo nenhum sinal de contaminação....

 

1.

*Execute o OTL novamente e clique em "CleanUp"

 

2.

*Baixe o RSIT e salve-o no desktop

*Duplo clique em RSIT

*Clique em [Continue]

*Ao término do processo, cole o relatório criado em C:\rsit\log.txt

[DigoMS 0]

Poxa ok entao, mas o que eu faço pra minha internet voltar ao normal ?? Estava tudo otimo e dps q esse virus apareceu a internet parou de funcionar. Primeiramente usando o IE as paginas eram fexadas sozinhas, entao instalei o Google Crome(por este estava tudo indo bem até que depois a internet ficou sendo apresentada com conectividade nula, não permitindo mais minha conceção com a internet) por sua vez meu google crome em um certo momento foi deletado sozinho, possivelmente por algum desses programas instalados (Combofix,etc ...) durante a eliminação do virus win32. Estou sendo MUITO grato pela sua ajuda wings espero conseguirmos resolver essa questão da conectividade.

 

segue abaixo o relatorio pedido !

 

Logfile of random's system information tool 1.07 (written by random/random)

Run by user at 2010-05-07 15:44:14

Microsoft Windows XP Professional Service Pack 3

System drive C: has 156 GB (65%) free of 238 GB

Total RAM: 2047 MB (80% free)

 

HijackThis download failed

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{A61EDCF2-D0BB-4927-8B1C-32F851527B59}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ADE72B3-5E0F-44CE-9F3E-E46A3CC0BF16}]

Flash Video Decoder for SWF - C:\WINDOWS\system32\flash10swf.dll [2010-05-04 1045504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-05-04 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-04 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"nwiz"=C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-16 13877248]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-16 86016]

"avast5"=C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-02-18 248040]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Arquivos de programas\DAEMON Tools\daemon.exe [2007-09-18 171464]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\user\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe [2010-05-04 136176]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-13 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2006-05-15 2879488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-06-29 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\uTorrent\uTorrent.exe"="C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe"="C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2010-05-07 15:44:14 ----D---- C:\rsit

2010-05-07 15:44:14 ----D---- C:\Arquivos de programas\trend micro

2010-05-07 01:02:00 ----SHD---- C:\RECYCLER

2010-05-07 00:44:13 ----D---- C:\WINDOWS\ERDNT

2010-05-06 18:37:20 ----D---- C:\Documents and Settings\user\Dados de aplicativos\Malwarebytes

2010-05-06 18:37:09 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2010-05-06 18:37:08 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2010-05-05 01:18:18 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2010-05-05 01:18:02 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2010-05-04 19:26:39 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Sun

2010-05-04 19:26:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Java

2010-05-04 19:26:15 ----A---- C:\WINDOWS\system32\javaws.exe

2010-05-04 19:26:15 ----A---- C:\WINDOWS\system32\javaw.exe

2010-05-04 19:26:15 ----A---- C:\WINDOWS\system32\java.exe

2010-05-04 19:26:15 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-04-30 04:52:02 ----A---- C:\WINDOWS\system32\aswBoot.exe

2010-04-30 04:51:55 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2010-04-30 04:51:55 ----D---- C:\Arquivos de programas\Alwil Software

2010-04-30 04:47:46 ----D---- C:\WINDOWS\pss

2010-04-30 04:15:51 ----D---- C:\Arquivos de programas\Microsoft

2010-04-30 04:15:25 ----D---- C:\Arquivos de programas\Windows Live SkyDrive

2010-04-30 04:15:01 ----D---- C:\Arquivos de programas\Windows Live

2010-04-30 04:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-30 04:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-30 04:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$

2010-04-30 04:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-30 04:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-30 04:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-30 04:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-28 23:18:09 ----D---- C:\Arquivos de programas\EA GAMES

2010-04-28 23:06:42 ----D---- C:\Arquivos de programas\DAEMON Tools

2010-04-28 16:35:33 ----A---- C:\WINDOWS\system32\flash10swf.dll

2010-04-24 04:32:01 ----D---- C:\Arquivos de programas\Asprate

 

======List of files/folders modified in the last 1 months======

 

2010-05-07 15:44:14 ----RD---- C:\Arquivos de programas

2010-05-07 15:43:58 ----D---- C:\WINDOWS\Prefetch

2010-05-07 15:40:57 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-07 15:40:57 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-05-07 13:42:10 ----D---- C:\WINDOWS\Temp

2010-05-07 13:30:08 ----SHD---- C:\System Volume Information

2010-05-07 13:30:08 ----D---- C:\WINDOWS\system32\Restore

2010-05-07 13:29:16 ----D---- C:\WINDOWS

2010-05-07 01:10:03 ----A---- C:\WINDOWS\system.ini

2010-05-07 01:04:55 ----SH---- C:\boot.ini

2010-05-07 01:04:55 ----A---- C:\WINDOWS\win.ini

2010-05-07 00:50:10 ----SD---- C:\WINDOWS\Tasks

2010-05-07 00:49:35 ----D---- C:\WINDOWS\system

2010-05-07 00:48:41 ----D---- C:\WINDOWS\system32\drivers

2010-05-07 00:48:41 ----D---- C:\WINDOWS\system32

2010-05-07 00:48:41 ----D---- C:\WINDOWS\AppPatch

2010-05-07 00:48:34 ----D---- C:\Arquivos de programas\Arquivos comuns

2010-05-06 19:14:36 ----D---- C:\WINDOWS\addins

2010-05-06 02:18:34 ----HD---- C:\WINDOWS\inf

2010-05-05 17:42:06 ----D---- C:\Documents and Settings\user\Dados de aplicativos\uTorrent

2010-05-05 15:20:03 ----D---- C:\Arquivos de programas\Tibia

2010-05-04 19:26:39 ----SHD---- C:\WINDOWS\Installer

2010-05-04 19:25:44 ----D---- C:\Arquivos de programas\Java

2010-04-30 04:58:21 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe

2010-04-30 04:52:09 ----D---- C:\WINDOWS\WinSxS

2010-04-30 04:49:50 ----D---- C:\WINDOWS\Debug

2010-04-30 04:46:36 ----D---- C:\Arquivos de programas\Yahoo!

2010-04-30 04:43:48 ----SD---- C:\Documents and Settings\user\Dados de aplicativos\Microsoft

2010-04-30 04:15:38 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2010-04-30 04:15:37 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2010-04-30 04:14:33 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-04-30 04:14:06 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-30 03:56:26 ----A---- C:\WINDOWS\avisplitter.INI

2010-04-30 03:41:25 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Norton

2010-04-30 03:41:23 ----D---- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

2010-04-29 01:30:10 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2010-04-28 23:08:22 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2010-04-28 02:07:43 ----D---- C:\WINDOWS\system32\wmpnet

2010-04-27 15:56:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-21 16:43:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-04-20 05:02:37 ----D---- C:\Documents and Settings\user\Dados de aplicativos\Tibia

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]

R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Protocolo de transporte compatível; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-28 63232]

R2 NwlnkSpx;Protocolo NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-28 55936]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]

R3 cwcspud;Crystal SoundFusion Driver; C:\WINDOWS\system32\drivers\cwcspud.sys [2001-08-17 111872]

R3 cwcwdm;Crystal SoundFusion WDM Driver; C:\WINDOWS\system32\drivers\cwcwdm.sys [2001-08-17 93952]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-13 4299264]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

S3 PciCon;PciCon; \??\D:\PciCon.sys []

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-06-29 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-06-29 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-29 721904]

S4 sr;Driver de filtro de restauração do sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 avast! Antivirus;avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-05-04 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-16 168004]

R2 NWCWorkstation;Serviço de cliente para NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe [2007-05-13 272024]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Software Updater; C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe []

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NMIndexingService;NMIndexingService; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe []

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

Faça o seguinte:

 

1.

*Clique em [iniciar] > [Executar] > digite: sfc /scannow

 

*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC

 

2.

*Dê uma olhada nas propriedades de sua conexão de rede. Veja se o IP foi mudado.

 

3.

*Dê uma olhada aqui também:

http://forum.clubedohardware.com.br/conectividade-nula-limitada/663989

[DigoMS 0]

AEEEEE Consegui voltar a ativa ! Arrumamos o problema está tudo ok agora muitoooo obrigado wings !!

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.