Ajuda para remover rootkit

por luiz.eng Qui 14 Jan 2010, 18:19

Olá,
Tenho o avast anti-vírus e toda vez que ligo o computador ele detecta o seguinte vírus:Win32: Rootkit-gen [Rtk], nas pastas C:\Documents and Settings\Luiz Fernando - arquivo: update.exe e na pasta C:\Documents and Settings\Luiz Fernando\Configurações locais\Temporary Internet Files\Content.IE5 - arquivo: main[1].jav.
E também aparece uma mensagem dizendo que o explorer.exe precisa ser finalizado.
Tá aí o log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:42, on 14/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\system32\ctfmon.exe
C:\windows\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 10204 bytes

por **Amigo Brasileiro** Qui 14 Jan 2010, 19:27

Olá Luiz!

Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

02 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
________________________________________

Ajuda para remover rootkit 772309

Faça uma atualização (update) do seu antivirus Avast e depois disto faça o seguinte:

Escaneamento no boot com o Avast:
Uma ótima opção é agendar um escaneamento no boot. Para isso, faça o seguinte: clique com o botão direito do mouse sobre o símbolo do Avast (aquele ´´a`` azul que fica rodando ao lado do relógio do Windows e escolha a opção: Iniciar o Antivírus Avast! - Quando a tela principal do Avast aparecer, clique com o botão esquerdo do mouse sobre aquela setinha virada para cima que fica no canto superior esquerdo da tela do Avast e escolha a opção: Agendar escaneamento no boot... - Selecione então as opções: Escanear todos os discos locais, Escanear o conteúdo dos arquivos, Opções avançadas - Solicitar ação. - E aí clique em Agendar. E confirme a reinicialização do computador, então o Avast fará um escaneamento completo do seu computador e a medida em que ele for achando os vírus escolha a opção de desinfectar estes arquivos contaminados ou vá enviando eles para a quarentena. E no caso dos arquivos terem sido enviados para a quarentena, depois de algumas semanas, se o seu computador estiver funcionando normalmente sem estes arquivos que foram para a quarentena, você pode ir na quarentena e excluí-los definitivamente.
______________________________________

Ajuda para remover rootkit 772309

Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log do Malwarebytes juntamente com um novo log do Hijackthis e nos diga como está o seu PC após este procedimento e se algum virus foi removido no escaneamento do Avast.

Ficamos no aguardo.

por luiz.eng Sex 15 Jan 2010, 18:59

Log do Malwarebytes:

Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3569
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15/1/2010 18:20:05
mbam-log-2010-01-15 (18-20-05).txt

Tipo de Verificação: Completa (C:\|)
Objetos verificados: 384598
Tempo decorrido: 2 hour(s), 37 minute(s), 59 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 1
Valores do Registro infectados: 0
Ítens do Registro infectados: 3
Pastas infectadas: 1
Arquivos infectados: 2

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-61we-aax2-5657qwe232788} (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
C:\A1\V1 (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Arquivos infectados:
C:\A1\V1\try.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\A1\V1\DesKTop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:57, on 15/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\VTTimer.exe
C:\windows\system32\S3trayp.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\ARQUIV~1\ENLTV\TVTray.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 10340 bytes

Valeu Alberto! Ajuda para remover rootkit 404338

Então, depois desses procedimentos o pc está mais rápido, com a velocidade normal tanto para a internet quanto para o sistema e o escaneamento no boot feito pelo avast não detectou nada além daqueles dois que citei anteriormente.

É isso, fico no aguardo. Fui
:rindo_atoa:

por **Amigo Brasileiro** Sex 15 Jan 2010, 19:20

Vários problemas foram removidos pelo Malwarebytes.

Ajuda para remover rootkit 772309

Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Salve-o no Desktop (área de trabalho).
* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )
* Feche todas as janelas e execute a ferramenta.
* Ps: A execução, por comando, também é possível:
* Vá em Iniciar --> Executar --> Digite ou cole:
"%userprofile%\desktop\Combofix.exe" /killall

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Clique em Ok.
* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Não possuindo o "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]",aceite optar pela instalação do mesmo.
* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Exclamation

Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.
* Salve-a no Desktop,renomeada como: Kombo.exe
* Ps: Nomeie durante o salvamento,e não após salvá-la!
* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]". <-- Link!
* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.
* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!
* Ps: Para evitar problemas, siga todas as recomendações propostas.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!
* Para finalizar remoções, o ComboFix poderá reiniciar o computador.
* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!
* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!
* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.
<><><><><><><><><><><><>

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

Ficamos no aguardo.

por luiz.eng Sáb 16 Jan 2010, 13:47

Vamos lá

Log do ComboFix:

ComboFix 10-01-15.05 - Luiz Fernando 16/01/2010 13:12:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.894.557 [GMT -2:00]
Executando de: c:\documents and settings\Luiz Fernando\desktop\Combofix.exe
Comandos utilizados :: /killall
AV: avast! antivirus 4.8.1368 [VPS 100116-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db
c:\windows\unins000.dat
c:\windows\unins000.exe

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\$NtServicePackUninstall$\midimap.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-16 to 2010-01-16 ))))))))))))))))))))))))))))
.

2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-01-10 00:20 . 2010-01-16 15:24 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\uTorrent
2009-12-18 11:03 . 2009-12-18 11:03 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\EmailNotifier

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-16 01:55 . 2009-04-19 14:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-01-15 04:06 . 2010-01-10 00:25 -------- d-----w- c:\arquivos de programas\uTorrent
2010-01-14 20:43 . 2009-11-04 00:36 -------- d-----w- c:\arquivos de programas\SkyDrive Explorer
2010-01-13 12:51 . 2008-10-28 18:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-01-11 13:42 . 2008-10-30 17:26 -------- d-----w- c:\arquivos de programas\Google
2010-01-07 18:07 . 2010-01-15 17:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 18:07 . 2010-01-15 17:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 19:53 . 2009-09-13 22:33 -------- d-----w- c:\arquivos de programas\Paint.NET
2009-12-28 14:26 . 2009-12-28 14:26 -------- d-----w- c:\arquivos de programas\Riot
2009-12-19 17:14 . 2009-08-01 16:07 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Media Player Classic
2009-12-19 17:02 . 2009-10-20 06:55 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-19 03:43 . 2009-06-18 17:22 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Megaupload
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier
2009-12-16 18:05 . 2009-12-22 13:46 347136 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 18:05 . 2009-12-22 13:46 340992 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 18:05 . 2009-12-22 13:46 471040 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-16 18:05 . 2009-12-22 13:46 43008 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 18:05 . 2009-12-22 13:46 1452032 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-11 18:00 . 2009-12-19 17:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-10 01:33 . 2001-10-28 15:07 516226 ----a-w- c:\windows\system32\perfh016.dat
2009-12-10 01:33 . 2001-10-28 15:07 101068 ----a-w- c:\windows\system32\perfc016.dat
2009-12-08 03:42 . 2009-11-15 18:26 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\FFSJ
2009-12-03 11:35 . 2008-10-28 18:14 -------- d-----w- c:\arquivos de programas\Realtek
2009-12-03 11:35 . 2008-10-28 18:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-03 02:41 . 2008-10-28 18:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-12-03 02:41 . 2008-10-28 18:56 -------- d-----w- c:\arquivos de programas\CyberLink
2009-12-03 01:27 . 2009-09-15 03:06 -------- d-----w- c:\arquivos de programas\UltraISO
2009-11-29 03:37 . 2009-11-29 03:34 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2009-11-29 03:34 . 2009-07-05 18:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-29 03:33 . 2009-09-14 14:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2009-11-24 23:54 . 2009-05-20 14:53 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-20 14:53 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-20 14:53 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-20 18:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-20 18:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-20 14:53 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-20 14:53 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-20 14:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-20 14:53 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:27 . 2009-11-21 04:27 3644 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 05:27 . 2009-11-21 04:27 3616 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-21 05:27 . 2009-11-21 04:27 219168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-21 05:27 . 2009-11-21 04:27 1412 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-17 22:27 . 2009-12-03 03:56 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 22:27 . 2009-12-03 03:56 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 22:27 . 2009-12-03 03:56 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 22:27 . 2009-12-03 03:56 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 22:27 . 2009-12-03 11:35 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 22:27 . 2009-12-03 03:56 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 22:26 . 2009-12-03 11:35 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 22:26 . 2009-12-03 03:56 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 22:26 . 2009-12-03 03:56 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 21:51 . 2009-12-03 03:56 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-16 14:17 . 2009-11-16 14:17 152576 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 14:16 . 2009-11-16 14:16 79488 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 22:50 . 2009-08-09 04:10 1 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-04 00:36 . 2009-11-04 00:36 9608 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Microsoft\IdentityCRL\Production\WLIDClientConfig.dll
2009-11-02 15:48 . 2009-12-03 11:35 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-11-01 01:30 . 2009-11-01 01:32 38208 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Macromedia\Flash Player\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
2009-11-01 01:30 . 2009-11-01 01:32 38208 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
2009-10-29 07:42 . 2004-08-04 03:45 983040 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 02:54 . 2009-07-09 02:47 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-10-22 03:28 . 2009-01-17 00:18 59824 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 06:37 . 2004-08-04 03:45 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-04-24 04:58 . 2009-01-14 18:54 6144 --sha-w- c:\arquivos de programas\Thumbs.db
2008-04-14 02:21 . 2008-04-14 02:21 1695232 -csha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-22 . 3880B0D645886C3B3B655F27F84601B0 . 6100992 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . E7F8487E8E289B6675E2B6E9ED510412 . 6101504 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\mshtml.dll
[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\mshtml.dll
[7] 2009-04-29 . 113D11427439554DF0E57981AE8DBD60 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-01-16 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\mshtml.dll
[-] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\mshtml.dll
[7] 2008-12-12 . 7523C123CB78B40AA3BB3B904C326F61 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . D388EF3D4F770F75619E7E2FEFADDF49 . 3481600 . . [6.00.2900.5726] . . c:\windows\ie8\mshtml.dll
[-] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\mshtml.dll
[-] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\mshtml.dll
[7] 2008-10-16 . 3DD7F02D69E52490C41D87D22D83384B . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-10-16 . E4BE924880B36CFC55FF91E0A59522B0 . 3088896 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\mshtml.dll
[-] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\mshtml.dll
[7] 2008-08-20 . 96CC847E5BA5E5786DC31E471C7B796F . 3081216 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2008-08-20 . A596CF78E6A33A83326ADB4AF5177C25 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[7] 2008-08-20 . 9772C44A06FF16879D4C48E7189D3FC8 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\mshtml.dll
[-] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\mshtml.dll
[7] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\mshtml.dll

[7] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 89733862C3CE777D821253A842C36291 . 2149376 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . C386F4CDE665591BC504E075ADE0CCDE . 2324992 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . A06AD42BF92BCB0386699AC1352A9045 . 2140160 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . B95BB4F32289D3DFEDB169888FA104E4 . 2406400 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-08-29 . 67E743B7528F2E5D233E865111A92A99 . 983040 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\wininet.dll
[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\wininet.dll
[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\wininet.dll
[7] 2009-04-29 . B023CE89AB2262F4C3323D549E53642E . 670208 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\wininet.dll
[-] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\wininet.dll
[-] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll
[-] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll
[7] 2008-10-16 . A6506D61159AAE4BC72406AAE4779538 . 669184 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 3E3B0B016870B3EEB820EA2EE546BA82 . 813056 . . [6.00.2900.5694] . . c:\windows\ie8\wininet.dll
[-] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll
[-] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll
[7] 2008-08-20 . FE5247936C9BCB765FD16114303F404D . 661504 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2008-08-20 . 9DE49DCD6DB06B195BB6BF48FBFFDAD7 . 669696 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 . 6C73C1A54E445C5687AD6B721EE27EBC . 668672 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\wininet.dll
[-] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\wininet.dll
[7] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\wininet.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 90AFCA87DE42E75E4C0D5FC660006F5C . 2028032 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . 44BDB59E8CB55CCA5FB9FE393D0FE7B0 . 2203648 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 64D6E5AFBB154BC21A2DA135DD739CA0 . 2019840 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8B1B0833705EA0893B60680FF19CA6FB . 2285056 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-01-14 318768]
"Google Update"="c:\documents and settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-11-01 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-27 53248]
"S3Trayp"="S3trayp.exe" [2005-10-27 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TVTray"="c:\arquiv~1\ENLTV\TVTray.exe" [2007-11-08 688128]
"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-29 68592]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-09-22 324943]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Convidado\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\Luiz Fernando\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]
Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-12 07:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-12 07:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Luiz Fernando\\Dados de aplicativos\\Thinstall\\Maple 12\\400000f00002i\\maple.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\MATLAB\\R2008a\\bin\\win32\\MATLAB.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/7/2009 16:17 691696]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [28/10/2008 16:13 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/5/2009 16:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/5/2009 16:10 20560]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [29/10/2008 09:21 557568]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [28/10/2008 16:16 659456]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2009 23:54 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/12/2009 01:56 1684736]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uSearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-File Splitter and Joiner_is1 - c:\windows\unins000.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-01-16 13:22
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

c:\windows\system32\midimap.dll.niwrad 42496 bytes executable

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyz.sys >>UNKNOWN [0x85389938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7554f28
\Driver\ACPI -> ACPI.sys @ 0xf72dccb8
\Driver\atapi -> atapi.sys @ 0xf7271b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf717bbd4
PacketIndicateHandler -> NDIS.sys @ 0xf7169a0d
SendHandler -> NDIS.sys @ 0xf717db40
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\BrOffice.org 3\program\soffice.exe
c:\arquivos de programas\BrOffice.org 3\program\soffice.bin
c:\arquivos de programas\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-16 13:34:17 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-16 15:34

Pré-execução: 9 pasta(s) 33.436.233.728 bytes disponíveis
Pós execução: 13 pasta(s) 33.467.097.088 bytes disponíveis

- - End Of File - - 3EFC9AC7FB13AA504A0534AD855226E0

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:49, on 16/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\VTTimer.exe
C:\windows\system32\S3trayp.exe
C:\ARQUIV~1\ENLTV\TVTray.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 10062 bytes

Aguardo as próximas instruções, valeu!

por **Amigo Brasileiro** Sáb 16 Jan 2010, 14:50

Outros problemas foram removidos pelo Combofix.
____________________________________

Ajuda para remover rootkit 772309

Baixe e execute este programa abaixo para desativar o Bonjour (que é um item desnecessário e que costuma deixar o PC mais lento):
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
____________________________________

Ajuda para remover rootkit 772309

Siga também as dicas destes tutoriais:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________

Ajuda para remover rootkit 772309

Na sua próxima resposta poste o log do Dr. Web CureIt juntamente com um novo log do Hijackthis, o log que estará em C:\mbr.txt, o log que estará em C:\sinowal.txt e nos diga como está o seu Pc depois disto.

Ficamos no aguardo.

por luiz.eng Dom 17 Jan 2010, 12:18

Tá aí:

Dr. Web:

pskill.exe C:\windows\system32 Tool.Prockill Incurável.Eliminado.
C2152591d01\32788R22FWJFW\List-C.bat C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\Cac Provavelmente BATCH.Virus
C2152591d01 C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\21g2k0aa.default\Cac O arquivo contém objectos infectados Movido.
ComboFix.exe\32788R22FWJFW\List-C.bat C:\Documents and Settings\Luiz Fernando\Desktop\ComboFix.exe Provavelmente BATCH.Virus
ComboFix.exe C:\Documents and Settings\Luiz Fernando\Desktop O arquivo contém objectos infectados Movido.
A0203168.exe\___ C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP503\A0203168.exe Adware.MegaBar.3
A0203168.exe C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP503 O arquivo contém objectos infectados Movido.
A0209388.exe C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP526 Win32.HLLW.Autoruner.6554 Eliminado.
A0209656.bat C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP528 Provavelmente BATCH.Virus Incurável.Movido.
A0209831.exe C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP528 Tool.Prockill Incurável.Movido.
A0209832.exe\32788R22FWJFW\List-C.bat C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP528\A0209832.exe Provavelmente BATCH.Virus
A0209832.exe C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP528 O arquivo contém objectos infectados Movido.

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:41, on 17/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\VTTimer.exe
C:\windows\system32\S3trayp.exe
C:\ARQUIV~1\ENLTV\TVTray.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 10089 bytes

MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Sinowal:

Log started....
Unpacking driver

Starting up driver
No Infected Disks found

É isso, valeu! Ajuda para remover rootkit 404338

por **Amigo Brasileiro** Dom 17 Jan 2010, 12:49

Outros problemas foram removidos.
___________________________________

Ajuda para remover rootkit 199787

Você executou o Panda e o Sophos anti-rootkit? Algum problema foi removido por eles?
__________________________________

Ajuda para remover rootkit 772309

Sugiro que imprima ou salve os procedimentos abaixo:

Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::
d:\FXDrv32.sys
Driver::
FXDrv32

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.
___________________________________

Ajuda para remover rootkit 772309

Siga também as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste o conteúdo do log do Norman Malware Cleaner juntamente com um novo log do Hijackthis, o log que estará em C:\ComboFix.txt e nos diga como está o seu PC depois disto.

Ficamos na espera.

por luiz.eng Seg 18 Jan 2010, 01:44

O combofix não conseguiu instalar o console de recuperação, ele baixa mas na hora de instalar ele diz que deu erro na numeração da partição, foi assim nas duas vezes que eu usei o programa, deixei o programa rodar mesmo assim..

Log ComboFix:

ComboFix 10-01-16.04 - Luiz Fernando 17/01/2010 15:02:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.894.439 [GMT -2:00]
Executando de: c:\documents and settings\Luiz Fernando\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Luiz Fernando\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100117-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
"d:\FXDrv32.sys"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\$NtServicePackUninstall$\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FXDRV32
-------\Service_FXDrv32

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-17 to 2010-01-17 ))))))))))))))))))))))))))))
.

2010-01-17 15:24 . 2010-01-17 15:26 -------- dc-h--w- c:\windows\ie8
2010-01-17 13:34 . 2010-01-17 13:34 -------- d-----w- c:\arquivos de programas\Sophos
2010-01-17 13:29 . 2010-01-17 13:29 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys
2010-01-16 19:16 . 2010-01-17 00:38 -------- d-----w- c:\documents and settings\Luiz Fernando\DoctorWeb
2010-01-16 17:40 . 2009-11-09 19:13 241928 ----a-w- C:\antiboot.exe
2010-01-16 17:38 . 2010-01-16 17:38 77312 ----a-w- C:\mbr.exe
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-01-15 17:29 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 19:53 . 2010-01-17 14:08 -------- d-----w- C:\HijackThis
2010-01-12 20:47 . 2010-01-15 20:20 -------- d-----r- C:\A1
2010-01-10 00:25 . 2010-01-15 04:06 -------- d-----w- c:\arquivos de programas\uTorrent
2010-01-10 00:20 . 2010-01-17 16:54 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\uTorrent

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 14:42 . 2008-10-30 17:26 -------- d-----w- c:\arquivos de programas\Google
2010-01-16 01:55 . 2009-04-19 14:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-01-14 20:43 . 2009-11-04 00:36 -------- d-----w- c:\arquivos de programas\SkyDrive Explorer
2010-01-13 12:51 . 2008-10-28 18:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-01-06 19:53 . 2009-09-13 22:33 -------- d-----w- c:\arquivos de programas\Paint.NET
2009-12-19 17:14 . 2009-08-01 16:07 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Media Player Classic
2009-12-19 17:02 . 2009-10-20 06:55 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-19 03:43 . 2009-06-18 17:22 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-12-18 11:03 . 2009-12-18 11:03 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\EmailNotifier
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Megaupload
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier
2009-12-11 18:00 . 2009-12-19 17:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-10 01:33 . 2001-10-28 15:07 516226 ----a-w- c:\windows\system32\perfh016.dat
2009-12-10 01:33 . 2001-10-28 15:07 101068 ----a-w- c:\windows\system32\perfc016.dat
2009-12-08 03:42 . 2009-11-15 18:26 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\FFSJ
2009-12-03 11:35 . 2008-10-28 18:14 -------- d-----w- c:\arquivos de programas\Realtek
2009-12-03 11:35 . 2008-10-28 18:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-03 02:41 . 2008-10-28 18:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-12-03 02:41 . 2008-10-28 18:56 -------- d-----w- c:\arquivos de programas\CyberLink
2009-12-03 01:27 . 2009-09-15 03:06 -------- d-----w- c:\arquivos de programas\UltraISO
2009-11-29 03:37 . 2009-11-29 03:34 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2009-11-29 03:34 . 2009-07-05 18:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-29 03:33 . 2009-09-14 14:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2009-11-24 23:54 . 2009-05-20 14:53 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-20 14:53 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-20 14:53 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-20 18:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-20 18:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-20 14:53 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-20 14:53 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-20 14:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-20 14:53 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:27 . 2009-11-21 04:27 3644 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 05:27 . 2009-11-21 04:27 3616 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-21 05:27 . 2009-11-21 04:27 219168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-21 05:27 . 2009-11-21 04:27 1412 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-17 22:27 . 2009-12-03 03:56 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 22:27 . 2009-12-03 03:56 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 22:27 . 2009-12-03 03:56 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 22:27 . 2009-12-03 03:56 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 22:27 . 2009-12-03 11:35 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 22:27 . 2009-12-03 03:56 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 22:26 . 2009-12-03 11:35 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 22:26 . 2009-12-03 03:56 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 22:26 . 2009-12-03 03:56 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 21:51 . 2009-12-03 03:56 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-16 14:17 . 2009-11-16 14:17 152576 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 14:16 . 2009-11-16 14:16 79488 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 22:50 . 2009-08-09 04:10 1 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-04 00:36 . 2009-11-04 00:36 9608 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Microsoft\IdentityCRL\Production\WLIDClientConfig.dll
2009-11-02 15:48 . 2009-12-03 11:35 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-11-01 01:30 . 2009-11-01 01:32 38208 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Macromedia\Flash Player\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
2009-11-01 01:30 . 2009-11-01 01:32 38208 ----a-w- c:\documents and settings\Default User\Dados de aplicativos\Macromedia\Flash Player\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
2009-10-29 07:42 . 2004-08-04 03:45 983040 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 02:54 . 2009-07-09 02:47 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-10-22 03:28 . 2009-01-17 00:18 59824 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 06:37 . 2004-08-04 03:45 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-04-24 04:58 . 2009-01-14 18:54 6144 --sha-w- c:\arquivos de programas\Thumbs.db
2008-04-14 02:21 . 2008-04-14 02:21 1695232 -csha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3gdr\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3GDR\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3QFE\mshtml.dll
[7] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3qfe\mshtml.dll
[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\mshtml.dll
[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\mshtml.dll
[7] 2009-04-29 . 113D11427439554DF0E57981AE8DBD60 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-01-16 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\mshtml.dll
[-] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\mshtml.dll
[7] 2008-12-12 . 7523C123CB78B40AA3BB3B904C326F61 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . A642771726697CBABB503A0658FA8FEC . 3417600 . . [6.00.2900.5726] . . c:\windows\ie8\mshtml.dll
[-] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\mshtml.dll
[-] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\mshtml.dll
[7] 2008-10-16 . 3DD7F02D69E52490C41D87D22D83384B . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-10-16 . E4BE924880B36CFC55FF91E0A59522B0 . 3088896 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\mshtml.dll
[-] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\mshtml.dll
[7] 2008-08-20 . 96CC847E5BA5E5786DC31E471C7B796F . 3081216 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2008-08-20 . A596CF78E6A33A83326ADB4AF5177C25 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[7] 2008-08-20 . 9772C44A06FF16879D4C48E7189D3FC8 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\mshtml.dll
[-] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\mshtml.dll
[7] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\mshtml.dll

[7] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 89733862C3CE777D821253A842C36291 . 2149376 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . C386F4CDE665591BC504E075ADE0CCDE . 2324992 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . A06AD42BF92BCB0386699AC1352A9045 . 2140160 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . B95BB4F32289D3DFEDB169888FA104E4 . 2406400 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3GDR\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3QFE\wininet.dll
[7] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3gdr\wininet.dll
[7] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3qfe\wininet.dll
[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\wininet.dll
[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\wininet.dll
[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\wininet.dll
[7] 2009-04-29 . B023CE89AB2262F4C3323D549E53642E . 670208 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\wininet.dll
[-] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\wininet.dll
[-] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll
[-] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll
[7] 2008-10-16 . A6506D61159AAE4BC72406AAE4779538 . 669184 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 9F29C9F275FC4DE7F06466EB551A50F3 . 778240 . . [6.00.2900.5694] . . c:\windows\ie8\wininet.dll
[-] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll
[-] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll
[7] 2008-08-20 . FE5247936C9BCB765FD16114303F404D . 661504 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2008-08-20 . 9DE49DCD6DB06B195BB6BF48FBFFDAD7 . 669696 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 . 6C73C1A54E445C5687AD6B721EE27EBC . 668672 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\wininet.dll
[-] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\wininet.dll
[7] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\wininet.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 90AFCA87DE42E75E4C0D5FC660006F5C . 2028032 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . 44BDB59E8CB55CCA5FB9FE393D0FE7B0 . 2203648 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 64D6E5AFBB154BC21A2DA135DD739CA0 . 2019840 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8B1B0833705EA0893B60680FF19CA6FB . 2285056 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-01-14 318768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-27 53248]
"S3Trayp"="S3trayp.exe" [2005-10-27 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TVTray"="c:\arquiv~1\ENLTV\TVTray.exe" [2007-11-08 688128]
"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-09-22 324943]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Convidado\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\Luiz Fernando\Menu Iniciar\Programas\Inicializar\
BrOffice.org 3.1.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2009-4-16 384000]
Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-12 07:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-12 07:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Luiz Fernando\\Dados de aplicativos\\Thinstall\\Maple 12\\400000f00002i\\maple.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\MATLAB\\R2008a\\bin\\win32\\MATLAB.exe"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/7/2009 16:17 691696]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [28/10/2008 16:13 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/5/2009 16:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/5/2009 16:10 20560]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [29/10/2008 09:21 557568]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [28/10/2008 16:16 659456]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2009 23:54 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/12/2009 01:56 1684736]
S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [17/1/2010 11:29 12552]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1B.tmp --> c:\windows\system32\1B.tmp [?]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyOverride = local
uSearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uSearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\
FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-01-17 15:12
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

c:\windows\system32\midimap.dll.niwrad 42496 bytes executable

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sphr.sys >>UNKNOWN [0x85389938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf753df28
\Driver\ACPI -> ACPI.sys @ 0xf72c5cb8
\Driver\atapi -> atapi.sys @ 0xf725ab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7164bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7152a0d
SendHandler -> NDIS.sys @ 0xf7166b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1B.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(4080)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\iPod\bin\iPodService.exe
c:\arquivos de programas\BrOffice.org 3\program\soffice.exe
c:\arquivos de programas\BrOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Tempo para conclusão: 2010-01-17 15:22:05 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-17 17:22
ComboFix2.txt 2010-01-16 15:34

Pré-execução: 10 pasta(s) 32.945.094.656 bytes disponíveis
Pós execução: 12 pasta(s) 32.818.753.536 bytes disponíveis

- - End Of File - - 65053F4263293E27F377ADACE3E433B1

Log Norman Malware Cleaner:

Norman Malware Cleaner
Version 1.6.2
Copyright

1990 - 2009, Norman ASA. Built 2010/01/16 21:21:09

Norman Scanner Engine Version: 6.04.03
Nvcbin.def Version: 6.04.00, Date: 2010/01/16 21:21:09, Variants: 4735886

Scan started: 17/01/2010 17:17:36

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: FERNANDO-1B833E\Luiz Fernando

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> SFCScan = 0x00000000
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scanning bootsectors...

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 16ms

Scanning running processes and process memory...

Number of processes/threads found: 4470
Number of processes/threads scanned: 4470
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 2m 29s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\Luiz Fernando\DoctorWeb\Quarantine\A0203168.exe (Infected with W32/MegaSearch.AU)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP476\A0194357.exe (Infected with W32/Suspicious_Gen.ALWO)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP476\A0194411.exe (Infected with Sohanad.DM.dropper)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP486\A0196739.exe (Infected with W32/Suspicious_Gen2.dam)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP528\A0209736.exe (Infected with W32/Suspicious_Gen2.GZGP)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP529\A0210821.exe (Infected with W32/Suspicious_Gen2.GZGP)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP529\A0210987.exe (Infected with W32/Suspicious_Gen2.GZGP)
Deleted file

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP529\A0210996.exe (Infected with W32/MegaSearch.AU)
Deleted file

C:\WINDOWS\SWREG.exe (Infected with W32/Suspicious_Gen2.GZGP)
Deleted file

Scanning: C:\System Volume Information\*.*

C:\System Volume Information\_restore{35AF35CE-5990-4AAA-8608-9BEF3D5E183A}\RP529\A0211009.exe (Infected with W32/Suspicious_Gen2.GZGP)
Deleted file

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 581423
Number of archives unpacked: 1818
Number of files scanned: 581419
Number of files not scanned: 4
Number of files skipped due to exclude list: 0
Number of infected files found: 10
Number of infected files repaired/deleted: 10
Number of infections removed: 10
Total scanning time: 3h 7m 57s

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:39, on 18/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\VTTimer.exe
C:\windows\system32\S3trayp.exe
C:\ARQUIV~1\ENLTV\TVTray.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe
C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\system32\taskmgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BrOffice.org 3.1.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

--
End of file - 9300 bytes

Em relação ao panda e ao sophos, nenhum dos dois detectaram nada. Usei também o Kaspersky Virus Removal Tool 2010, que levou duas horas para fazer o scan completo e achou vários outros vírus espalhados, a maioria na pasta System Volume Information...

Valeu, fui!

por **Amigo Brasileiro** Seg 18 Jan 2010, 13:54

Vá no menu: Iniciar > Painel de Controle > Opções de Pasta
Selecione a aba Modo de exibição
Selecione o botão Mostrar pastas e arquivos ocultos
Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado)
Clique em OK.

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie estes arquivos destacados em vermelho abaixo para serem analizados (um de cada vez), aguarde a conclusão da análise e copie o link que aparecerá na barra de endereços de seu navegador e cole estes dois links na sua próxima resposta:
c:\windows\system32\midimap.dll.niwrad
c:\windows\system32\drivers\hddirect.sys

Caso o site VirScan esteja com algum problema ou congestionado, envie os arquivos arquivos para serem analisados nos sites abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

E depois poste os resultados destas análises.
________________________________________

Ajuda para remover rootkit 772309

Exclua o CFScript.txt que se encontra no Desktop (área de trabalho). Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho, com o nome de CFScript.txt

File::
c:\windows\system32\1B.tmp
Driver::
MEMSWEEP2
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.
____________________________________

Usei também o Kaspersky Virus Removal Tool 2010, que levou duas horas para fazer o scan completo e achou vários outros vírus espalhados, a maioria na pasta System Volume Information...

Você removeu todos os problemas encontrados pelo Kaspersky? Caso não tenha removido, escolha a opção de desinfectar os arquivos contaminados, e no caso em que não seja possível a desinfecção escolha a opção de removê-los.
___________________________________

Ajuda para remover rootkit 772309

Na sua próxima resposta poste os links das análizes dos dois arquivos indicados acima, o novo log do Combofix, um novo log do Hijackthis e responda as perguntas que te fiz.

por luiz.eng Seg 18 Jan 2010, 20:31

Aí, o midimap.dll estava com vírus e nenhum dos sites o detectou, fiz o up dele para os sites pois não estava achando o midimap.dll.niwrad, simplesmente não estava aparecendo na pasta, tentei procurá-lo com o windows search, mas o resultado da busca foi nulo. Depois fui para o combofix, que detectou o vírus e reparou o arquivo. Quanto ao Kaspersky, é obvio que eu desifectei/deletei os arquivos corrompidos, não sou tão besta assim...
Obs.: os scans do midimap.dll.niwrad foram feitos enquanto eu estava digitando esta resposta e os outros dois foram scaneados antes do ComboFix ser utilizado.

Links:

hddirect.sys

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

midimap.dll

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

midimap.dll.niwrad

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Log do ComboFix:

ComboFix 10-01-16.04 - Luiz Fernando 18/01/2010 19:43:57.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.894.592 [GMT -2:00]
Executando de: c:\documents and settings\Luiz Fernando\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Luiz Fernando\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100118-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
"c:\windows\system32\1B.tmp"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\$NtServicePackUninstall$\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MEMSWEEP2

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-18 to 2010-01-18 ))))))))))))))))))))))))))))
.

2010-01-18 19:36 . 2010-01-18 19:36 7168 ----a-w- c:\windows\system32\drivers\utexnjq5.sys
2010-01-17 15:24 . 2010-01-17 15:26 -------- dc-h--w- c:\windows\ie8
2010-01-17 13:34 . 2010-01-17 13:34 -------- d-----w- c:\arquivos de programas\Sophos
2010-01-17 13:29 . 2010-01-17 13:29 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys
2010-01-16 19:16 . 2010-01-17 00:38 -------- d-----w- c:\documents and settings\Luiz Fernando\DoctorWeb
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-01-15 17:29 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 19:53 . 2010-01-18 03:26 -------- d-----w- C:\HijackThis
2010-01-10 00:25 . 2010-01-15 04:06 -------- d-----w- c:\arquivos de programas\uTorrent
2010-01-10 00:20 . 2010-01-18 21:54 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\uTorrent

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 14:42 . 2008-10-30 17:26 -------- d-----w- c:\arquivos de programas\Google
2010-01-16 01:55 . 2009-04-19 14:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-01-14 20:43 . 2009-11-04 00:36 -------- d-----w- c:\arquivos de programas\SkyDrive Explorer
2010-01-13 12:51 . 2008-10-28 18:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-01-06 19:53 . 2009-09-13 22:33 -------- d-----w- c:\arquivos de programas\Paint.NET
2009-12-19 17:14 . 2009-08-01 16:07 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Media Player Classic
2009-12-19 17:02 . 2009-10-20 06:55 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-19 03:43 . 2009-06-18 17:22 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-12-18 11:03 . 2009-12-18 11:03 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\EmailNotifier
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Megaupload
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier
2009-12-16 18:05 . 2010-01-18 03:06 347136 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 18:05 . 2010-01-18 03:06 340992 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 18:05 . 2010-01-18 03:06 471040 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-16 18:05 . 2010-01-18 03:06 43008 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 18:05 . 2010-01-18 03:06 1452032 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-11 18:00 . 2009-12-19 17:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-10 01:33 . 2001-10-28 15:07 516226 ----a-w- c:\windows\system32\perfh016.dat
2009-12-10 01:33 . 2001-10-28 15:07 101068 ----a-w- c:\windows\system32\perfc016.dat
2009-12-08 03:42 . 2009-11-15 18:26 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\FFSJ
2009-12-03 11:35 . 2008-10-28 18:14 -------- d-----w- c:\arquivos de programas\Realtek
2009-12-03 11:35 . 2008-10-28 18:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-03 02:41 . 2008-10-28 18:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-12-03 02:41 . 2008-10-28 18:56 -------- d-----w- c:\arquivos de programas\CyberLink
2009-11-29 03:37 . 2009-11-29 03:34 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2009-11-29 03:34 . 2009-07-05 18:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-29 03:33 . 2009-09-14 14:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2009-11-24 23:54 . 2009-05-20 14:53 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-20 14:53 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-20 14:53 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-20 18:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-20 18:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-20 14:53 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-20 14:53 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-20 14:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-20 14:53 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:27 . 2009-11-21 04:27 3644 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 05:27 . 2009-11-21 04:27 3616 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-21 05:27 . 2009-11-21 04:27 219168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-21 05:27 . 2009-11-21 04:27 1412 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-17 22:27 . 2009-12-03 03:56 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 22:27 . 2009-12-03 03:56 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 22:27 . 2009-12-03 03:56 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 22:27 . 2009-12-03 03:56 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 22:27 . 2009-12-03 11:35 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 22:27 . 2009-12-03 03:56 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 22:26 . 2009-12-03 11:35 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 22:26 . 2009-12-03 03:56 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 22:26 . 2009-12-03 03:56 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 21:51 . 2009-12-03 03:56 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-16 14:17 . 2009-11-16 14:17 152576 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 14:16 . 2009-11-16 14:16 79488 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 22:50 . 2009-08-09 04:10 1 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-04 00:36 . 2009-11-04 00:36 9608 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Microsoft\IdentityCRL\Production\WLIDClientConfig.dll
2009-11-02 15:48 . 2009-12-03 11:35 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-29 07:42 . 2004-08-04 03:45 983040 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 02:54 . 2009-07-09 02:47 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-10-22 03:28 . 2009-01-17 00:18 59824 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-04-24 04:58 . 2009-01-14 18:54 6144 --sha-w- c:\arquivos de programas\Thumbs.db
2008-04-14 02:21 . 2008-04-14 02:21 1695232 -csha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3gdr\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3GDR\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3QFE\mshtml.dll
[7] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3qfe\mshtml.dll
[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\mshtml.dll
[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\mshtml.dll
[7] 2009-04-29 . 113D11427439554DF0E57981AE8DBD60 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-01-16 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\mshtml.dll
[-] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\mshtml.dll
[7] 2008-12-12 . 7523C123CB78B40AA3BB3B904C326F61 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . A642771726697CBABB503A0658FA8FEC . 3417600 . . [6.00.2900.5726] . . c:\windows\ie8\mshtml.dll
[-] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\mshtml.dll
[-] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\mshtml.dll
[7] 2008-10-16 . 3DD7F02D69E52490C41D87D22D83384B . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-10-16 . E4BE924880B36CFC55FF91E0A59522B0 . 3088896 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\mshtml.dll
[-] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\mshtml.dll
[7] 2008-08-20 . 96CC847E5BA5E5786DC31E471C7B796F . 3081216 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2008-08-20 . A596CF78E6A33A83326ADB4AF5177C25 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[7] 2008-08-20 . 9772C44A06FF16879D4C48E7189D3FC8 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\mshtml.dll
[-] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\mshtml.dll
[7] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\mshtml.dll

[7] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 89733862C3CE777D821253A842C36291 . 2149376 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . C386F4CDE665591BC504E075ADE0CCDE . 2324992 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . A06AD42BF92BCB0386699AC1352A9045 . 2140160 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . B95BB4F32289D3DFEDB169888FA104E4 . 2406400 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3GDR\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3QFE\wininet.dll
[7] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3gdr\wininet.dll
[7] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3qfe\wininet.dll
[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\wininet.dll
[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\wininet.dll
[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\wininet.dll
[7] 2009-04-29 . B023CE89AB2262F4C3323D549E53642E . 670208 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\wininet.dll
[-] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\wininet.dll
[-] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll
[-] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll
[7] 2008-10-16 . A6506D61159AAE4BC72406AAE4779538 . 669184 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 9F29C9F275FC4DE7F06466EB551A50F3 . 778240 . . [6.00.2900.5694] . . c:\windows\ie8\wininet.dll
[-] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll
[-] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll
[7] 2008-08-20 . FE5247936C9BCB765FD16114303F404D . 661504 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2008-08-20 . 9DE49DCD6DB06B195BB6BF48FBFFDAD7 . 669696 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 . 6C73C1A54E445C5687AD6B721EE27EBC . 668672 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\wininet.dll
[-] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\wininet.dll
[7] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\wininet.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 90AFCA87DE42E75E4C0D5FC660006F5C . 2028032 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . 44BDB59E8CB55CCA5FB9FE393D0FE7B0 . 2203648 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 64D6E5AFBB154BC21A2DA135DD739CA0 . 2019840 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8B1B0833705EA0893B60680FF19CA6FB . 2285056 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-01-14 318768]
"Google Update"="c:\documents and settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-18 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-27 53248]
"S3Trayp"="S3trayp.exe" [2005-10-27 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TVTray"="c:\arquiv~1\ENLTV\TVTray.exe" [2007-11-08 688128]
"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-09-22 324943]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Luiz Fernando\Menu Iniciar\Programas\Inicializar\
Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-12 07:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-12 07:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Luiz Fernando\\Dados de aplicativos\\Thinstall\\Maple 12\\400000f00002i\\maple.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/7/2009 16:17 691696]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [28/10/2008 16:13 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/5/2009 16:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/5/2009 16:10 20560]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [29/10/2008 09:21 557568]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [28/10/2008 16:16 659456]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2009 23:54 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/12/2009 01:56 1684736]
S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [17/1/2010 11:29 12552]
S3 utexnjq5;AVZ Kernel Driver;c:\windows\system32\drivers\utexnjq5.sys [18/1/2010 17:36 7168]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyOverride = local
uSearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uSearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-01-18 19:53
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

c:\windows\system32\midimap.dll.niwrad 42496 bytes executable

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxz.sys >>UNKNOWN [0x85389938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf753df28
\Driver\ACPI -> ACPI.sys @ 0xf72c5cb8
\Driver\atapi -> atapi.sys @ 0xf725ab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7164bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7170a21
SendHandler -> NDIS.sys @ 0xf7164d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-18 20:01:20 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-18 22:01

Pré-execução: 10 pasta(s) 38.996.123.648 bytes disponíveis
Pós execução: 11 pasta(s) 38.969.176.064 bytes disponíveis

- - End Of File - - CDA6DB06D45B0C381CCD9933410935F1

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:28, on 18/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\VTTimer.exe
C:\windows\system32\S3trayp.exe
C:\ARQUIV~1\ENLTV\TVTray.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\windows\RTHDCPL.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: _uninst_ksp001.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

--
End of file - 8449 bytes

Fui...

por **Amigo Brasileiro** Seg 18 Jan 2010, 22:03

Exclua o CFScript.txt que se encontra no Desktop (área de trabalho). Selecione e copie o texto destacado em vermelho abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho, com o nome de CFScript.txt

File::
c:\windows\system32\drivers\utexnjq5.sys
Driver::
utexnjq5

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Se solicitado pressione "Enter" para iniciar o processo de remoção;

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.
_______________________________________

Ajuda para remover rootkit 772309

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e o log que estará em C:\ComboFix.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

Ficamos no aguardo de sua resposta.

por luiz.eng Ter 19 Jan 2010, 15:54

Log do ComboFix:

ComboFix 10-01-16.04 - Luiz Fernando 19/01/2010 12:42:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.894.485 [GMT -2:00]
Executando de: c:\documents and settings\Luiz Fernando\Desktop\ComboFix.exe
Comandos utilizados :: c:\documents and settings\Luiz Fernando\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

FILE ::
"c:\windows\system32\drivers\utexnjq5.sys"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\utexnjq5.sys

A cópia de c:\windows\system32\midimap.dll foi encontrada e desinfectada
Cópia restaurada de - c:\windows\$NtServicePackUninstall$\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UTEXNJQ5
-------\Service_utexnjq5

(((((((((((((((( Arquivos/Ficheiros criados de 2009-12-19 to 2010-01-19 ))))))))))))))))))))))))))))
.

2010-01-19 14:37 . 2010-01-19 14:38 -------- d-----w- C:\32788R22FWJFW
2010-01-18 03:06 . 2009-12-16 18:05 43008 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-18 03:06 . 2009-12-16 18:05 347136 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-01-18 03:06 . 2009-12-16 18:05 340992 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-18 03:06 . 2009-12-16 18:05 1452032 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-18 03:06 . 2009-12-16 18:05 471040 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2010-01-17 15:24 . 2010-01-17 15:26 -------- dc-h--w- c:\windows\ie8
2010-01-17 13:34 . 2010-01-17 13:34 -------- d-----w- c:\arquivos de programas\Sophos
2010-01-17 13:29 . 2010-01-17 13:29 12552 ----a-w- c:\windows\system32\drivers\hddirect.sys
2010-01-16 19:16 . 2010-01-17 00:38 -------- d-----w- c:\documents and settings\Luiz Fernando\DoctorWeb
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-07 18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes
2010-01-15 17:29 . 2010-01-15 17:29 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware
2010-01-15 17:29 . 2010-01-07 18:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 19:53 . 2010-01-18 22:27 -------- d-----w- C:\HijackThis
2010-01-10 00:25 . 2010-01-15 04:06 -------- d-----w- c:\arquivos de programas\uTorrent
2010-01-10 00:20 . 2010-01-19 14:54 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\uTorrent

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 14:42 . 2008-10-30 17:26 -------- d-----w- c:\arquivos de programas\Google
2010-01-16 01:55 . 2009-04-19 14:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe
2010-01-14 20:43 . 2009-11-04 00:36 -------- d-----w- c:\arquivos de programas\SkyDrive Explorer
2010-01-13 12:51 . 2008-10-28 18:26 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help
2010-01-06 19:53 . 2009-09-13 22:33 -------- d-----w- c:\arquivos de programas\Paint.NET
2009-12-19 17:14 . 2009-08-01 16:07 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Media Player Classic
2009-12-19 17:02 . 2009-10-20 06:55 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2009-12-19 03:43 . 2009-06-18 17:22 -------- d-----w- c:\arquivos de programas\The KMPlayer
2009-12-18 11:03 . 2009-12-18 11:03 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\EmailNotifier
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Megaupload
2009-12-18 11:03 . 2008-11-21 01:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\EmailNotifier
2009-12-11 18:00 . 2009-12-19 17:01 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-10 01:33 . 2001-10-28 15:07 516226 ----a-w- c:\windows\system32\perfh016.dat
2009-12-10 01:33 . 2001-10-28 15:07 101068 ----a-w- c:\windows\system32\perfc016.dat
2009-12-08 03:42 . 2009-11-15 18:26 -------- d-----w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\FFSJ
2009-12-03 11:35 . 2008-10-28 18:14 -------- d-----w- c:\arquivos de programas\Realtek
2009-12-03 11:35 . 2008-10-28 18:13 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information
2009-12-03 02:41 . 2008-10-28 18:12 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield
2009-12-03 02:41 . 2008-10-28 18:56 -------- d-----w- c:\arquivos de programas\CyberLink
2009-11-29 03:37 . 2009-11-29 03:34 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite
2009-11-29 03:34 . 2009-07-05 18:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-29 03:33 . 2009-09-14 14:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2009-11-24 23:54 . 2009-05-20 14:53 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-20 14:53 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-20 14:53 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-20 18:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-20 18:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-20 14:53 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-20 14:53 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-20 14:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-20 14:53 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:27 . 2009-11-21 04:27 3644 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 05:27 . 2009-11-21 04:27 3616 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-21 05:27 . 2009-11-21 04:27 219168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-21 05:27 . 2009-11-21 04:27 1412 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-17 22:27 . 2009-12-03 03:56 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 22:27 . 2009-12-03 03:56 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 22:27 . 2009-12-03 03:56 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 22:27 . 2009-12-03 03:56 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 22:27 . 2009-12-03 11:35 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 22:27 . 2009-12-03 03:56 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 22:27 . 2009-12-03 03:56 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 22:26 . 2009-12-03 11:35 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 22:26 . 2009-12-03 03:56 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 22:26 . 2009-12-03 03:56 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 21:51 . 2009-12-03 03:56 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-16 14:17 . 2009-11-16 14:17 152576 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-16 14:16 . 2009-11-16 14:16 79488 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-12 22:50 . 2009-08-09 04:10 1 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-04 00:36 . 2009-11-04 00:36 9608 ----a-w- c:\documents and settings\Luiz Fernando\Dados de aplicativos\Microsoft\IdentityCRL\Production\WLIDClientConfig.dll
2009-11-02 15:48 . 2009-12-03 11:35 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-29 07:42 . 2004-08-04 03:45 983040 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 02:54 . 2009-07-09 02:47 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-10-22 03:28 . 2009-01-17 00:18 59824 ---ha-w- c:\windows\system32\mlfcache.dat
2009-04-24 04:58 . 2009-01-14 18:54 6144 --sha-w- c:\arquivos de programas\Thumbs.db
2008-04-14 02:21 . 2008-04-14 02:21 1695232 -csha-w- c:\windows\ServicePackFiles\i386\msmsgs.exe
.

------- Sigcheck -------

[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . B0C0BF2504B830BFC1E93CA39F3C75FE . 549376 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 302CD5BE4CA48200F9AC1C6074D71805 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3gdr\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3GDR\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\mshtml.dll
[-] 2009-10-29 . 03758AC7DACB1BD5967044ECFFFF286B . 6102016 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3QFE\mshtml.dll
[7] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3qfe\mshtml.dll
[7] 2009-10-22 . 4E0FB322DCCB816F5DD56E9B2BE5E664 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[7] 2009-08-29 . E719DAF5D7972B69647CF32C9FD1601D . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[7] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[7] 2009-05-13 . BE87C13E58E44084D7B81B047EB1121B . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\mshtml.dll
[7] 2009-05-13 . 285B63B5E7BE2B4237F6528DFE11CDB4 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\mshtml.dll
[7] 2009-04-29 . 113D11427439554DF0E57981AE8DBD60 . 3090432 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-01-16 . BC083F2B02EA9E69A636970859AF8DAF . 3594752 . . [7.00.6000.16809] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\mshtml.dll
[-] 2009-01-16 . 628A8E851FBA1F2183CE327B76E19E3E . 3596288 . . [7.00.6000.20996] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\mshtml.dll
[7] 2008-12-12 . 7523C123CB78B40AA3BB3B904C326F61 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . A642771726697CBABB503A0658FA8FEC . 3417600 . . [6.00.2900.5726] . . c:\windows\ie8\mshtml.dll
[-] 2008-10-17 . FD4A5AEC974379C58019CF7CC22ED0FE . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\mshtml.dll
[-] 2008-10-16 . 2B042E339C0C5E1584D49EB5579ABBD1 . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\mshtml.dll
[7] 2008-10-16 . 3DD7F02D69E52490C41D87D22D83384B . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-10-16 . E4BE924880B36CFC55FF91E0A59522B0 . 3088896 . . [6.00.2900.5694] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-08-27 . C985C1DA45076E403BBE55E15AA9DA99 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\mshtml.dll
[-] 2008-08-26 . 438552BD99CED288FEBC39B79D945BBA . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\mshtml.dll
[7] 2008-08-20 . 96CC847E5BA5E5786DC31E471C7B796F . 3081216 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2008-08-20 . A596CF78E6A33A83326ADB4AF5177C25 . 3088384 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[7] 2008-08-20 . D914E7589681F3A352A5F107B8B3A804 . 3088896 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[7] 2008-08-20 . 9772C44A06FF16879D4C48E7189D3FC8 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-24 . D300C05FC0EA80AB3D721AF004F4F69E . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\mshtml.dll
[-] 2008-06-23 . 3E9C5239A6AC6B808272DC4BF05E5D8B . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\mshtml.dll
[7] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[7] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\mshtml.dll

[7] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-08-04 . 89733862C3CE777D821253A842C36291 . 2149376 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . 954A6A6BA59B3DFA4ECC8EF91D76C9C0 . 2309632 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . C386F4CDE665591BC504E075ADE0CCDE . 2324992 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . A06AD42BF92BCB0386699AC1352A9045 . 2140160 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2008-08-14 . B72A025A758683552C4FEC7EABCB0661 . 2190208 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . B95BB4F32289D3DFEDB169888FA104E4 . 2406400 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe

[7] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . A9B36030497E98C29210E4544700649D . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3GDR\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\wininet.dll
[-] 2009-10-29 . CE7CA26E5A1696C6147F4B869B2D7739 . 983040 . . [8.00.6001.18854] . . c:\windows\system32\dllcache\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\6f4c35d59317591d7ccf4e632e22cf5f\SP3QFE\wininet.dll
[7] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3gdr\wininet.dll
[7] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\SoftwareDistribution\Download\d5e54fea1338b760c6b4315189f27999\sp3qfe\wininet.dll
[7] 2009-08-29 . 4F4F8F0B432A8B4B0D23829375358F34 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3QFE\wininet.dll
[7] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\3352ece42c7ccbd5b0dff55d7e2e192b\SP3GDR\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2009-05-13 . 4E74AEBA5546A61C9DC35BC531EFFA23 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3QFE\wininet.dll
[7] 2009-05-13 . 14E350ABCCBE0279D042AF2854E6D894 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\930d4e3ee6d2382e9e32201a926424ad\SP3GDR\wininet.dll
[7] 2009-04-29 . B023CE89AB2262F4C3323D549E53642E . 670208 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-12-20 . E048867C310B09ED1C79E59B68DB8050 . 827904 . . [7.00.6000.20978] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2QFE\wininet.dll
[-] 2008-12-20 . 94A623D9C0F2632796B4CE2753331F98 . 826368 . . [7.00.6000.16791] . . c:\windows\SoftwareDistribution\Download\bc31b482869cf443ef12b9aeb9ca2a8a\SP2GDR\wininet.dll
[-] 2008-10-16 . 779479E6F38BC77831F26BD9AAE3FAD3 . 826368 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2GDR\wininet.dll
[-] 2008-10-16 . 4BCD45D77BD42A5E9C2DD2E847A5467E . 827904 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\d95908d5b21964e7fd3d6b27b96ef07f\SP2QFE\wininet.dll
[7] 2008-10-16 . A6506D61159AAE4BC72406AAE4779538 . 669184 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 9F29C9F275FC4DE7F06466EB551A50F3 . 778240 . . [6.00.2900.5694] . . c:\windows\ie8\wininet.dll
[-] 2008-08-26 . CC9CD001AE0FF30D0E16A172BF39576A . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2QFE\wininet.dll
[-] 2008-08-26 . ACB8649F0EFDCC6D7B081E3BC213B93A . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\c27191e3576e2879433c8d6dfff80117\SP2GDR\wininet.dll
[7] 2008-08-20 . FE5247936C9BCB765FD16114303F404D . 661504 . . [6.00.2900.3429] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2008-08-20 . 9DE49DCD6DB06B195BB6BF48FBFFDAD7 . 669696 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 . 89360A12DB77D411B2873E130923F6B9 . 668160 . . [6.00.2900.5659] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-08-20 . 6C73C1A54E445C5687AD6B721EE27EBC . 668672 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . FB820C977C8249358D54FA9324B5E92B . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2GDR\wininet.dll
[-] 2008-06-23 . 8CFD66CC90F966333CFA8D8161E185DF . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\85f81787425a5bd063d064ce03eeb06f\SP2QFE\wininet.dll
[7] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[7] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB956390_0$\wininet.dll

[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . 77F71BF6970EA10B4CC9AA1D45654AA0 . 1542656 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 584450C5B2439571755D40444589C63D . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[7] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-08-04 . 90AFCA87DE42E75E4C0D5FC660006F5C . 2028032 . . [5.1.2600.5857] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-08-04 . BE04255365854A1977144DD1564BC492 . 2188288 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . 44BDB59E8CB55CCA5FB9FE393D0FE7B0 . 2203648 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 64D6E5AFBB154BC21A2DA135DD739CA0 . 2019840 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2008-08-14 . 145CD2BBA58988B7A2E9B910AC4D4CA4 . 2067200 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 8B1B0833705EA0893B60680FF19CA6FB . 2285056 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2010-01-14 318768]
"Google Update"="c:\documents and settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-01-18 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-10-27 53248]
"S3Trayp"="S3trayp.exe" [2005-10-27 176128]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TVTray"="c:\arquiv~1\ENLTV\TVTray.exe" [2007-11-08 688128]
"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Reloader"="c:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-09-22 324943]
"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"QuickTime Task"="c:\arquivos de programas\QuickTime\QTTask.exe" [2009-09-05 417792]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Luiz Fernando\Menu Iniciar\Programas\Inicializar\
Inicia‡Æo R pida do Microsoft Office OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-12 07:30 249856 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-12 07:30 81920 ----a-w- c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Luiz Fernando\\Dados de aplicativos\\Thinstall\\Maple 12\\400000f00002i\\maple.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/7/2009 16:17 691696]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [28/10/2008 16:13 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/5/2009 16:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/5/2009 16:10 20560]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [29/10/2008 09:21 557568]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [28/10/2008 16:16 659456]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/9/2009 23:54 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/12/2009 01:56 1684736]
S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [17/1/2010 11:29 12552]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-09-25 23:15]

2010-01-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]
.
.
------- Scan Suplementar -------
.
uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uDefault_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyOverride = local
uSearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uSearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - component: c:\arquivos de programas\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Luiz Fernando\Dados de aplicativos\Mozilla\Firefox\Profiles\ji5jnhoe.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Rootkit scan 2010-01-19 12:52
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

c:\windows\system32\midimap.dll.niwrad 42496 bytes executable

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spul.sys >>UNKNOWN [0x85389938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf753df28
\Driver\ACPI -> ACPI.sys @ 0xf72c5cb8
\Driver\atapi -> atapi.sys @ 0xf725ab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7164bd4
PacketIndicateHandler -> NDIS.sys @ 0xf7170a21
SendHandler -> NDIS.sys @ 0xf7164d44
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\arquiv~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
c:\arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\S3trayp.exe
c:\windows\RTHDCPL.EXE
c:\arquivos de programas\iPod\bin\iPodService.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-01-19 12:59:24 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-01-19 14:59
ComboFix2.txt 2010-01-18 22:01

Pré-execução: 11 pasta(s) 40.793.751.552 bytes disponíveis
Pós execução: 12 pasta(s) 40.759.771.136 bytes disponíveis

- - End Of File - - 3EFCD0749F354E71CD8F297A9A5CCA67

Log do Nod32 Online

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3bb5d4accd398744b517f26e46466384
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-19 04:13:42
# local_time=2010-01-19 02:13:42 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 199289389 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=21477
# found=0
# cleaned=0
# scan_time=2200
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3bb5d4accd398744b517f26e46466384
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-19 05:42:56
# local_time=2010-01-19 03:42:56 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 199291959 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104039
# found=0
# cleaned=0
# scan_time=5006

Log do HijachThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:55, on 19/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\VTTimer.exe
C:\windows\system32\S3trayp.exe
C:\ARQUIV~1\ENLTV\TVTray.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\windows\RTHDCPL.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\windows\explorer.exe
C:\windows\system32\taskmgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVTray] C:\ARQUIV~1\ENLTV\TVTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reloader] C:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luiz Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Google Sidewiki... - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://br.msn.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

--
End of file - 8477 bytes

E o PC está funcionando normalmente sem qualquer acontecimento estranho. Fui! :rindo_ate_agor

por **Admin** Ter 19 Jan 2010, 18:37

Os procedimentos de limpeza já estão quase terminados. Envie os arquivos da pasta C:\32788R22FWJFW para serem analisados em um dos sites abaixo e nos diga os resultados, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por luiz.eng Ter 19 Jan 2010, 20:07

Tá aí (eu compactei a pasta e enviei para os sites)

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **Amigo Brasileiro** Ter 19 Jan 2010, 20:25

Você sabe do que se trata esta pasta? Penso que seria importante excluí-la, pois vários antivirus detectaram problemas nela. Fora isto, os seus logs estão limpos. Só há mais estes passos importantes abaixo a serem feitos:

Ajuda para remover rootkit 772309

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________

Ajuda para remover rootkit 772309

<@> Vá em Iniciar --> Executar --> Digite (ou copie e cole) Combofix /uninstall --> Clique OK.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

<@> Abrir-se-á a seguinte janela: ( Abrir arquivo - Aviso de Segurança )
<@> Clique em Executar --> Aguarde!
<@> Surgirá, finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.
<@> Caso encontre, apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!
<@> Ou, vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\combofix" /uninstall

<@> Clique OK.
___________________________________

Ajuda para remover rootkit 772309

Siga as dicas deste tutorial para fazer uma limpeza com o Tools Cleaner:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
__________________________________

Ajuda para remover rootkit 772309

Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_________________________________

Ajuda para remover rootkit 772309

Para evitar que os virus voltem, desative e ative novamente a restauração do sistema. Para isso, vá no menu: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Marque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.

Depois disso, volte no mesmo local: Iniciar - Painel de Controle - Sistema - Clique na aba: Restauração do Sistema - Desmarque a caixinha: Desativar restauração do sistema - Clique no botão: Aplicar e no botão: Ok.
________________________________

Ajuda para remover rootkit 772309

Depois disto nos diga como está seu PC e se os problemas foram resolvidos.

Ficamos na espera.

por luiz.eng Ter 19 Jan 2010, 22:32

Aquela pasta sumiu logo após a desinstelação do combofix, quanto ao resto tudo feito.
Valeu! :rindo_ate_agor cheers

por **Amigo Brasileiro** Qua 20 Jan 2010, 15:18

Caso Resolvido!

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Ajuda para remover rootkit

Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Re: Ajuda para remover rootkit

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31