Tudo o que eu faço não pode se livrar de Trojan.Vundo.H

**redsowwer** · #1 16 de outubro de 2008, 09:51

Eu tentei várias vezes com o Malwarebytes para eliminar o vírus VUNDO.H. Ela pede para reiniciar e eu corro Malwarebytes novamente só para encontrá-lo ainda está no sistema. Eu também tenho desligado sistemas de restauração antes de iniciar estes.

Obrigado por sua ajuda!

**evilfantasy** · #2 16 de outubro de 2008, 11:27

Abra o HijackThis e escolha Fazer uma verificação do sistema só.

Coloque uma marca de verificação junto ao seguinte: (se houver)

O2 - BHO: (no name) - (D6EEB0C3-825E-4fbc-BE0F-38CD08E932FE) - c: \\ windows \\ system32 \\ digestp.dll
O20 - Winlogon Notify: paubftzz - C: \\ WINDOWS \\ system32 \\ digestp.dll

Importante: Feche todas as janelas, exceto para o HijackThis e clique em Fix checked.

Sair do HijackThis.

----------

Baixar OTMoveIt2 por Oldtimer e guardá-lo para o seu Desktop.

Nota: Se você estiver executando o Vista, botão direito do mouse e escolha a OTMoveIt2.exe Executar como Administrador.

1. Dê um duplo clique OTMoveIt2.exe para executá-lo.
2. Copie as linhas do CODEBOX abaixo.

Código:

[matar Explorer] C: \\ WINDOWS \\ system32 \\ EmptyTemp digestp.dll Explorer [start]

3. Return to OTMoveIt2, clique direito no Colar lista de arquivos / pastas para mover janela (sob a barra amarela) e escolha Colar
4. Clique no botão vermelho Moveit! botão.
5. Copie tudo na janela de resultados (sob a barra verde) e colá-lo na sua próxima resposta.
6. Fechar OTMoveIt2

Nota: Se um arquivo ou pasta não podem ser movidos imediatamente você pode ser solicitado a reiniciar o computador para concluir o processo de mudança. Se você for solicitado para reiniciar, escolha Sim. Se não, reinicie de qualquer maneira.

**redsowwer** · #3 16 de outubro de 2008, 12:39

Bem, eu corri tudo que você postou. O Hijack correu bem e os 2 arquivos são apagados.

O programa OTMOVEIT2 - Copiei a 4 linhas
[explorer matar]
C: \\ WINDOWS \\ system32 \\ digestp.dll
EmptyTemp
[explorer início

sob a barra amarela e hardtime selecionado.

Sob a caixa verde disse que os programas de explorar com êxito mortos no entanto eu tenho uma caixa diálogo de erro.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image

O aplicativo ou DLL c: \\ windows \\ rakxhfy.dll não é uma imagem válida do Windows. Verifique isso com seu disco de instalação.

Eu tive que reiniciar e OTMOVEIT surgiu novamente e eu vim com o mesmo erro de diálogo como acima. Como posso me livrar deste OTMOVEIT2 quando ele for reinicializado. Há mais alguma coisa que precisa ser feito?

**evilfantasy** · #4 16 de outubro de 2008, 12:45

Sim, há mais a fazer. Não se preocupe com a mensagem de erro ...

Baixar Random ferramenta de informações do sistema (RSIT) por acaso / aleatório e salve-o em seu desktop.

Dê um clique duplo sobre RSIT.exe para ser executado.
Clique Continue na tela de aviso.
Uma vez que terminou, dois registros será aberta.
log.txt <será maximizada e info.txt <será minimizado
Por favor, poste o conteúdo do ambos logs na próxima resposta.

**redsowwer** · #5 16 de outubro de 2008, 13:26

log.txt:
Seu arquivo de 28,7 KB bytes excede o limite do fórum de 19,5 KB para este tipo de arquivo. Eu tive que winzip o arquivo de log para que ele comece a fazer para cdonstraints de penhora COMPUTER JUICE de arquivos.

**redsowwer** · #6 16 de outubro de 2008, 13:34

LOG FILE

Logfile of random ferramenta de informação do sistema 1,04 (escrito por random / random)
Corre por Dona às 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
Sistema de unidade C: tem 136 GB (92%) livres de 149 GB
RAM Total: 382 MB (30% grátis)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:33, em 10/16/2008
Plataforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C: \\ WINDOWS \\ system32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ winlogon.exe
C: \\ WINDOWS \\ system32 \\ services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ ati2sgag.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
C: \\ WINDOWS \\ system32 \\ ati2sgag.exe
C: \\ WINDOWS \\ Explorer.EXE
C: \\ WINDOWS \\ system32 \\ spoolsv.exe
C: \\ Program Files \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe
C: \\ Program Files \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe
C: \\ Program Files \\ Ahead \\ InCD \\ InCDsrv.exe
C: \\ Program Files \\ Common Files \\ Microsoft Shared \\ VS7DEBUG \\ MDM.EXE
C: \\ Program Files \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS
C: \\ Program Files \\ QuickTime \\ qttask.exe
C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe
C: \\ Program Files \\ Common Files \\ Real \\ Update_OB \\ realsched.exe
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
C: \\ Program Files \\ Messenger \\ msmsgs.exe
C: \\ WINDOWS \\ system32 \\ ctfmon.exe
C: \\ Program Files \\ \\ ehTray.exe
C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe
C: \\ WINDOWS \\ system32 \\ svchost.exe
C: \\ Program Files \\ Internet Explorer \\ iexplore.exe
C: \\ Documents and Settings \\ Owner \\ Local Settings \\ Temporary Internet Files \\ Content.IE5 \\ 6QBVSP54 \\ RSIT [1]. Exe
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ COH \\ coh32.exe
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ Owner.exe
R0 - HKCU \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://www.emachines.com/
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \\ Software \\ Microsoft \\ Internet Explorer \\ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Program Files \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \\ Program Files \\ Real \\ RealPlayer \\ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2,0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ IDS \\ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \\ Program Files \\ Google \\ GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \\ Program Files \\ Google \\ GoogleToolbarNotifier \\ 3.1.807.1746 \\ swg.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4fbc-BE0F-38CD08E932FE) - c: \\ windows \\ system32 \\ digestp.dll
O3 - Toolbar: Yahoo! - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \\ Program Files \\ Yahoo! \\ Companion \\ Installs cpn \\ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - c: \\ Program Files \\ Google \\ GoogleToolbar1.dll
O3 - Toolbar: Show Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ CoIEPlg.dll
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Program Files \\ QuickTime \\ qttask.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [Adobe Photo Downloader] "C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe"
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Common Files \\ Real \\ Update_OB \\ realsched.exe"-startup
O4 - HKLM \\ .. \\ Run: [ccApp] "C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccApp.exe"
O4 - HKLM \\ .. \\ Run: [NeroFilterCheck] C: \\ Program Files \\ Norton 360 \\ osCheck.exe "
O4 - HKLM \\ .. \\ Run: [msnmsgr] "C: \\ Program Files \\ Messenger \\ MsnMsgr.Exe" / background
O4 - HKLM \\ .. \\ Run: [CTFMON.EXE] C: \\ WINDOWS \\ system32 \\ ctfmon.exe
O4 - HKLM \\ .. \\ Run: [SUPERAntiSpyware] C: \\ Program Files \\ \\ ehTray.exe
O4 - Global Startup: Device Detector 3.lnk = C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \\ Program Files \\ Microsoft Office \\ Office \\ OSA9.EXE
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \\ WINDOWS \\ system32 \\ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools': @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O9 - Extra 'Tools': Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44c5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Service: avast! SASWinLogon - C: \\ Program Files \\ SUPERAntiSpyware \\ SASWINLO.dll
O20 - Winlogon Notify: paubftzz - C: \\ WINDOWS \\ system32 \\ digestp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C: \\ WINDOWS \\ system32 \\ ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \\ Program Files \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ VAScanner \\ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \\ Program Files \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C: \\ Program Files \\ Ahead \\ InCD \\ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \\ Program Files \\ Symantec \\ LiveUpdate \\ LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C: \\ Program Files \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ CCPD-LC \\ symlcsvc.exe
--
End of file - 7993 bytes
====== ====== Pasta Tarefas agendadas
C: \\ WINDOWS \\ tasks \\ automático total Backup.job
C: \\ WINDOWS \\ tasks \\ Daily Changed Files.job
C: \\ WINDOWS \\ tasks \\ PEACTREE SEMANAL BACK UP.job
====== Registry dump ======
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \\ Program Files \\ \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Download and Record Plugin for Internet Explorer - C: \\ Program Files \\ Real \\ RealPlayer \\ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)]
Symantec Intrusion Prevention - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ IDS \\ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - c: \\ Program Files \\ Google \\ GoogleToolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \\ Program Files \\ Google \\ GoogleToolbarNotifier \\ 3.1.807.1746 \\ swg.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (D6EEB0C3-825E-4fbc-BE0F-38CD08E932FE)]
c: \\ windows \\ system32 \\ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Internet Explorer \\ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \\ Program Files \\ Yahoo! \\ Companion \\ Installs cpn \\ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11d4-9B18-009027A5CD4F) - & Google - C: \\ Program Files \\ Google \\ GoogleToolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Show Norton Toolbar - C: \\ Program Files \\ Common Files \\ Symantec Shared \\ coShared \\ Browser \\ 2,6 \\ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"QuickTime Task" = C: \\ Program Files \\ QuickTime \\ qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched" = C: \\ Program Files \\ Common Files \\ Real \\ Update_OB \\ realsched.exe [2008-04-19 185896]
"ccApp" = C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccApp.exe [2008-02-18 51048]
"NeroFilterCheck" = C: \\ Program Files \\ Norton 360 \\ osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"Msnmsgr" = C: \\ Program Files \\ Messenger \\ msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe" = C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware" = C: \\ Program Files \\ \\ ehTray.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ avast!]
C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg ccApp \\]
C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccApp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ RTHDCPL]
C: \\ WINDOWS \\ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg ctfmon.exe \\]
C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ InCD]
C: \\ Program Files \\ Ahead \\ InCD \\ NvTaskbarInit [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ MSMSGS]
C: \\ Program Files \\ Messenger \\ msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NeroFilterCheck]
C: \\ WINDOWS \\ system32 \\ \\ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NeroFilterCheck]
C: \\ WINDOWS \\ system32 \\ ctfmon.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NeroFilterCheck]
C: \\ WINDOWS \\ SMINST \\ jusched.exe "[2002-09-13 212992]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ RemoteControl]
C: \\ Program Files \\ CyberLink \\ PowerDVD \\ PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ \\ ShowWnd]
C: \\ WINDOWS \\ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ VTTimer]
C: \\ WINDOWS \\ AGRSMMSG.exe [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NvCplDaemon]
C: \\ Program Files \\ Digital Media Reader \\ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ GrooveMonitor]
C: \\ Program Files \\ Common Files \\ Sonic \\ Update Manager \\ Lib [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
C: \\ PROGRA ~ 1 \\ BigFix \\ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ Microsoft Office.lnk]
C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ Office \\ OSA9.EXE [2000-01-21 65588]
C: \\ Documents and Settings \\ All Users \\ Menu Iniciar \\ Programas \\ Arranque
Dispositivo Detector 3.lnk - C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe
Google Updater.lnk - C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe
Microsoft Office.lnk - C: \\ Program Files \\ Microsoft Office \\ Office \\ OSA9.EXE
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\! SASWinLogon]
C: \\ Program Files \\ SUPERAntiSpyware \\ SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ AtiExtEvent]
C: \\ WINDOWS \\ system32 \\ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
C: \\ WINDOWS \\ system32 \\ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33E8-4c51-8354-bb4de9d215d1) - C: \\ WINDOWS \\ system32 \\ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \\ WINDOWS \\ system32 \\ klogon.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \\ Program Files \\ SUPERAntiSpyware \\ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ System]
"DontDisplayLastUserName" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"ShutdownWithoutLogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Policies \\ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \\ system \\ currentcontrolset \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ StandardProfile \\ AuthorizedApplications \\ list]
"% windir% \\ system32 \\ sessmgr.exe" = "% windir% \\ system32 \\ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe: *: Enabled: AOL"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe: *: Enabled: AOL"
"C: \\ Program Files \\ America Online 9.0 \\ WAOL.EXE" = "C: \\ Program Files \\ America Online 9.0 \\ WAOL.EXE: *: Enabled: America Online 9.0"
"% windir% \\ Network Diagnostic \\ xpnetdiag.exe" = "% windir% \\ Network Diagnostic \\ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \\ Program Files \\ Internet Explorer \\ iexplore.exe" = "C: \\ Program Files \\ Internet Explorer \\ iexplore.exe: *: Disabled: Internet Explorer"
"C: \\ WINDOWS \\ LMI42.tmp \\ lmi_rescue.exe" = "C: \\ WINDOWS \\ LMI42.tmp lmi_rescue.exe \\: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \\ system \\ currentcontrolset \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ DomainProfile \\ AuthorizedApplications \\ list]
"% windir% \\ system32 \\ sessmgr.exe" = "% windir% \\ system32 \\ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLDial.exe: *: Enabled: AOL"
"C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe" = "C: \\ Program Files \\ Common Files \\ AOL \\ ACS \\ AOLacsd.exe: *: Enabled: AOL"
"C: \\ Program Files \\ America Online 9.0 \\ WAOL.EXE" = "C: \\ Program Files \\ America Online 9.0 \\ WAOL.EXE: *: Enabled: America Online 9.0"
"% windir% \\ Network Diagnostic \\ xpnetdiag.exe" = "% windir% \\ Network Diagnostic \\ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (4f63278d-8557-11d9-BE24-806d6172696f)]
shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (e1ec6b61-710A-11d9-B301-806d6172696f)]
shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480

====== Lista dos arquivos / pastas criadas no passado 1 mês ======
2008-10-16 15:56:08 ---- D ---- C: \\ rsit
2008-10-16 15:19:05 ---- D ---- C: \\ _OTMoveIt
2008-10-16 14:07:16 ---- D ---- C: \\ Program Files \\ Panda Security
2008-10-16 13:48:04 ---- A ---- C: \\ WINDOWS \\ system32 \\ CF23987.exe
2008-10-16 13:47:57 ---- A ---- C: \\ Bug.txt
2008-10-16 13:20:06 ---- D ---- C: \\ VundoFix Backups
2008-10-16 13:20:06 ---- A ---- C: \\ VundoFix.txt
2008-10-16 12:26:25 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25:40 ---- D ---- C: \\ Program Files \\ SUPERAntiSpyware
2008-10-16 12:25:39 ---- D ---- C: \\ Documents and Settings \\ Owner \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25:12 ---- D ---- C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-10-16 11:20:45 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956803 $
2008-10-16 11:20:36 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956391 $
2008-10-16 11:20:27 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB957095 $
2008-10-16 11:17:11 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB954211 $
2008-10-16 11:16:54 ---- HDC ---- C: \\ WINDOWS \\ $ NtUninstallKB956841 $
2008-10-16 11:08:22 ---- D ---- C: \\ WINDOWS \\ system32 \\ N360_BACKUP
2008-10-16 10:48:03 DC ---- ---- C: \\ WINDOWS \\ system32 \\ DRVSTORE
2008-10-16 10:47:42 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24:37 ---- D ---- C: \\ Program Files \\ Windows Sidebar
2008-10-16 10:24:06 ---- D ---- C: \\ Program Files \\ Norton 360
2008-10-16 10:22:49 ---- A ---- C: \\ WINDOWS \\ system32 \\ S32evnt1.dll
2008-10-15 17:26:20 ---- D ---- C: \\ Program Files \\ NoNAV
2008-10-15 16:41:28 ---- D ---- C: \\ SymNoNav
2008-10-15 16:22:38 ---- D ---- C: \\ WINDOWS \\ LMI42.tmp
2008-10-15 15:10:33 ---- D ---- C: \\ Program Files \\ Trend Micro
2008-10-11 12:25:41 ---- D ---- C: \\ WINDOWS \\ Sun
2008-10-11 12:25:41 ---- D ---- C: \\ Documents and Settings \\ Owner \\ Application Data \\ Sun
2008-10-11 12:00:57 ---- D ---- C: \\ Program Files \\ CCleaner
2008-10-11 11:38:42 ---- D ---- C: \\ Documents and Settings \\ Owner \\ Application Data \\ Malwarebytes
2008-10-11 11:38:37 ---- D ---- C: \\ Program Files \\ Malwarebytes 'Anti-Malware
2008-10-11 11:38:37 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Malwarebytes
====== Lista dos arquivos / pastas modificados nos últimos 1 mês ======
2008-10-16 15:44:12 ---- D ---- C: \\ Program Files \\ Common Files \\ Symantec Shared
2008-10-16 15:43:38 ---- D ---- C: \\ WINDOWS \\ Temp
2008-10-16 15:27:24 ---- D ---- C: \\ WINDOWS \\ system32 \\ CatRoot2
2008-10-16 15:25:42 ---- A ---- C: \\ WINDOWS \\ SchedLgU.Txt
2008-10-16 15:12:27 ---- A ---- C: \\ WINDOWS \\ hpbafd.ini
2008-10-16 15:12:19 ---- A ---- C: \\ WINDOWS \\ system32 \\ NTS5CSET.INI
2008-10-16 15:05:13 ---- D ---- C: \\ WINDOWS
2008-10-16 14:13:35 ---- D ---- C: \\ WINDOWS \\ system32 \\ drivers
2008-10-16 14:07:16 ---- RD ---- C: \\ Program Files
2008-10-16 14:07:16 ---- HD ---- C: \\ WINDOWS \\ inf
2008-10-16 14:06:35 ---- SD ---- C: \\ WINDOWS \\ Downloaded Program Files
2008-10-16 13:49:56 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Dados de aplicativos \\ Google Updater
2008-10-16 13:48:11 ---- D ---- C: \\ WINDOWS \\ system32
2008-10-16 12:26:10 ---- SHD ---- C: \\ WINDOWS \\ Installer
2008-10-16 12:25:12 ---- D ---- C: \\ Program Files \\
2008-10-16 11:50:16 ---- D ---- C: \\ WINDOWS \\ Minidump
2008-10-16 11:50:16 ---- D ---- C: \\ WINDOWS \\ Debug
2008-10-16 11:20:47 ---- ---- RSHDC C: \\ WINDOWS \\ system32 \\ dllcache
2008-10-16 11:20:43 ---- HD ---- C: \\ WINDOWS \\ $ hf_mig $
2008-10-16 11:20:07 ---- D ---- C: \\ Program Files \\ Internet Explorer
2008-10-16 11:19:54 ---- D ---- C: \\ WINDOWS \\ ie7updates
2008-10-16 11:19:07 ---- A ---- C: \\ WINDOWS \\ win.ini
2008-10-16 11:08:11 ---- D ---- C: \\ Documents and Settings \\ Owner \\ Application Data \\ Symantec
2008-10-16 11:04:17 ---- D ---- C: \\ Program Files \\ Symantec
2008-10-16 11:01:12 ---- D ---- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Symantec
2008-10-16 10:46:55 ---- D ---- C: \\ WINDOWS \\ Prefetch
2008-10-15 17:42:01 ---- D ---- C: \\ Documents and Settings
2008-10-15 15:38:45 ---- D ---- C: \\ WINDOWS \\ WinSxS
2008-10-15 15:38:45 ---- D ---- C: \\ Program Files \\ Common Files \\ Microsoft Shared
2008-10-15 14:55:27 ---- D ---- C: \\ WINDOWS \\ system32 \\ Restore
2008-10-15 13:23:32 ---- A ---- C: \\ WINDOWS \\ PCW120.ini
2008-10-15 13:23:22 ---- D ---- C: \\ SHAREDAT
2008-10-14 14:58:10 ---- D ---- C: \\ Shardata
2008-10-11 11:30:23 ---- SHD ---- C: \\ System Volume Information
2008-10-07 15:19:40 ---- A ---- C: \\ WINDOWS \\ system32 \\ MRT.exe
2008-10-03 13:41:15 ---- A ---- C: \\ WINDOWS \\ system32 \\ ieframe.dll
2008-09-24 08:36:56 ---- D ---- C: \\ Program Files \\ \\ Peach
====== List of drivers (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R1 AmdPPM; HwPState AMD Processor Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ AmdPPM.sys [2007-04-16 33792]
EeCtrl R1; Symantec Eraser Control driver; \\? \\ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ Eengine \\ eeCtrl.sys []
R1 InCDPass; InCDPass C: \\ WINDOWS \\ system32 \\ DRIVERS \\ InCDPass.sys [2003-09-01 28528]
Incdrm R1; InCD EasyWrite Reader; C: \\ WINDOWS \\ system32 \\ drivers \\ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \\? \\ C: \\ Program Files \\ SUPERAntiSpyware \\ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \\? \\ C: \\ Program Files \\ SUPERAntiSpyware \\ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \\? \\ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ SPBBC \\ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX C: \\ WINDOWS \\ system32 \\ Drivers \\ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI C: \\ WINDOWS \\ system32 \\ Drivers \\ Symtdi.sys [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \\? \\ C: \\ WINDOWS \\ system32 \\ drivers \\ CO_Mon.sys []
Mdmxsdk R2; mdmxsdk C: \\ WINDOWS \\ system32 \\ DRIVERS \\ mdmxsdk.sys [2004-03-17 13059]
Tmcomm R2; tmcomm; \\? \\ C: \\ WINDOWS \\ system32 \\ drivers \\ tmcomm.sys []
R3 ALCXWDM; Service for Realtek AC97 Audio (WDM); C: \\ WINDOWS \\ system32 \\ drivers \\ Alcxwdm.sys [2004-11-18 2297664]
R3 Arp1394; 1394 ARP Protocolo de Cliente; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Arp1394.sys [2008-04-13 60800]
Ati2mtag R3; ati2mtag C: \\ WINDOWS \\ system32 \\ DRIVERS \\ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \\? \\ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ Eengine \\ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; GEAR ASPI Driver Filter; C: \\ WINDOWS \\ system32 \\ Drivers \\ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP C: \\ WINDOWS \\ system32 \\ DRIVERS \\ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2 C: \\ WINDOWS \\ system32 \\ DRIVERS \\ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \\? \\ C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ VirusD ~ 1 \\ 20081016,004 \\ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \\? \\ C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ VirusD ~ 1 \\ 20081016,004 \\ NAVEX15.SYS []
R3 NIC1394; 1394 Driver Net, C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Nic1394.sys [2008-04-13 61824]
R3 rtl8139; Realtek RTL8139 (A / B / C)-based PCI Fast Ethernet Adapter NT Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ RTL8139.SYS [2004-08-04 20992]
R3 SASENUM; SASENUM; \\? \\ C: \\ Program Files \\ SUPERAntiSpyware \\ SASENUM.SYS []
R3 SRTSP; SRTSP C: \\ WINDOWS \\ system32 \\ Drivers \\ SRTSP.sys [2008-01-31 279088]
R3 SunkFilt; Alcor Micro Corp Reader; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ sunkfilt.sys []
R3 SYMDNS; SYMDNS C: \\ WINDOWS \\ system32 \\ Drivers \\ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \\? \\ C: \\ WINDOWS \\ system32 \\ Drivers \\ SymEvent.sys []
R3 SYMFW; SYMFW C: \\ WINDOWS \\ system32 \\ Drivers \\ SYMFW.SYS [2008-06-13 96432]
R3 SymIDS; SymIDS C: \\ WINDOWS \\ system32 \\ Drivers \\ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \\? \\ C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ SymcData \\ ipsdefs \\ 20081014,001 \\ SymIDSCo.sys []
R3 SymIMMP; SymIMMP C: \\ WINDOWS \\ system32 \\ DRIVERS \\ SymIM.sys [2008-06-13 31280]
R3 SymnDIS; SymnDIS C: \\ WINDOWS \\ system32 \\ Drivers \\ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV C: \\ WINDOWS \\ system32 \\ Drivers \\ symredrv.sys [2008-06-13 22320]
Usbehci R3; Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Usbehci.sys [2008-04-13 30208]
USBHUB R3; USB2 Enabled Hub C: \\ WINDOWS \\ system32 \\ DRIVERS \\ usbhub.sys [2008-04-13 59520]
Usbohci R3; Microsoft USB Open Host Controller Miniport Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ usbohci.sys [2008-04-13 17152]
R3 USBSTOR; USB Mass Storage Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ UsbStor.sys [2008-04-13 26368]
R3 winachsf winachsf; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; InCD File System C: \\ WINDOWS \\ system32 \\ drivers \\ InCDfs.sys [2003-09-01 88800]
S1 P3; Intel PentiumIII Processor Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ P3.sys [2008-04-13 42752]
S3 Bridge; MAC Bridge; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Bridge.sys [2008-04-13 71552]
S3 BridgeMP; MAC Bridge Miniport; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Bridge.sys [2008-04-13 71552]
Mxnic S3; Macronix MX987xx Family Fast Ethernet NT Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ mxnic.sys [2001-08-17 19968]
S3 NV; NV; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL C: \\ WINDOWS \\ system32 \\ Drivers \\ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security Intermediate Filter Service; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ SymIM.sys [2008-06-13 31280]
Usbuhci S3; Microsoft USB Universal Host Controller Miniport Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Usbuhci.sys [2008-04-13 20608]
S3 VNUSB; VN Device Série C: \\ WINDOWS \\ system32 \\ DRIVERS \\ VNUSB.sys [2003-12-15 38448]
Wanatw S3; WAN Miniport (ATW); C: \\ WINDOWS \\ system32 \\ DRIVERS \\ wanatw4.sys []
S3 WudfPf; Windows Driver Foundation - User-mode Driver Framework Platform Driver; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Wudfpf.sys [2006-09-28 77568]
S3 WudfRd; Windows Driver Foundation - User-mode Driver Framework Reflector; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Wudfrd.sys [2006-09-28 82944]
Sr S4; System Restore Driver Filter; C: \\ WINDOWS \\ system32 \\ DRIVERS \\ Sr.sys [2008-04-13 73472]
====== Lista de serviços (R = Running, S = Stopped, 0 = Boot, 1 = System, 2 = Auto, 3 = Demand, 4 = Disabled )======
R2 Ati HotKey Poller, Ati HotKey Poller; C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe [2006-02-21 405504]
R2 Automatic LiveUpdate Scheduler; Automatic LiveUpdate Scheduler; C: \\ Program Files \\ Symantec \\ LiveUpdate \\ AluSchedulerSvc.exe [2008-02-21 238968]
CcEvtMgr R2; Symantec Event Manager; C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
CcSetMgr R2; Symantec Settings Manager; C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec Lic NetConnect service; C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc; Google Updater Service; C: \\ Program Files \\ Google \\ Common \\ Google Updater \\ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; InCD File System Service; C: \\ Program Files \\ Ahead \\ InCD \\ InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdate Notice; LiveUpdate Notice; C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Machine Debug Manager; C: \\ Program Files \\ Common Files \\ Microsoft Shared \\ VS7DEBUG \\ MDM.EXE [2003-06-19 322120]
R2 PrismXL; PrismXL C: \\ Program Files \\ Common Files \\ New Boundary \\ PrismXL \\ PRISMXL.SYS [2005-01-28 172032]
Aspnet_state S3; ASP.NET State Service; C: \\ WINDOWS \\ Microsoft.NET \\ Framework \\ v1.1.4322 \\ aspnet_state.exe [2004-07-15 32768]
ComHost S3; Host COM C: \\ Program Files \\ Common Files \\ Symantec Shared \\ VAScanner \\ comHost.exe [2007-08-22 55640]
S3 LiveUpdate; LiveUpdate C: \\ Program Files \\ Symantec \\ LiveUpdate \\ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 ose; Office Source Engine; C: \\ Program Files \\ Common Files \\ Microsoft Shared \\ Source Engine \\ Ose.exe [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core LC; C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ SYMANT ~ 1 \\ CCPD-LC \\ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc; Windows Media Player Network Sharing Service, C: \\ Program Files \\ Windows Media Player \\ wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc; Windows Driver Foundation - User-mode Driver Framework; C: \\ WINDOWS \\ system32 \\ svchost.exe [2008-04-13 14336]
----------------- EOF -----------------

**evilfantasy** · #7 16 de outubro de 2008, 13:50

O digestp.dll ainda não desapareceu.

Primeiro:

Baixar Desativar ou remover o Windows Messenger para a área de trabalho para remover Windows Messenger.

Não confunda Windows Messenger com MSN Messenger porque eles não são os mesmos. Windows Messenger é uma causa freqüente de popups.

Descompacte o arquivo no Desktop. Abra o MessengerDisable.exe e escolha a caixa de fundo -- Desinstalar o Windows Messenger e clique em Aplicar.

Saia do MessengerDisable exclua os dois arquivos que foram colocados no ambiente de trabalho.

----------

Nota: as instruções abaixo foram criados especificamente para este usuário. Se você não tiver esse usuário, NÃO seguir estas instruções, pois podem danificar o funcionamento de seu sistema

Ir para Iniciar> Executar e tipo notepad.exe em seguida, clique OK

Copie e cole a seguir no Bloco de notas e salvar como fixme.reg ao seu Desktop

Código:

REGEDIT4 [-HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ Browser Helper Objects \\ (D6EEB0C3-825E-4fbc-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ shared tools \\ msconfig startupreg \\ MSMSGS] [-- HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]

Localize fixme.reg no seu Desktop e clique duplo-la. Resposta Sim Quando solicitado a se fundir com a Secretaria.

Certifique-se de que você me diga se você receber uma mensagem de sucesso sobre a adição acima para o registro. Se você não receber uma mensagem de sucesso, ele não funcionou.

Excluir o fixme.reg partir do desktop.

----------

O seu Java está desactualizado.

Versões mais antigas têm vulnerabilidades que sites maliciosos podem usar para infectar seu sistema.

Primeiro instale a nova Sun Java Runtime Environment

Certifique-se de fechar todas as janelas do navegador antes de iniciar a instalação.

Remover a versão antiga (s)

Baixar JavaRa

Descompacte o arquivo e abra o JavaRa.exe
Clique Remover versões mais antigas
JavaRa irá procurar e remover qualquer versão desatualizada do Java e remover todos os que são encontrados.
Clique Tarefas adicionais
Marque a Remove Useless JRE Arquivos e clique em Ir
Sair JavaRa
Exclua os arquivos JavaRa do ambiente de trabalho

----------

Ficheiros suspeitos para digitalizar

Por favor, vá para VirSCAN.org Free on-line de serviços de digitalização
(Se mais de um arquivo digitalizado necessidades que deve ser feito separadamente e registros destacados para cada uma)

1. Copie e cole o caminho do arquivo a seguir para o Ficheiros suspeitos para digitalizar caixa no topo da página.

Código:

C: \\ WINDOWS \\ system32 \\ CF23987.exe

2. No site de upload, clique uma vez dentro da janela ao lado Navegue.
3. Imprensa Ctrl + V no teclado (ambos ao mesmo tempo) para colar o caminho do arquivo na janela.
4. Clique no Upload botão.
Isto irá executar a varredura de vírus diferentes em vários mecanismos de varredura.
Seu arquivo será possivelmente entrou em uma fila que normalmente demora menos de um minuto para limpar.
Importante: Aguarde até que todos os motores de digitalização para ser concluído.
5. Uma vez que a varredura é terminada rolar para baixo e clique no Copie e cole botão. Isto irá copiar o link do relatório para a área de transferência.
6. Cole o conteúdo da Área na sua próxima resposta.

----------

Após a postagem os resultados VirSCAN.org.

Baixar ATF Cleaner por Atribune para seu desktop.

Alternate Download Link

Nota: Os usuários do Vista deve usar Executar como Administrador

Sob Principais: Selecione arquivos para excluir Escolha: Selecionar Tudo.
Clique no Empty Selected botão.
Se você usar o navegador Firefox clique Firefox no topo e escolha: Selecionar Tudo
Clique no Empty Selected botão.
Se você gostaria de manter o seu, clique senhas salvas Não no prompt.
Se você usar o navegador Opera clique Opera no topo e escolha: Selecionar Tudo
Clique no Empty Selected botão.
Se você gostaria de manter o seu, clique senhas salvas Não no prompt.
Clique Sair no menu principal para fechar o programa.

Note-se que o sistema irá correr mais lento para reiniciar uma ou duas depois de ter utilizado esta ferramenta para não entrar em pânico.

Importante: Reinicie o computador antes de continuar.

**redsowwer** · #8 16 de outubro de 2008, 14:39

1. Sucesso em Fixme.reg

2. Então aqui estão os arquivos de log 2 você queria que eu mandasse

A. JavaRa 1,11 remoção do registro.
Relatório segue após a linha.
------------------------------------
O processo de remoção JavaRa foi iniciado em Thu Oct 16 17:23:09 2008
Encontrado e removido: C: \\ Windows \\ system32 \\ jpicpl32.cpl
Encontrado e removido: C: \\ Windows \\ Installer \\ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Runtime Environment \\ 1,4
Encontrado e removido: SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Uninstall \\ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Encontrado e removido: SOFTWARE \\ Classes \\ CLSID \\ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Encontrado e removido: SOFTWARE \\ Classes \\ CLSID \\ CAFEEFAC (-0014-0002-0000-ABCDEFFEDCBB)
Encontrado e removido: SOFTWARE \\ Classes \\ Installer \\ Products \\ 8A0F841731866D117AB7000B0D410200
Encontrado e removido: SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Installer \\ UserData \\ S-1-5-18 \\ Products \\ 8A0F841731866D117AB7000B0D410200
Encontrado e removido: SOFTWARE \\ Classes \\ JavaPlugin.142
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Plug-in \\ 1.4.2
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Runtime Environment \\ 1.4.2
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.4.2
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1_02
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1_03
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.0.1_04
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1,2
Encontrado e removido: SOFTWARE \\ JavaSoft \\ Java Web Start \\ 1.2.0_01
------------------------------------
Concluído relatório.

JavaRa 1,11 remoção do registro.
Relatório segue após a linha.
------------------------------------
O processo de remoção JavaRa foi iniciado em Thu Oct 16 17:23:18 2008
------------------------------------
Concluído relatório.

B. VirScan. Org Scanned Relatório
Scanned time: 2008/10/16 17:27:59 (EDT)
Resultados Scanner: Todos Scanners relataram não encontrar malware!
Nome do arquivo: CF23987.exe
Tamanho do Arquivo: 389120 bytes
Tipo de Arquivo: PE32 executável para MS Windows (console) Intel 80386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Relatório Online: http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Motor Rubro Rubro Sig Sig Data Hora resultado Scan
a-squared 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0,18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
AVAST! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
Jiangmin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
MKS_VIR 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick Heal 9,50 2008.10.16 2008-10-16 1,99 --
Rising 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
The Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --

**evilfantasy** · #9 16 de outubro de 2008, 14:41

Download ComboFix por sUBs de um dos links abaixo. Certifique-se de salvá-lo em cima do Desktop.

Link # 1
Link # 2

** Nota: É importante que ele é salvo diretamente em seu desktop

Feche qualquer aberto browsers. (Firefox, Internet Explorer, etc) antes de iniciar o ComboFix.

Temporariamente desabilitar seu antivirus, E qualquer antispyware proteção em tempo real antes efetuando uma varredura. Clique este link para ver uma lista de programas de segurança que devem ser desativados e como desativá-los.

Double ComboFix.exe, clique e siga as instruções.
Quando terminar ComboFix irá produzir um log para você.
Post do Log ComboFix na sua próxima resposta.

Importante: Não clique de mouse na janela do ComboFix enquanto estiver em execução. Isso pode causar a perda.

Lembre-se de reativar o seu antivírus e antispyware quando o ComboFix estiver concluída.

**redsowwer** · #10 16 de outubro de 2008, 15:11

ComboFix 08-10-16.01 - Proprietário 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Executando de: C: \\ Documents and Settings \\ Proprietário \\ Desktop \\ ComboFix.exe
* Criado um novo ponto de restauro
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \\ WINDOWS \\ jestertb.dll
D: \\ Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008/09/16 a 2008/10/16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ WinZip
2008-10-16 15:56. 2008-10-16 16:23 d -------- C: \\ rsit
2008-10-16 15:19. 2008-10-16 15:19 d -------- C: \\ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 d -------- C: \\ Program Files \\ Panda Security
2008-10-16 14:07. 2008/06/19 17:24 28,544 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 d -------- C: \\ VundoFix Backups
2008-10-16 12:26. 2008-10-16 12:26 d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 d -------- C: \\ Program Files \\ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 d -------- C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 d -------- C: \\ Documents and Settings \\ Owner \\ Application Data \\ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 d -------- C: \\ WINDOWS \\ system32 \\ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \\ WINDOWS \\ system32 \\ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24. 2008-10-16 10:24 d -------- C: \\ Program Files \\ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 d -------- C: \\ Program Files \\ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123.952 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SymEvent.sys
2008-10-16 10:22. 2008/10/16 11:04 60,800 - a ------ C: \\ WINDOWS \\ system32 \\ S32evnt1.dll
2008-10-16 10:22. 2008/10/16 11:04 10,671 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ SYMEVENT.INF
2008-10-16 10:16. 2008/09/08 06:41 333,824 ----- c --- C: \\ WINDOWS \\ system32 \\ Srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \\ WINDOWS \\ system32 \\ ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \\ WINDOWS \\ system32 \\ Ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \\ WINDOWS \\ system32 \\ ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \\ WINDOWS \\ system32 \\ Ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \\ WINDOWS \\ system32 \\ win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 d -------- C: \\ Documents and Settings \\ Administrador \\. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 d -------- C: \\ Documents and Settings \\ Administrador \\ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 d -------- C: \\ Documents and Settings \\ Administrador \\ Application Data \\ SampleView
2008-10-15 17:42. 2005-01-28 05:26 d -------- C: \\ Documents and Settings \\ Administrador \\ Application Data \\ McAfee
2008-10-15 17:42. 2008-10-15 17:42 d -------- C: \\ Documents and Settings \\ Administrador \\ Dados de aplicativos \\ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 d -------- C: \\ Documents and Settings \\ Administrator
2008-10-15 17:26. 2008-10-15 17:26 d -------- C: \\ Program Files \\ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 d -------- C: \\ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 d -------- C: \\ WINDOWS \\ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 d -------- C: \\ Program Files \\ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102.664 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 d -------- C: \\ Documents and Settings \\ Proprietário \\. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 d -------- C: \\ WINDOWS \\ Sun
2008-10-11 12:00. 2008-10-11 12:01 d -------- C: \\ Program Files \\ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 d -------- C: \\ Program Files \\ Malwarebytes 'Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 d -------- C: \\ Documents and Settings \\ Owner \\ Application Data \\ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38,528 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mbamswissarmy.sys
2008-10-11 11:38. 2008/09/10 00:03 17,200 - a ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \\ Documents and Settings \\ All Users \\ Application Data \\ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \\ Program Files \\ Common Files \\ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Dados de aplicativos \\ Google Updater
2008-10-16 15:08 --------- d ----- w C: \\ Documents and Settings \\ Owner \\ Application Data \\ Symantec
2008-10-16 15:04 --------- d ----- w C: \\ Program Files \\ Symantec
2008-10-16 15:01 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Symantec
2008-09-24 12:36 --------- d ----- w C: \\ Program Files \\ \\ Peach
2008/09/08 10:41 333,824 ---- aw C: \\ WINDOWS \\ system32 \\ drivers \\ Srv.sys
2008-08-19 10:32 --------- d ----- w C: \\ Program Files \\ Microsoft Silverlight
2005-10-20 18:06 76-c ---- w C: \\ Documents and Settings \\ Owner \\ Application Data \\ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \\ WINDOWS \\ SMINST \\ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \\ WINDOWS \\ system32 \\ config \\ systemprofile \\ Local Settings \\ History \\ History.IE5 \\ MSHist012008052420080525 \\ index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legítimas por defeito não são mostradas
REGEDIT4
[HKEY_LOCAL_MACHINE \\ ~ \\ Browser Helper Objects \\ (D6EEB0C3-825E-4fbc-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - a ------ C: \\ WINDOWS \\ system32 \\ digestp.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ ShellIconOverlayIdentifiers \\ OverlayExcluded]
@ = "(4433A54A-1AC8-432f-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (4433A54A-1AC8-432f-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - a ------ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ ShellIconOverlayIdentifiers \\ OverlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - a ------ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Explorer \\ ShellIconOverlayIdentifiers \\ OverlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \\ CLSID \\ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - a ------ C: \\ Program Files \\ Common Files \\ Symantec Shared \\ Backup \\ buShell.dll
[HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \\ Program Files \\ \\ ehTray.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \\ Program Files \\ Adobe \\ Photoshop Album Starter Edition \\ 3.0 \\ Apps \\ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Common Files \\ Real \\ Update_OB \\ realsched.exe" [2008-04-19 185896]
"ccApp" = "C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccApp.exe" [2008-02-18 51048]
"SoundMan" = "C: \\ Program Files \\ Norton 360 \\ osCheck.exe" [2008-02-26 988512]
C: \\ Documents and Settings \\ All Users \\ Menu Iniciar \\ Programas \\ Startup \\
Dispositivo Detector 3.lnk - C: \\ Program Files \\ Olympus \\ DeviceDetector \\ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \\ Program Files \\ Google \\ Google Updater \\ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \\ Program Files \\ Microsoft Office \\ Office \\ OSA9.EXE [2000-01-21 65588]
WinZip Quick Office.lnk - C: \\ Program Files \\ WinZip \\ wzqkpick.exe [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \\ software \\ microsoft \\ windows \\ currentversion \\ explorer \\ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \\ Program Files \\ SUPERAntiSpyware \\ SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\! SASWinLogon]
2007-04-19 13:41 294912 C: \\ Program Files \\ SUPERAntiSpyware \\ SASWINLO.dll
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Winlogon \\ Notify \\ paubftzz]
2004-08-04 15:00 105984 C: \\ WINDOWS \\ system32 \\ digestp.dll
[HKLM \\ ~ \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
path = C: \\ Documents and Settings \\ All Users \\ Menu Iniciar \\ Programas \\ Inicializar \\ BigFix.lnk
backup = C: \\ WINDOWS \\ pss \\ Inicialização BigFix.lnkCommon
[HKLM \\ ~ \\ startupfolder \\ C: ^ Documents and Settings ^ All Users ^ Menu Iniciar ^ Programas ^ Inicializar ^ Microsoft Office.lnk]
path = C: \\ Documents and Settings \\ All Users \\ Menu Iniciar \\ Programas \\ Inicializar \\ Microsoft Office.lnk
backup = C: \\ WINDOWS \\ pss \\ Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ avast!]
- a - c --- 2004-11-12 01:10 344064 C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg ccApp \\]
- a ------ 2008-02-18 15:37 51048 C: \\ Program Files \\ Common Files \\ Symantec Shared \\ ccApp.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig \\ startupreg ctfmon.exe \\]
- a ------ 2008-04-13 20:12 15360 C: \\ WINDOWS \\ system32 \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ InCD]
- a ------ 2003-09-01 09:32 1200178 C: \\ Program Files \\ Ahead \\ InCD \\ NvTaskbarInit
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NeroFilterCheck]
- a ------ 2001-07-09 15:50 155648 C: \\ WINDOWS \\ system32 \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NeroFilterCheck]
- a ------ 2001-07-09 15:50 155648 C: \\ WINDOWS \\ system32 \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NeroFilterCheck]
- a - c --- 2002-09-13 16:42 212992 C: \\ WINDOWS \\ SMINST \\ ctfmon.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ RemoteControl]
- a - c --- 2003-10-31 23:42 32768 C: \\ Program Files \\ CyberLink \\ PowerDVD \\ PDVDServ.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ NvCplDaemon]
- a - c --- 2004-11-15 19:04 135168 C: \\ Program Files \\ Digital Media Reader \\ shwiconEM.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ GrooveMonitor]
- a - c --- 2003-08-19 01:01 110592 C: \\ Program Files \\ Common Files \\ Sonic \\ Update Manager \\ Lib
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ RTHDCPL]
- a - c --- 2004-05-17 22:30 543232 C: \\ WINDOWS \\ zHotkey.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ \\ ShowWnd]
- a - c --- 2003-09-19 13:09 36864 C: \\ WINDOWS \\ ShowWnd.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ shared tools \\ msconfig startupreg \\ VTTimer]
- a - c --- 2004-11-15 23:20 77824 C: \\ WINDOWS \\ AGRSMMSG.exe
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ security center \\ Monitoring]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Security Center \\ Monitoring \\ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Security Center \\ Monitoring \\ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \\ ~ \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ StandardProfile]
"EnableFirewall" = 0 (0x0)
[HKLM \\ ~ \\ services \\ sharedaccess \\ parameters \\ firewallpolicy \\ StandardProfile \\ AuthorizedApplications \\ List]
"% windir% \\ \\ system32 \\ \\ sessmgr.exe" =
"% windir% \\ \\ Network Diagnostic \\ \\ xpnetdiag.exe" =
R0 pavboot; pavboot; C: \\ WINDOWS \\ system32 \\ drivers \\ pavboot.sys [2008-06-19 28544]
R0 shsizubv; shsizubv C: \\ WINDOWS \\ system32 \\ drivers \\ shsizubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon; C: \\ WINDOWS \\ system32 \\ Drivers \\ COH_Mon.sys [2008-07-30 23888]
S3 VNUSB; VN Device Série C: \\ WINDOWS \\ system32 \\ DRIVERS \\ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows NT \\ CurrentVersion \\ Svchost - Netsvcs
qfbydciq
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (4f63278d-8557-11d9-BE24-806d6172696f)]
\\ Shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ explorer \\ mountpoints2 \\ (e1ec6b61-710A-11d9-B301-806d6172696f)]
\\ Shell \\ AutoRun \\ command - C: \\ WINDOWS \\ system32 \\ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe Folder.htt 480 480
* Newly Created Service * - COMHOST
* Newly Created Service * PROCEXP90 --
.
Conteúdo da pasta 'Tarefas Agendadas'
2008/10/12 C: \\ WINDOWS \\ Tasks \\ automático total Backup.job
- C: \\ Program Files \\ Stomp \\ MyPC Backup \\ System \\ bestart.exe [2003-10-30 04:10]
2008/10/15 C: \\ WINDOWS \\ Tasks \\ Daily Changed Files.job
- C: \\ Program Files \\ Stomp \\ MyPC Backup \\ System \\ bestart.exe [2003-10-30 04:10]
2008/10/11 C: \\ WINDOWS \\ Tasks \\ PEACTREE SEMANAL BACK UP.job
- C: \\ Program Files \\ Stomp \\ MyPC Backup \\ System \\ bestart.exe [2003-10-30 04:10]
.
- - - - ORFÃOS REMOVIDOS - - - --
Toolbar-ID - (no file)

.
------- Scan Suplementar -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = () & searchTerms sourceid = ie7 & rls = com.microsoft: pt-BR & ie = utf8 & oe = utf8
R1 -: HKCU-searchURL, (Default) = hxxp: / /% s = www.google.com/search?q
O8 -: E & xportar para o Microsoft Excel - C: \\ PROGRA ~ 1 \\ MICROS ~ 2 \\ OFFICE11 \\ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
scanning hidden autostart entries ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
ficheiros ocultos: 0
************************************************** ************************
.
Tempo para conclusão: 2008-10-16 17:56:31
ComboFix-quarantined-files.txt 2008-10-16 21:56:27
Pre-Run: 142.914.838.528 bytes free
Post-Run: 142.911.078.400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-PTB.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \\ WINDOWS
[sistemas operacionais]
C: \\ CMDCONS \\ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \\ WINDOWS = "Microsoft Windows XP Home Edition" / noexecute = optin / fastdetect
208 --- EOF --- 2008-10-16 15:20:49

Tópicos Similares
Fio	Thread Starter	Fórum	Respostas	Last Post
Trojan Vundo.H Won't Go Away.	jbrac25	Vírus, spyware e Segurança	6	15 de maio de 2009 13:12
Precisa de Ajuda ... Não pode se livrar de Trojan.Vundo.H.	sukun	Vírus, spyware e Segurança	1	2 de maio de 2009 16:27
I Can't Get Rid of Trojan.Vundo.H do meu PC	theprodigycmb	Vírus, spyware e Segurança	13	16 de março de 2009 16:40
Precisa de Ajuda w / Trojan.Vundo H!	Nicholas02	Vírus, spyware e Segurança	22	22 de dezembro de 2008 17:59
Trojan.Vundo.H, Trojan.Agent, Adware.Mirar + MAIS! : (	sillyarfer	Vírus, spyware e Segurança	1	14 de dezembro de 2008 09:59